On Thu, 02 Mar 2023 17:28:01 +0100, "Peter J. Philipp" wrote:
> I just looked up RADIUS in RFC 2865 and on page 15 it reads:
>
> ->
>Length
>
> The Length field is two octets. It indicates the length of the
> packet including the Code, Identifier, Length, Authenticator and
On Thu, Mar 02, 2023 at 09:31:57AM -0700, Theo de Raadt wrote:
> Using a global variable like that is poor style.
OK, I'm gonna give it one more attempt:
In RFC 2865 there is no auth code for discarding a message but there is a
255 reserved value which we may be able to use as a hack. Refer to p
Using a global variable like that is poor style.
On Thu, Mar 02, 2023 at 09:09:31AM -0700, Todd C. Miller wrote:
> On Thu, 02 Mar 2023 09:07:38 -0700, "Theo de Raadt" wrote:
>
> > + if (auth.length > total_length)
> >
> > Isn't auth.length a network byte order value?
>
> Ah yes, good catch; it needs an ntohs().
>
> - todd
Hi,
I just l
On Thu, 02 Mar 2023 09:07:38 -0700, "Theo de Raadt" wrote:
> + if (auth.length > total_length)
>
> Isn't auth.length a network byte order value?
Ah yes, good catch; it needs an ntohs().
- todd
Index: libexec/login_radius/raddauth.c
On Thu, Mar 02, 2023 at 08:56:10AM -0700, Todd C. Miller wrote:
> The following patch should fix the problem, can you try it out?
>
> - todd
Hi Todd,
thanks for the quick patch that was really awesome! I modified it a little
to use ntohs(auth.length) in the length check. Other than that it re
+ if (auth.length > total_length)
Isn't auth.length a network byte order value?
The following patch should fix the problem, can you try it out?
- todd
Index: libexec/login_radius/raddauth.c
===
RCS file: /cvs/src/libexec/login_radius/raddauth.c,v
retrieving revision 1.30
diff -u -p -u -r1.30 raddauth.c
--- libe
>Synopsis: possible segmentation violation in login radius
>Category: system
>Environment:
System : OpenBSD 7.2
Details : OpenBSD 7.2 (GENERIC.MP) #2: Thu Nov 24 23:53:03 MST 2022
r...@syspatch-72-arm64.openbsd.org:/usr/src/sys/arch/arm64
