Hi All,

I made a stupid mistake. Sorry for that. Kindly ignore the solution part in my last email.

The correct "if" check that I meant to recommend before using the secret pointer is:

File radius.c

function: data2vp

2242 /*

2243 * Decrypt the attribute.

2244 */

2245 if (NULL != secret)

2246 {

2247

2248 switch (vp->flags.encrypt) {

2249 /*

2250 * User-Password

2251 */

2252 case FLAG_ENCRYPT_USER_PASSWORD:

2253 if (original) {

2254 rad_pwdecode((char *)vp->vp_strvalue,

...

2301 } /* switch over encryption flags */

2302

2303 }

Once again a sincere apology for the wrong diff.

Rgds,

Makarand.

diff -Naur radius.c.orig radius.c

--- radius.c.orig 2011-05-02 17:19:33.988204676 -0400

+++ radius.c 2011-05-02 18:18:37.423705767 -0400

@@ -2242,60 +2242,65 @@

/*

* Decrypt the attribute.

*/

- switch (vp->flags.encrypt) {

- /*

- * User-Password

- */

- case FLAG_ENCRYPT_USER_PASSWORD:

- if (original) {

- rad_pwdecode((char *)vp->vp_strvalue,

On Monday 02 May 2011 17:42:36 you wrote:

> Hi All,

>

> Hope all of you are having a nice day. This is my first post on this list,

> so kindly overlook any novice mistakes.

>

> I am facing a problem while working with freeradius. The description of the

> problem and a probable solution is given below:

>

> Problem Scenario:

> I work on a router. I am working on PEAP with default_eap_type=mschapv2. On

> the router, I am a tunnel exchanging packets with the port on one side and

> the radius server on the other. rad_decode is used to get the EAP

> attributes coming from the server, so that they can be sent to the port

> which is being authenticated.

> While invoking rad_decode, the secret is set to NULL. This causes a trap

> while trying to decode Microsoft specific attributes as

> dictionary.microsoft says the key should be encrypted.

>

> ATTRIBUTE MS-MPPE-Send-Key 16 octets

> encrypt=2

> ATTRIBUTE MS-MPPE-Recv-Key 17 octets

> encrypt=2

>

> Resolution:

> To resolve this issue, I had to add a NULL ptr check in radius.c, function

> data2vp.

>

> diff -Naur radius.c.orig radius.c

> --- radius.c.orig 2011-05-02 17:19:33.988204676 -0400

> +++ radius.c 2011-05-02 17:21:29.528702423 -0400

> @@ -2242,7 +2242,7 @@

> /*

> * Decrypt the attribute.

> */

> - switch (vp->flags.encrypt) {

> + switch (vp->flags.encrypt && (NULL != secret)) {

> /*

> * User-Password

> */

>

> I would highly appreciate your opinions regarding the issue. If this

> resolution is not acceptable, then kindly let me know alternatives that

> would be acceptable.

>

> Warm Rgds,

> Makarand.

--

NOTICE OF CONFIDENTIALITY:

-------------------------------------------

This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this e-mail and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.