[Serdev] radius in ser 0.9.x

Juha Heinanen jh at tutpro.com
Tue Jun 7 07:38:05 UTC 2005


Greger V. Teigre writes:

 > I see. We send a bunch of AVPs in the replies, no crash yet. Do you
 > remember the size of the message needed to overflow the buffer?

i don't remember, but it is unlikely that overflow would happen in
normal replies.  there is a length field in the beginning of each reply
item.  we noticed that sometimes this field had bogus (large) value and
also the remaining of the reply item data was corrupted.  i don't know
why this happened (bug in freeradius, network or memory error, ...).
anyway, radiusclient 0.4.x library doesn't check the length field, but
blindly assumes that it is small enough for the buffer.

-- juha




More information about the Serdev mailing list