[Serdev] radius in ser 0.9.x
Juha Heinanen
jh at tutpro.com
Tue Jun 7 07:38:05 UTC 2005
Greger V. Teigre writes:
> I see. We send a bunch of AVPs in the replies, no crash yet. Do you
> remember the size of the message needed to overflow the buffer?
i don't remember, but it is unlikely that overflow would happen in
normal replies. there is a length field in the beginning of each reply
item. we noticed that sometimes this field had bogus (large) value and
also the remaining of the reply item data was corrupted. i don't know
why this happened (bug in freeradius, network or memory error, ...).
anyway, radiusclient 0.4.x library doesn't check the length field, but
blindly assumes that it is small enough for the buffer.
-- juha
More information about the Serdev
mailing list