aland at ox.org
Tue Aug 23 00:09:10 CEST 2005
Nicolas Baradakis <nbk at sitadelle.com> wrote:
> > The LDAP module has *always* worked that way, so it's not a priority
> > for 1.0.5.
> That's right, but it seems easy to fix this issue. If I understand
> correctly the code in ldap_pairget(), we should have either "[value]"
> or "[operator] [value]" in a one-to-one-mapped attribute.
> If the statement above is correct, the code should be:
> ptr = str_from_ldap;
> operator = gettoken(&ptr);
> if (operator is valid)
> value = ptr;
> value = str_from_ldap;
That would work, but would also involve changing the way the module
works in a stable release. On the other hand, the current method is
I'm fine with fixing it. Maybe Kostas has opinions?
> On other news, Primoz Bratanic is testing his tool of "automated
> vulnerability search" on the source code of FreeRADIUS. Thanks to him,
> I was able to fix three possible buffer overflows in xlat.c and
> rlm_sqlcounter.c. (see the Automatic CVS report)
Sounds good to me.
> Primoz also found out that the SQL query in rlm_sqlcounter isn't
> correctly escaped. (possible SQL injection vulnerability) As the
> function 'sql_escape_func' is static in module 'rlm_sql', I don't
> know if we should copy/paste the code or make the function publicly
Since rlm_sqlcounter already calls rlm_sql to do it's work, just
export the function.
> We should also fix this in 1.0.5, before the people from Gentoo start
> to make publicity about this.
Yes. I'd like to release 1.0.5 soon.
More information about the Freeradius-Devel