Mailinglist Archive: opensuse-security (297 mails)

< Previous Next >
radiusd-livingston-2.1-507
  • From: Ulrich Bernhard <ulrich.bernhard@xxxxxxxxxxx>
  • Date: Tue, 06 Jul 2004 18:48:40 +0200
  • Message-id: <40EAD7E8.8030002@xxxxxxxxxxx>
I am not shure if this is the correct mailing list.

I have upgraded to radius-livingston-2.1-507 (with SuSE 9.1). The new radiusd daemon does not write the user-name into the logfiles. The problem is in the radius/src/util.c source file. In the subroutine fprint_attr_val the size of a buffer is checked against the length of the string which has to be put into the buffer - at least it should do that. The checks are wrong so the user-name will never be printed out.
I have attached a patch which resolves this problem - I hope I have not opened an other bug....

Best regards

Ulrich Berrnhard

--
+-----------------------------------------------------------+
| Ulrich Bernhard |
| Informatikdienste Tel: (+41-44) 635 67 73 |
| Universitaet Zuerich Fax: (+41-44) 635 45 05 |
| Winterthurerstr. 190 |
| CH-8057 Zuerich Email: ulrich.bernhard@xxxxxxxxxxx |
| Switzerland |
+-----------------------------------------------------------+
*** radius/src/util.c. 2004-07-06 16:20:26.996719000 +0200
--- radius/src/util.c 2004-07-06 18:07:33.290439272 +0200
***************
*** 657,675 ****
prtbuf_len-=strlen(prtbuf);
ptr = (u_char *)pair->strvalue;
len = pair->lvalue;
! while(len-- > 0 ) {
if(!(isprint(*ptr))) {
snprintf(buffer, sizeof(buffer), "\\%03o",
*ptr);
strlcat(prtbuf, buffer, prtbuf_len);
}
else {
! if(strlen(prtbuf)>prtbuf_len-2)
! fprint_attr_putc(*ptr, prtbuf);
}
ptr++;
}
! if(strlen(prtbuf)>prtbuf_len-2)
fprint_attr_putc('"', prtbuf);
break;

--- 657,676 ----
prtbuf_len-=strlen(prtbuf);
ptr = (u_char *)pair->strvalue;
len = pair->lvalue;
! while(len-- > 0 && 0 < prtbuf_len-5) {
if(!(isprint(*ptr))) {
snprintf(buffer, sizeof(buffer), "\\%03o",
*ptr);
strlcat(prtbuf, buffer, prtbuf_len);
+ prtbuf_len-=4;
}
else {
! fprint_attr_putc(*ptr, prtbuf);
! prtbuf_len--;
}
ptr++;
}
! if(0<prtbuf_len-2)
fprint_attr_putc('"', prtbuf);
break;

< Previous Next >
This Thread
  • No further messages