malaya.kishore@wipro.com wrote:
Problem 1:
In the sanity check of rlm_digest module, we find that the attrlen attribute is not incremented correctly.
FreeRadius version 2.1.1
Source: freeradius-server-2.1.1\src\modules\rlm_digest\rlm_digest.c
Line: 138
Code:
attrlen = p[1]; /* stupid VSA format */
Solution:
attrlen = p[1]+2; /* stupid VSA format */
I don't see why this is necessary. The length in the packet is the length of the attribute, plus 2 octets (type + attr-length). The following checks assume: - minimum attrlen is 3 (type + attr-length + data) - data length is "attrlen - 2" (line 165) Further, this code inter-operates with all other Digest authentication implementations, and has done so for over 6 years. Could you explain in more detail why you think the above change is required? What problems are you seeing with the existing code?
Problem 2:
As per the FreeRadius site, FreeRadius support RFC: 4590 and 5090.
Unfortunately, it doesn't. There are patches, but they have not yet been integrated into the server. Alan DeKok.