It looks like there's a minor bug in protocols/radius.c. I'm not sure
how it was missed, but the new code (attached) is better.
Alan DeKok.
Index: protocols/radius.c
===================================================================
--- protocols/radius.c (revision 190)
+++ protocols/radius.c (working copy)
@@ -239,7 +239,7 @@
return FALSE;
}
- if (attr[1] > length) {
+ if (attr[1] > left) {
LogError("RADIUS: message has attribute that is too long\n");
return FALSE;
}
@@ -248,6 +248,8 @@
if (attr[0] == 0x50) {
/* FIXME: validate it */
}
+
+ left -= attr[1];
}
/* save the reply authenticator, and copy the request authenticator over */
--
To unsubscribe:
http://lists.nongnu.org/mailman/listinfo/monit-general
