Strange packet causing radius to crash.

Alan DeKok aland at
Thu Feb 21 08:55:07 CET 2008

Matthew Schumacher wrote:
> The patch proved to be unreliable, and now I'm trying to figure out why.
>     Most of the time it works fine, but every now and then it crashes
> the radius server.  In digging around trying to figure out why it
> doesn't work I was able to capture the Access-Request packet that
> crashes the server.
> In wireshark it shows the error, "VSA too short":

  Can you post the *hex* version of the packet?  The "VSA too short"
error means that it isn't printing out what's actually in the packet.
So... it doesn't say *why* the VSA is too short.

  And does this crash when the server *doesn't* have that patch?

>         AVP: l=14  t=Vendor-Specific(26) v=UTStarcom Incorporated(429)
>         [VSA too short]

  USR VSA's are:

  26 (Vendor-Specific)
  xx (vendor-length)
  0000xxxx (USR vendor-ID)
  0000tttt (USR vendor-type)
  ...      (data)

  i.e. at least 12 bytes long.  If the Vendor-Specific attribute is 14
bytes, then it means that the Vendor-Type is likely a 'string' type, and
it contains 2 characters of string data.

  But Wireshark also includes the FreeRADIUS dictionaries.  So it may
think that the attribute is of type "integer", and should therefore be 4

  Without the *contents* of the attribute, it's impossible to know more.

  Alan DeKok.

More information about the Freeradius-Devel mailing list