OpenDirectory Authentication memory corruption

Carsten Kirschner carsten.kirschner at corussoft.de
Tue Jun 9 10:25:27 CEST 2020 


Am 25.05.20, 14:48 schrieb "Freeradius-Users im Auftrag von Alan DeKok" <freeradius-users-bounces+carsten.kirschner=corussoft.de at lists.freeradius.org im Auftrag von aland at deployingradius.com>:

>    On May 25, 2020, at 6:36 AM, Carsten Kirschner via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
    >> 
    >> Hello, i wrote ​on 15.01.2020 17:50 about our Freeradius problems, now we tested it anew with a new version of Freeradius (3.0.21).
    >>     
>      Yeah, that seems wrong.  The odd thing is that the shortUserName field has it's length taken directly from the OpenDirectory API.  i.e. it's not from FreeRADIUS.

>      Line numbers would help rather a lot.

I tried various ways to get linenumbers compiled into, but failed. The complier switch -g3 is set, by your default, but the binaries do not contain full debug info and I couldn't see any symbol files. If someone has a way to create propper files I will try that.
    


What i tried, and can say for sure is, that the crash can be mitigated, if talloc_zero_array is used instead of talloc_array in src/modules/rlm_mschap/opendir.c in the lines around 140.
I refer to this codesegment, both occurences of talloc_array: https://github.com/FreeRADIUS/freeradius-server/commit/dee78b44119168e0cc5714602f8f7449a2e661aa (the zero setting of the last byte is then unnedded)
I think this is not the fix for the problem, but prevents the crash. Maybe because there is no longer uninitialized memory which is accessed because of a null check somewhere other.

With the talloc_zero_array function I can reliable authenticate users from the local userdatabase. But users from the Opendirectory fail with mschap: ERROR: rlm_mschap: authentication failed - status = eDSAuthMethodNotSupported

(56) mschap: WARNING: No Cleartext-Password configured.  Cannot create NT-Password
(56) mschap: No NT-Password configured. Trying OpenDirectory Authentication 
(56) mschap: OD username_string = testopendir, OD shortUserName=testopendir (length = 11) 
(56) mschap:   Stepbuf server challenge : 
ffffffdffffffffa0dffffffa1ffffff8bfffffffe08ffffffc344ffffff9924ffffffbbfffffff8ffffffd4ffffffcd13
(56) mschap:   Stepbuf peer challenge   : 
ffffffa4211821ffffffc6ffffffa7ffffffb9ffffffe1ffffff9c1cfffffff423ffffffec6cffffffea65
(56) mschap:   Stepbuf p24              : 
1b533d54ffffffd4ffffffc65d6a0fffffffa401ffffffbc6761ffffff86ffffffdd4bffffff80ffffffb5615ffffffff7ffffffd4ffffffdd
(56) mschap: ERROR: rlm_mschap: authentication failed - status = eDSAuthMethodNotSupported


    
Thanks for your time
Carsten Kirschner

More information about the Freeradius-Users mailing list