Hi Alan DeKok, Any plans when RFC 5090 will be included in standard FreeRadius. Kind Regards, Kishore -----Original Message----- From: freeradius-devel-bounces+malaya.kishore=wipro.com@lists.freeradius.org [mailto:freeradius-devel-bounces+malaya.kishore=wipro.com@lists.freeradi us.org] On Behalf Of Alan DeKok Sent: Thursday, November 27, 2008 3:12 PM To: FreeRadius developers mailing list Subject: Re: Issue with rlm_digest module malaya.kishore@wipro.com wrote:
Problem 1:
In the sanity check of rlm_digest module, we find that the attrlen attribute is not incremented correctly.
FreeRadius version 2.1.1
Source: freeradius-server-2.1.1\src\modules\rlm_digest\rlm_digest.c
Line: 138
Code:
attrlen = p[1]; /* stupid VSA format */
Solution:
attrlen = p[1]+2; /* stupid VSA format */
I don't see why this is necessary. The length in the packet is the length of the attribute, plus 2 octets (type + attr-length). The following checks assume: - minimum attrlen is 3 (type + attr-length + data) - data length is "attrlen - 2" (line 165) Further, this code inter-operates with all other Digest authentication implementations, and has done so for over 6 years. Could you explain in more detail why you think the above change is required? What problems are you seeing with the existing code?
Problem 2:
As per the FreeRadius site, FreeRadius support RFC: 4590 and 5090.
Unfortunately, it doesn't. There are patches, but they have not yet been integrated into the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com