Bug in radclient when parsing long value from file (FreeRADIUS 1.1.3)

[Geoffroy Arnoud]

Hi all,

There a bug in radclient when reading a valuepair from
a file, when the value is to long to be read, when
written in hexadecimal.
Actually, when a value can be at most 253 bytes (on
the network), when expressed in hexadecimal, it
requires 253x2 + 2 (0x) characters.

Here is a sample request that shows the issue.

NAS-IP-Address = 10.194.96.114
Framed-IP-Address = 192.168.100.69
Event-Timestamp = "Dec 18 2006 08:42:08 CET"
Acct-Status-Type = Stop
WISPr-Location-Name = "Something"
Acct-Output-Octets = 32411
Acct-Terminate-Cause = Session-Timeout
Acct-Session-Id = "00000743"
NAS-Identifier = "SomethingNAS"
Acct-Output-Gigawords = 0
NAS-Port-Type = Virtual
User-Name = "user at company"
Acct-Session-Time = 600
Acct-Input-Gigawords = 0
Class =
0x53425232434cc383c2a6c382c2b4c383efbfbdc383c2adc383c2a7c383c2acc383c5b8c383e280b9c383c2b7c3a2e2809ac2ac11c3a2e2809ac2ac3901c3a2e2809ac2ac08c3afc2bfc2bdc385c2bec3a2e282acc2bac383c2acc383c2a7c3a2e282acc593c383e280b0c383c5bec382c2be02c3a2e2809ac2ac17c3afc2bfc2bdc385e2809cc385e28099c383c2a6c3a2e282acc593c3af
Acct-Input-Octets = 324352

The bug is located in file src/lib/valuepair.c in
function pairread.

A patch is attached that increases the size of the
"value" buffer to 512 bytes. Does anyone see side
effects?

Best regards,
Geoff.




	

	
		
___________________________________________________________________________ 
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! 
Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses 
http://fr.answers.yahoo.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 113_SCR6.diff
Type: application/octet-stream
Size: 590 bytes
Desc: 1781945399-113_SCR6.diff
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20070112/2c74f1e8/attachment.obj>