Unsupported Vendor Specific Attribute results in incorrect behavior of rc_avpair_gen()

Tue Jan 27 04:24:53 CET 2015

I've changed "Vendor-Specific = 4RF" but still same problem. Please note that, radius server shows vendor-specific=0x345246 (running with -X)

It showed the same value when I was using "14817"

-----Original Message-----
From: freeradius-users-bounces+amol.lad=4rf.com at lists.freeradius.org [mailto:freeradius-users-bounces+amol.lad=4rf.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Tuesday, 27 January 2015 3:56 p.m.
To: FreeRadius users mailing list
Subject: Re: Unsupported Vendor Specific Attribute results in incorrect behavior of rc_avpair_gen()

On Jan 26, 2015, at 9:43 PM, Amol Lad <Amol.Lad at 4rf.com> wrote:
> I’m using freeradius client library 1.1.6 with radius server version 2.2.6.  The “users” file on server has an entry for user “abcd” as below:
>
> abcd  Cleartext-Password := "xyz"
>     Service-Type = Framed-Management,
>    Management-Privilege-level  = 4,
>    Vendor-Specific            = “14817"

  The Vendor-Specific attribute isn’t ASCII text.

> The dictionary file on client does not have entry for Vendor-Specific attribute value “14817” so this is an unsupported vendor-specific attribute

  No, the attribute is malformed.  It shouldn’t be allowed.

> As a result, below fragment will return NULL as well. Thus recursion unwinds by returning “pair” NULL even if valid attributes are also present
>
>                /* Advance to the next attribute and process recursively */
>                if (length != attrlen) {
>                                pair = rc_avpair_gen(rh, pair, ptr + attrlen, length - attrlen,
>                                    vendorpec);
>                                if (pair == NULL)  ←-- Recursion unwinds and all invocations return NULL
>                                                return NULL;
>                }

  That check is likely not needed… but it’s probably not *wrong*.

> Please advise how it can be addressed? Why is check [if (pair == NULL) return NULL;] needed above? Can’t we just continue with the function and return from the end of the function?

  Probably.  Patches are welcome.

  However… the freeradius-client code is intended for use in embedded environments.  i.e. where the attributes are known, and their values are known (or at least well-formed).

  If you’re creating attributes with garbage values, the simple solution is “don’t do that”.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The information in this email communication (inclusive of attachments) is confidential to 4RF Limited and the intended recipient(s). If you are not the intended recipient(s), please note that any use, disclosure, distribution or copying of this information or any part thereof is strictly prohibited and that the author accepts no liability for the consequences of any action taken on the basis of the information provided. If you have received this email in error, please notify the sender immediately by return email and then delete all instances of this email from your system. 4RF Limited will not accept responsibility for any consequences associated with the use of this email (including, but not limited to, damages sustained as a result of any viruses and/or any action or lack of action taken in reliance on it).