Issue with rlm_digest module
Alan DeKok
aland at deployingradius.com
Thu Nov 27 10:41:37 CET 2008
malaya.kishore at wipro.com wrote:
> Problem 1:
>
> In the sanity check of rlm_digest module, we find that the attrlen
> attribute is not incremented correctly.
>
> FreeRadius version 2.1.1
>
> Source: freeradius-server-2.1.1\src\modules\rlm_digest\rlm_digest.c
>
> Line: 138
>
> Code:
>
> attrlen = p[1]; /* stupid VSA format */
>
> Solution:
>
> attrlen = p[1]+2; /* stupid VSA format */
I don't see why this is necessary. The length in the packet is the
length of the attribute, plus 2 octets (type + attr-length). The
following checks assume:
- minimum attrlen is 3 (type + attr-length + data)
- data length is "attrlen - 2" (line 165)
Further, this code inter-operates with all other Digest authentication
implementations, and has done so for over 6 years.
Could you explain in more detail why you think the above change is
required? What problems are you seeing with the existing code?
> Problem 2:
>
> As per the FreeRadius site, FreeRadius support RFC: 4590 and 5090.
Unfortunately, it doesn't. There are patches, but they have not yet
been integrated into the server.
Alan DeKok.
More information about the Freeradius-Devel
mailing list