On Tue, 01 Jul 2003 12:49:53 -0400 "Alan DeKok" <[EMAIL PROTECTED]> wrote:
> Graeme Hinchliffe <[EMAIL PROTECTED]> wrote: > > AHHHHHHRRRRGGGHHHH :) > > Been there, done that. Me too now :), thanks > > Indeed! looks like a bug in my code that writes the length to the > > packet. It is writing it Little-Endian.. DAMN! I guess icRADIUS > > isn't too fussy about a few things. > > Which is *extremely* bad. I mean *bad*. > > One thing I will say about FreeRADIUS, is that he packet validation > code is as paranoid as I can make it. It's part of a security system, > and bugs in packet parsing can negatively impact security. Indeed. Since fixing that bug FreeRADIUS also picked up on another oversight of mine that was truncating one attribute (the password) with the nas-Identifier! (icRadius accepted and authed the packets!!!) which I found suprising. Still all seems fixed now. -- ----- Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk) ICQ 3842605 (link) Sales : 0870 6000 971 Fax : 0870 6000 972 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
