REST POST buffer overflow
adrian.p.smith at bt.com
adrian.p.smith at bt.com
Tue Jan 12 14:48:04 CET 2021
We are running 3.0.15 and are seeing occasional issues when a large accounting packet is passed to our REST server:
It appears that a buffers gets a bit full and if this occurs when an attribute name is written, but not the value, the next chunk starts with the value of the NEXT AVP instead of the one that was being processed when the buffer got full:
Here is some debug I captured (various values obfuscated) :
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Length : 1
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Value : 0
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Encoding attribute "Calling-Station-Id"
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Length : 17
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Value : aa-bb-cc-dd-ee-ff
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Encoding attribute "Called-Station-Id"
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Length : 26
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Value : AAAA-BBBB-CC-DDDD%3A_EEEE-FF
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: POST Data: User-Name=ccccccc%2F2-e0f81c520daf44eba1335f1c508b65d2-form%4014143d&NAS-Port=8&NAS-IP-Address=10.101.0.2&Framed-IP-Address=10.101.16.156&Class=0x62746f7a2d2d2d35666664356238612f37303a62633a31303a36383a32373a65322f31333938323736392f313631303433393537342d2d2d&Class=0x52454749442166383534626439392d613335652d343033302d613331632d623632333837363535373866&NAS-Identifier=ccccccccc%2F&Airespace-Wlan-Id=90&Acct-Session-Id=5ffd5b8a%2F70%3Abc%3A10%3A68%3A27%3Ae2%2F13982769&NAS-Port-Type=Wireless-802.11&Cisco-AVPair=audit-session-id%3D980027d9008b75188a5bfd5f&Acct-Authentic=RADIUS&Tunnel-Type=VLAN&Tunnel-Medium-Type=IEEE-802&Tunnel-Private-Group-Id=2566&Event-Timestamp=Jan%2012%202021%2012%3A31%3A05%20GMT&Acct-Status-Type=Interim-Update&Acct-Input-Octets=2714442414&Acct-Input-Gigawords=0&Acct-Output-Octets=1012626742&Acct-Output-Gigawords=0&Acct-Input-Packets=3975169&Acct-Output-Packets=2035021&Acct-Session-Time=15090&Acct-Delay-Time=0&Calling-Station-Id=aa-bb-cc-dd-ee-ff&Called-Station-Id=
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Returning 995 bytes of POST data (buffer full or chunk exceeded)
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Encoding attribute "Tmp-String-9"
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Length : 3
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Value : ai%3A
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Encoding attribute "Acct-Unique-Session-Id"
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Length : 32
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Value : 8c229aac7dd2a7fff9df0b5128d9a736
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: POST Data: ai%3A&Acct-Unique-Session-Id=8c229aac7dd2a7fff9df0b5128d9a736
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Returning 61 bytes of POST data
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Processing response header
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Status : 100 ()
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Continuing...
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Processing response header
Tue Jan 12 12:31:05 2021 : Debug: (53749687) rest: Status : 200 ()
Is this something that would fix if we upgrade to 3.0.21 or a bug that could be fixed?
TIA
Adrian
More information about the Freeradius-Users
mailing list