buffer overflow on mschap reject
Matt Richards
matt at mattstone.net
Wed Jun 13 12:38:12 CEST 2012
On 06/12/12 15:20, Alan DeKok wrote:
> Matt Richards wrote:
>> Hello,
>>
>> I have got radius setup to authenticate wireless clients using MS-CHAP
>> and everything works correctly if the entered user / pass is correct.
>>
>> If the password is wrong, however, I get a buffer overflow error and
>> radiusd dies.
>
> You probably set the "retry_msg" to a very long string.
I did have a retry_msg which was left as the default value of
retry_msg = "Re-enter (or reset) the password"
After I commented out this line the problem went away.
Thanks for your help. I'm guessing this shouldn't crash with the example
config? maybe the mschap stuff bloats the reply too much?
>
>>> *** buffer overflow detected ***: radiusd terminated
>>> ======= Backtrace: =========
>
> Reading doc/bugs would help here.
>
>> I can replicate this issue with radtest.
>
> Do you have a minimal config which could help?
>
>> Does anybody know why this might be happening? If you require any
>> additional info please let me know. One thing I was thinking about
>> trying it going back a few versions of ntlm_auth and tring again. Its
>> interesting how I don't seem to be able to find any information relating
>> to this on the Internet.
>
> The error path here is very small. i.e. ~15 lines of code.
>
> Running the server under "valgrind" would help, too. But first build
> it with debugging symbols.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list