Commit report for v3.0.x branch
The git bot
announce at freeradius.org
Mon Nov 11 01:00:02 CET 2019
New activity for FreeRADIUS (the high performance and highly configurable RADIUS server)
======
gpgsig -----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEE8n1lTTL4FC4LtEWpfQ55zXdiHs0FAl3IHHMACgkQfQ55zXdi
Hs1gkAgAilZqcZnRaAhuS8whBWy7zYM9S22egEi9rk9tGQBfDjyUMWUp4XJdV4KQ
H1LuY9gUAUbxUr3hMJdVLtJZHTdfs3csz/nZ4N+0wIWWlDdDCC5SLswDwaShHg3a
vgrMmLmSKm9H6xrQTEeyXY7smlcfwc4Rl9GVveTZ8Z/wbkTWNtL+9Db0O60dqIdw
TQApziyOEZYuWGM92RxwtCbvsNkzRw6Oucjq+wEmPzTNpyvoecFJPAMZAqOcYGaa
YKJ1A7GDlRGoZ1AHd4VOS2I86NX9I35E4LCGOOmsbUdXe18zurjc1dBKS7ZFb36Q
TWAxUivHo6RF4y0GeTHMkGEu6m+ZCg==
=MTFv
-----END PGP SIGNATURE-----
remove unused function
Alan T. DeKok at 2019-11-10T14:19:25Z
Files modified:
* src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5ee7d5f887c3516d3ebb7f8442eea209f6f0adb2
======
gpgsig -----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEE8n1lTTL4FC4LtEWpfQ55zXdiHs0FAl3HO9oACgkQfQ55zXdi
Hs31nQf/RV1UAXigS6cTyZdVKKZzbUTQttA5MtME5Q6cF46V70+9t5BWaMRnPggG
8UBTWDZME1s0mXhpqLUSbQiw4QEJRwe09BKvpwg8CDahBqCMki8SCZjmSE+Kev4I
3m/GX8E9xnx+b4ts+pUgtDLbO5kqc0EQ087FjV2YkU2KzIs4GfO3oHmxdZh6dSYe
uYGNQzZZ6p2oBiXnhY9im4yV+DhNItaknxNhZtw6sBBIcDN02tsK00vRE1L2t2JF
vECrx9IHhwWuCrII8aNyHUfwYb43fKvTBvL81lWuJOp7toY1FqdzpG8A/DnuBZiu
PxjLQ4uQslpts5Cl+h2x3HXyjYfG1g==
=s1Jf
-----END PGP SIGNATURE-----
EAP-pwd: fix DoS due to multithreaded BN_CTX access
The EAP-pwd module created one global OpenSSL BN_CTX instance, and
used this instance in all incoming requests. This means that different
threads used the same BN_CTX instance, which can result in a crash.
An adversary can trigger these crashes by concurrently initiating
multiple EAP-pwd handshakes from different clients.
Fix this bug by creating a separate BN_CTX instance for each request.
Mathy Vanhoef (via Alan T. DeKok)@2019-11-09T22:21:14Z
Files modified:
* src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.h
* src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c
* src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.h
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/6b522f8780813726799e6b8cf0f1f8e0ce2c8ebf
======
--
This commit summary was generated @2019-11-11T00:00:02Z by lgfeed version 0.00 (https://github.com/arr2036/lgfeed).
More information about the Freeradius-Devel
mailing list