[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] radiusd-livingston-2.1-507



I am not shure if this is the correct mailing list.

I have upgraded to radius-livingston-2.1-507 (with SuSE 9.1). The new radiusd daemon does not write the user-name into the logfiles. The problem is in the radius/src/util.c source file. In the subroutine fprint_attr_val the size of a buffer is checked against the length of the string which has to be put into the buffer - at least it should do that. The checks are wrong so the user-name will never be printed out. I have attached a patch which resolves this problem - I hope I have not opened an other bug....

Best regards

Ulrich Berrnhard

--
 +-----------------------------------------------------------+
 | Ulrich Bernhard                                           |
 | Informatikdienste      Tel: (+41-44) 635 67 73            |
 | Universitaet Zuerich   Fax: (+41-44) 635 45 05            |
 | Winterthurerstr. 190                                      |
 | CH-8057 Zuerich        Email: ulrich.bernhard@xxxxxxxxxxx |
 | Switzerland                                               |
 +-----------------------------------------------------------+
*** radius/src/util.c.	2004-07-06 16:20:26.996719000 +0200
--- radius/src/util.c	2004-07-06 18:07:33.290439272 +0200
***************
*** 657,675 ****
                  prtbuf_len-=strlen(prtbuf);
  		ptr = (u_char *)pair->strvalue;
  		len = pair->lvalue;
! 		while(len-- > 0 ) {
  			if(!(isprint(*ptr))) {
  				snprintf(buffer, sizeof(buffer), "\\%03o", 
                                          *ptr);
  				strlcat(prtbuf, buffer, prtbuf_len);
  			}
  			else {
!                                 if(strlen(prtbuf)>prtbuf_len-2)
! 				        fprint_attr_putc(*ptr, prtbuf);
  			}
  			ptr++;
  		}
!                 if(strlen(prtbuf)>prtbuf_len-2)
  		        fprint_attr_putc('"', prtbuf);
  		break;
  			
--- 657,676 ----
                  prtbuf_len-=strlen(prtbuf);
  		ptr = (u_char *)pair->strvalue;
  		len = pair->lvalue;
! 		while(len-- > 0 && 0 < prtbuf_len-5) {
  			if(!(isprint(*ptr))) {
  				snprintf(buffer, sizeof(buffer), "\\%03o", 
                                          *ptr);
  				strlcat(prtbuf, buffer, prtbuf_len);
+ 			        prtbuf_len-=4;
  			}
  			else {
! 				fprint_attr_putc(*ptr, prtbuf);
! 				prtbuf_len--;
  			}
  			ptr++;
  		}
!                 if(0<prtbuf_len-2)
  		        fprint_attr_putc('"', prtbuf);
  		break;
  			

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here