I am running FreeRADIUS server (ver=0.7) on a SuSE-Linux (2.4.4-4GB).
My server crashed ("Segmentation fault") due to ilegal packet (header-length is
shroter than actual length).
I belive that the problem is in radius.c, line 758 (rad_recv(int)):
if (packet->data_len > totallen) {
/*
* We're shortening the packet below, but just
* to be paranoid, zero out the extra data.
*/
memset(packet->data + totallen, 0,
packet->data_len - totallen);
packet->data_len = totallen;
}
The packet->data is null (it is allocated and set only at the end of the function),
and therefor the call to memset is ilegal.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
