Hi All, I made a stupid mistake. Sorry for that. Kindly ignore the solution part in my last email. The correct "if" check that I meant to recommend before using the secret pointer is: File radius.c function: data2vp 2242 /* 2243 * Decrypt the attribute. 2244 */ 2245 if (NULL != secret) 2246 { 2247 2248 switch (vp->flags.encrypt) { 2249 /* 2250 * User-Password 2251 */ 2252 case FLAG_ENCRYPT_USER_PASSWORD: 2253 if (original) { 2254 rad_pwdecode((char *)vp->vp_strvalue, ... 2301 } /* switch over encryption flags */ 2302 2303 } Once again a sincere apology for the wrong diff. Rgds, Makarand. diff -Naur radius.c.orig radius.c --- radius.c.orig 2011-05-02 17:19:33.988204676 -0400 +++ radius.c 2011-05-02 18:18:37.423705767 -0400 @@ -2242,60 +2242,65 @@ /* * Decrypt the attribute. */ - switch (vp->flags.encrypt) { - /* - * User-Password - */ - case FLAG_ENCRYPT_USER_PASSWORD: - if (original) { - rad_pwdecode((char *)vp->vp_strvalue, On Monday 02 May 2011 17:42:36 you wrote:
Hi All,
Hope all of you are having a nice day. This is my first post on this list, so kindly overlook any novice mistakes.
I am facing a problem while working with freeradius. The description of the problem and a probable solution is given below:
Problem Scenario: I work on a router. I am working on PEAP with default_eap_type=mschapv2. On the router, I am a tunnel exchanging packets with the port on one side and the radius server on the other. rad_decode is used to get the EAP attributes coming from the server, so that they can be sent to the port which is being authenticated. While invoking rad_decode, the secret is set to NULL. This causes a trap while trying to decode Microsoft specific attributes as dictionary.microsoft says the key should be encrypted.
ATTRIBUTE MS-MPPE-Send-Key 16 octets encrypt=2 ATTRIBUTE MS-MPPE-Recv-Key 17 octets encrypt=2
Resolution: To resolve this issue, I had to add a NULL ptr check in radius.c, function data2vp.
diff -Naur radius.c.orig radius.c --- radius.c.orig 2011-05-02 17:19:33.988204676 -0400 +++ radius.c 2011-05-02 17:21:29.528702423 -0400 @@ -2242,7 +2242,7 @@ /* * Decrypt the attribute. */ - switch (vp->flags.encrypt) { + switch (vp->flags.encrypt && (NULL != secret)) { /* * User-Password */
I would highly appreciate your opinions regarding the issue. If this resolution is not acceptable, then kindly let me know alternatives that would be acceptable.
Warm Rgds, Makarand.
-- NOTICE OF CONFIDENTIALITY: ------------------------------------------- This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this e-mail and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.