OpenDirectory Authentication memory corruption

Carsten Kirschner carsten.kirschner at
Tue Jun 9 10:25:27 CEST 2020

Am 25.05.20, 14:48 schrieb "Freeradius-Users im Auftrag von Alan DeKok" < at im Auftrag von aland at>:

>    On May 25, 2020, at 6:36 AM, Carsten Kirschner via Freeradius-Users <freeradius-users at> wrote:
    >> Hello, i wrote ​on 15.01.2020 17:50 about our Freeradius problems, now we tested it anew with a new version of Freeradius (3.0.21).
>      Yeah, that seems wrong.  The odd thing is that the shortUserName field has it's length taken directly from the OpenDirectory API.  i.e. it's not from FreeRADIUS.

>      Line numbers would help rather a lot.

I tried various ways to get linenumbers compiled into, but failed. The complier switch -g3 is set, by your default, but the binaries do not contain full debug info and I couldn't see any symbol files. If someone has a way to create propper files I will try that.

What i tried, and can say for sure is, that the crash can be mitigated, if talloc_zero_array is used instead of talloc_array in src/modules/rlm_mschap/opendir.c in the lines around 140.
I refer to this codesegment, both occurences of talloc_array: (the zero setting of the last byte is then unnedded)
I think this is not the fix for the problem, but prevents the crash. Maybe because there is no longer uninitialized memory which is accessed because of a null check somewhere other.

With the talloc_zero_array function I can reliable authenticate users from the local userdatabase. But users from the Opendirectory fail with mschap: ERROR: rlm_mschap: authentication failed - status = eDSAuthMethodNotSupported

(56) mschap: WARNING: No Cleartext-Password configured.  Cannot create NT-Password
(56) mschap: No NT-Password configured. Trying OpenDirectory Authentication 
(56) mschap: OD username_string = testopendir, OD shortUserName=testopendir (length = 11) 
(56) mschap:   Stepbuf server challenge : 
(56) mschap:   Stepbuf peer challenge   : 
(56) mschap:   Stepbuf p24              : 
(56) mschap: ERROR: rlm_mschap: authentication failed - status = eDSAuthMethodNotSupported

Thanks for your time
Carsten Kirschner

More information about the Freeradius-Users mailing list