Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
Directory
tguthmann
bytguthmann, September 8, 2010
Hi,
Just a comment to say this plugin is great and easier to use than check_radius. However, we found a bug which happen once in a while (~1% of the time). The hash is empty. Indeed hash=0000000000000000. Why I really don't known...
After adding more debug, I found the bug in this loop of fnGeneratePasswordHash:
/* as long as the cipher block is valid, concatenate it onto our hash
* password
*/
(while ((x rors by doing that. So if someone, smarter than me can fix this with more elegance. Feel free. In the mean time, applying the following patch assure that over 100k tests in a row, you don't have any errors like we had before.
Thomas
----snip----snip-----
--- check_radius_adv.c.ORI 2010-09-09 18:09:55.258325002 +1000
+++ check_radius_adv.c 2010-09-09 18:13:17.435608325 +1000
@@ -580,7 +580,7 @@
int fnGeneratePasswordHash(RADIUS_HEADER *radhead)
{
- unsigned char b[8][16], p[8][16], c[8][16];
+ unsigned char b[8][16], p[8][16], c[8][16], hash[128];
unsigned char ssra[49];
int currlen = 0, pwlen = global.password.pw_clear[0], bpos = 0, ppos = 0, cpos = 0, x, sslen;
@@ -588,6 +588,7 @@
memset(b,0,128);
memset(p,0,128);
memset(c,0,128);
+ memset(hash,0,128);
memset(ssra,0,49);
sslen = global.sharedsecret[0];
@@ -631,8 +632,10 @@
/* from 0 to 16, XOR the clear text password with the hashed
* md5 output
*/
- for (x = 0; x
Just a comment to say this plugin is great and easier to use than check_radius. However, we found a bug which happen once in a while (~1% of the time). The hash is empty. Indeed hash=0000000000000000. Why I really don't known...
After adding more debug, I found the bug in this loop of fnGeneratePasswordHash:
/* as long as the cipher block is valid, concatenate it onto our hash
* password
*/
(while ((x rors by doing that. So if someone, smarter than me can fix this with more elegance. Feel free. In the mean time, applying the following patch assure that over 100k tests in a row, you don't have any errors like we had before.
Thomas
----snip----snip-----
--- check_radius_adv.c.ORI 2010-09-09 18:09:55.258325002 +1000
+++ check_radius_adv.c 2010-09-09 18:13:17.435608325 +1000
@@ -580,7 +580,7 @@
int fnGeneratePasswordHash(RADIUS_HEADER *radhead)
{
- unsigned char b[8][16], p[8][16], c[8][16];
+ unsigned char b[8][16], p[8][16], c[8][16], hash[128];
unsigned char ssra[49];
int currlen = 0, pwlen = global.password.pw_clear[0], bpos = 0, ppos = 0, cpos = 0, x, sslen;
@@ -588,6 +588,7 @@
memset(b,0,128);
memset(p,0,128);
memset(c,0,128);
+ memset(hash,0,128);
memset(ssra,0,49);
sslen = global.sharedsecret[0];
@@ -631,8 +632,10 @@
/* from 0 to 16, XOR the clear text password with the hashed
* md5 output
*/
- for (x = 0; x