[Serdev] radius in ser 0.9.x

Juha Heinanen jh at tutpro.com
Tue Jun 7 06:09:18 UTC 2005


Greger V. Teigre writes:

 > I can report that we have been running 0.9.x with radiusclient 0.4.3 about 
 > six months on a test platform with pilot users.  We have discovered
 > no bugs, but I guess we have been lucky or just don't do what trigger
 > the bugs?! 

if you get from radius a longer than normal reply, there is at least two
places in 0.4.3 code that will crash ser.  the code simply assumes that
the reply will fit into a too small buffer and overwrites it.  i found
this when for some reason, some replies from radius got corrupted.

-- juha




More information about the Serdev mailing list