Commit report for v3.0.x branch

The git bot announce at freeradius.org
Mon Nov 11 01:00:02 CET 2019


New activity for FreeRADIUS (the high performance and highly configurable RADIUS server)

======
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEE8n1lTTL4FC4LtEWpfQ55zXdiHs0FAl3IHHMACgkQfQ55zXdi
 Hs1gkAgAilZqcZnRaAhuS8whBWy7zYM9S22egEi9rk9tGQBfDjyUMWUp4XJdV4KQ
 H1LuY9gUAUbxUr3hMJdVLtJZHTdfs3csz/nZ4N+0wIWWlDdDCC5SLswDwaShHg3a
 vgrMmLmSKm9H6xrQTEeyXY7smlcfwc4Rl9GVveTZ8Z/wbkTWNtL+9Db0O60dqIdw
 TQApziyOEZYuWGM92RxwtCbvsNkzRw6Oucjq+wEmPzTNpyvoecFJPAMZAqOcYGaa
 YKJ1A7GDlRGoZ1AHd4VOS2I86NX9I35E4LCGOOmsbUdXe18zurjc1dBKS7ZFb36Q
 TWAxUivHo6RF4y0GeTHMkGEu6m+ZCg==
 =MTFv
 -----END PGP SIGNATURE-----

remove unused function

Alan T. DeKok at 2019-11-10T14:19:25Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5ee7d5f887c3516d3ebb7f8442eea209f6f0adb2
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEE8n1lTTL4FC4LtEWpfQ55zXdiHs0FAl3HO9oACgkQfQ55zXdi
 Hs31nQf/RV1UAXigS6cTyZdVKKZzbUTQttA5MtME5Q6cF46V70+9t5BWaMRnPggG
 8UBTWDZME1s0mXhpqLUSbQiw4QEJRwe09BKvpwg8CDahBqCMki8SCZjmSE+Kev4I
 3m/GX8E9xnx+b4ts+pUgtDLbO5kqc0EQ087FjV2YkU2KzIs4GfO3oHmxdZh6dSYe
 uYGNQzZZ6p2oBiXnhY9im4yV+DhNItaknxNhZtw6sBBIcDN02tsK00vRE1L2t2JF
 vECrx9IHhwWuCrII8aNyHUfwYb43fKvTBvL81lWuJOp7toY1FqdzpG8A/DnuBZiu
 PxjLQ4uQslpts5Cl+h2x3HXyjYfG1g==
 =s1Jf
 -----END PGP SIGNATURE-----

EAP-pwd: fix DoS due to multithreaded BN_CTX access

The EAP-pwd module created one global OpenSSL BN_CTX instance, and
used this instance in all incoming requests. This means that different
threads used the same BN_CTX instance, which can result in a crash.
An adversary can trigger these crashes by concurrently initiating
multiple EAP-pwd handshakes from different clients.

Fix this bug by creating a separate BN_CTX instance for each request.

Mathy Vanhoef (via Alan T. DeKok)@2019-11-09T22:21:14Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.h
	* src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c
	* src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.h

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/6b522f8780813726799e6b8cf0f1f8e0ce2c8ebf
====== 
-- 
This commit summary was generated @2019-11-11T00:00:02Z by lgfeed version 0.00 (https://github.com/arr2036/lgfeed).


More information about the Freeradius-Devel mailing list