3.0.x - Issue with EAP-SIM - EAP-Message too short in Challenge

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Jun 11 19:57:58 CEST 2014 

On 11 Jun 2014, at 18:42, Alan DeKok <aland at deployingradius.com> wrote:

> Chaigneau, Nicolas wrote:
>> I've noticed some changes to eapsimlib.c (not sure if it's linked...) in the following commit :
>> https://github.com/FreeRADIUS/freeradius-server/commit/39df09e42d80a96363be0bddee2ff0ba97fdb035
>> 
>> So I tried a prior commit :
>> https://github.com/FreeRADIUS/freeradius-server/tree/7edb8dd4a91d0111da0950e21c113cfc3e4d2a28
>> With this version I don't have the problem.
> 
>  The only differences in eapsimlib are to change some header definitions:
> 
> ....
> $ git diff 7edb8dd4a91..39df09e42d80 src/modules/rlm_eap/libeap/eapsimlib.c
> diff --git a/src/modules/rlm_eap/libeap/eapsimlib.c
> b/src/modules/rlm_eap/libeap/eapsimlib.c
> index 8afed40..c2975ed 100644
> --- a/src/modules/rlm_eap/libeap/eapsimlib.c
> +++ b/src/modules/rlm_eap/libeap/eapsimlib.c
> @@ -408,7 +408,7 @@ int eapsim_checkmac(TALLOC_CTX *ctx, VALUE_PAIR
> *rvps, uint8_t key[EAPSIM_AUTH_S
>                 */
>                attr = buffer+8;
>                while(attr < (buffer+elen)) {
> -                       if(attr[0] == PW_EAP_SIM_MAC) {
> +                       if (attr[0] == (PW_EAP_SIM_MAC - PW_EAP_SIM_BASE)) {
>                                /* zero the data portion, after making sure
>                                 * the size is >=5. Maybe future versions.
>                                 * will use more bytes, so be liberal.
> ....
> 
> 
>  That shouldn't affect anything.
> 
>  Can you confirm that the commit before 39df09e42d works?  If so, the
> fix should be simple.

Or try the latest head... we still had a bunch of duplicate c preprocessor macros for the attribute numbers, and i'd messed up the fallback to searching in the reply list.

That broke between v3.0.2 and v3.0.3, though it could be worked around by putting the triplets in the control list, which i'm guessing is what you're doing...

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140611/ba4d9a95/attachment.pgp>

More information about the Freeradius-Users mailing list