Issue with rlm_digest module

malaya.kishore at wipro.com malaya.kishore at wipro.com
Fri Nov 28 10:00:44 CET 2008


Hi Alan DeKok,

Any plans when RFC 5090 will be included in standard FreeRadius.

Kind Regards,
Kishore

-----Original Message-----
From:
freeradius-devel-bounces+malaya.kishore=wipro.com at lists.freeradius.org
[mailto:freeradius-devel-bounces+malaya.kishore=wipro.com at lists.freeradi
us.org] On Behalf Of Alan DeKok
Sent: Thursday, November 27, 2008 3:12 PM
To: FreeRadius developers mailing list
Subject: Re: Issue with rlm_digest module

malaya.kishore at wipro.com wrote:
> Problem 1:
> 
> In the sanity check of rlm_digest module, we find that the attrlen
> attribute is not incremented correctly.
>  
> FreeRadius version 2.1.1
> 
> Source: freeradius-server-2.1.1\src\modules\rlm_digest\rlm_digest.c
> 
> Line: 138
> 
> Code:
> 
> attrlen = p[1];     /* stupid VSA format */  
> 
> Solution:
> 
> attrlen = p[1]+2; /* stupid VSA format */

  I don't see why this is necessary.  The length in the packet is the
length of the attribute, plus 2 octets (type + attr-length).  The
following checks assume:

	- minimum attrlen is 3 (type + attr-length + data)
	- data length is "attrlen - 2" (line 165)

  Further, this code inter-operates with all other Digest authentication
implementations, and has done so for over 6 years.

  Could you explain in more detail why you think the above change is
required?  What problems are you seeing with the existing code?

> Problem 2:
> 
> As per the FreeRadius site, FreeRadius support RFC: 4590 and 5090.

  Unfortunately, it doesn't.  There are patches, but they have not yet
been integrated into the server.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/devel.html

Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. 

www.wipro.com




More information about the Freeradius-Devel mailing list