Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
Directory
candlerb
bycandlerb, February 15, 2018
Useless: password+shared secret is encrypted wrongly, as shown by garbage User-Password received at Freeradius.
This is still the case after fixing the most immediately obvious bugs:
--- check_radius_ih.c.orig 2018-02-15 13:35:01.467142532 +0000
+++ check_radius_ih.c 2018-02-15 13:35:21.572082237 +0000
@@ -38,6 +38,7 @@
#include
#include
#include
+#include ^lt;limits.h>
#include "md5.h"
@@ -254,7 +255,7 @@
void fnInitialize(RADIUS_HEADER *radhead)
{
memset(&global,0,sizeof(GLOBAL));
- memset(radhead,0,sizeof(radhead));
+ memset(radhead,0,sizeof(*radhead));
radhead->rad_attr = NULL;
@@ -558,7 +559,7 @@
}
regfree(®ex);
}
- memset(buffer,MAX_BUFFER,0);
+ memset(buffer,0,MAX_BUFFER);
}
/*
This is still the case after fixing the most immediately obvious bugs:
--- check_radius_ih.c.orig 2018-02-15 13:35:01.467142532 +0000
+++ check_radius_ih.c 2018-02-15 13:35:21.572082237 +0000
@@ -38,6 +38,7 @@
#include
#include
#include
+#include ^lt;limits.h>
#include "md5.h"
@@ -254,7 +255,7 @@
void fnInitialize(RADIUS_HEADER *radhead)
{
memset(&global,0,sizeof(GLOBAL));
- memset(radhead,0,sizeof(radhead));
+ memset(radhead,0,sizeof(*radhead));
radhead->rad_attr = NULL;
@@ -558,7 +559,7 @@
}
regfree(®ex);
}
- memset(buffer,MAX_BUFFER,0);
+ memset(buffer,0,MAX_BUFFER);
}
/*