OpenDirectory Authentication memory corruption
carsten.kirschner at corussoft.de
Tue Jun 9 10:25:27 CEST 2020
Am 25.05.20, 14:48 schrieb "Freeradius-Users im Auftrag von Alan DeKok" <freeradius-users-bounces+carsten.kirschner=corussoft.de at lists.freeradius.org im Auftrag von aland at deployingradius.com>:
> On May 25, 2020, at 6:36 AM, Carsten Kirschner via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>> Hello, i wrote on 15.01.2020 17:50 about our Freeradius problems, now we tested it anew with a new version of Freeradius (3.0.21).
> Yeah, that seems wrong. The odd thing is that the shortUserName field has it's length taken directly from the OpenDirectory API. i.e. it's not from FreeRADIUS.
> Line numbers would help rather a lot.
I tried various ways to get linenumbers compiled into, but failed. The complier switch -g3 is set, by your default, but the binaries do not contain full debug info and I couldn't see any symbol files. If someone has a way to create propper files I will try that.
What i tried, and can say for sure is, that the crash can be mitigated, if talloc_zero_array is used instead of talloc_array in src/modules/rlm_mschap/opendir.c in the lines around 140.
I refer to this codesegment, both occurences of talloc_array: https://github.com/FreeRADIUS/freeradius-server/commit/dee78b44119168e0cc5714602f8f7449a2e661aa (the zero setting of the last byte is then unnedded)
I think this is not the fix for the problem, but prevents the crash. Maybe because there is no longer uninitialized memory which is accessed because of a null check somewhere other.
With the talloc_zero_array function I can reliable authenticate users from the local userdatabase. But users from the Opendirectory fail with mschap: ERROR: rlm_mschap: authentication failed - status = eDSAuthMethodNotSupported
(56) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
(56) mschap: No NT-Password configured. Trying OpenDirectory Authentication
(56) mschap: OD username_string = testopendir, OD shortUserName=testopendir (length = 11)
(56) mschap: Stepbuf server challenge :
(56) mschap: Stepbuf peer challenge :
(56) mschap: Stepbuf p24 :
(56) mschap: ERROR: rlm_mschap: authentication failed - status = eDSAuthMethodNotSupported
Thanks for your time
More information about the Freeradius-Users