Regarding using strcmp instead of memcmp
Ravi S M
smravi at TechMahindra.com
Fri Aug 18 06:43:33 CEST 2006
Hi this is where the error is occurring in UMR & ABR in the following
files, While running with purify.
Command-line: radiusd -X
UMR: Uninitialized memory read (3 times)
This is occurring while in:
memcmp [rtlib.o]
cf_expand_variables [conffile.c:369]
p += strlen(p);
ptr = end + 1;
=> } else if (memcmp(ptr, "$ENV{", 5) == 0)
{
char *env;
ptr += 5;
cf_section_read [conffile.c:785]
/*
* Handle variable substitution via
${foo}
*/
=> value = cf_expand_variables(cf, lineno,
cs, buf, buf3);
if (!value) {
cf_section_free(&cs);
return NULL;
conf_read [conffile.c:834]
return NULL;
}
=> if(parent) {
cs = cf_section_read(conffile, &lineno, fp,
NULL, NULL, parent);
} else {
cs = cf_section_read(conffile, &lineno, fp,
NULL, NULL, NULL);
read_radius_conf_file [mainconfig.c:1145]
radlog(L_ERR|L_CONS, "radius_dir :
%s",radius_dir);
if ((cs = conf_read(NULL, 0, buffer, NULL)) ==
NULL) {
=> return NULL;
}
/*
read_mainconfig [mainconfig.c:1190]
/* First read radiusd.conf */
DEBUG2("reread_config: reading radiusd.conf");
if ((cs = read_radius_conf_file()) == NULL) {
=> if (debug_flag || (radlog_dir == NULL))
{
radlog(L_ERR|L_CONS, "Errors
reading radiusd.conf");
} else {
Reading 5 bytes from 0xffbe51d0 on the stack (1 byte at 0xffbe51d4
uninit).
Address 0xffbe51d0 is 68 bytes past start of local variable
"cs" in function cf_section_read.
And the ABR error as below
ABR: Array bounds read
This is occurring while in:
memcmp [rtlib.o]
rad_respond [radiusd.c:1744]
pairfind(request->packet->vps, PW_PASSWORD));
reprocess = 1;
}
=> if (strcmp(mainconfig.do_nospace_user, "after")
== 0) {
rad_rmspace_pair(request,
request->username);
reprocess = 1;
}
main [radiusd.c:1502]
}
} else
#endif
=> rad_respond(request,
fun);
} /* loop over listening sockets*/
#ifdef WITH_SNMP
_start [crt1.o]
Reading 6 bytes from 0xc5c20 in the heap (3 bytes at 0xc5c23
illegal).
Address 0xc5c20 is at the beginning of a malloc'd block of 3
bytes.
This block was allocated from:
malloc [rtlib.o]
strdup [libc.so.1]
cf_section_parse [conffile.c:527]
cs->name1,
variables[i].name,
value ? value :
"(null)");
=> *q = value ? strdup(value) :
NULL;
break;
case PW_TYPE_IPADDR:
read_radius_conf_file [mainconfig.c:1153]
* radiusd.conf, the other configuration
files exist.
*/
cf_section_parse(cs, NULL, server_config);
Thanks & Regards
Ravi
============================================================================================================================
Tech Mahindra, formerly Mahindra-British Telecom.
Disclaimer:
This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review at <a href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="http://tim.techmahindra.com/Disclaimer.html">http://tim.techmahindra.com/Disclaimer.html</a> internally within Tech Mahindra.
============================================================================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060818/ba9ad2b7/attachment.html>
More information about the Freeradius-Users
mailing list