String overflow problem?

John W. Temples (john@kuwait.net)
Wed, 9 Oct 1996 11:48:29 +0300 ()

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Joel Peter Anderson: "NAS-Ports with Merit."
Previous message: MegaZone: "ascend mod of radius (fwd)"
Next in thread: Dale E. Reed Jr.: "Re: String overflow problem?"

I was trying to track down a radiusd core dump which appeared to be
triggered by accounting stop packets containing a username with a large
number of blanks at the end. I found this in radius.h:

#define AUTH_STRING_LEN 128 /* maximum of 254 */

As I read the RADIUS draft, an attribute string can be up to 253 bytes
(not 254); in any event, why is the code using a 128 byte buffer which
gets memcpy'd to without a bounds check? Does ComOS have a 127 byte
limitation in the length of an attribute value?

--
John W. Temples, III       ||       Providing the first public access Internet
Gulfnet Kuwait             ||            site in the Arabian Gulf region

Next message: Joel Peter Anderson: "NAS-Ports with Merit."
Previous message: MegaZone: "ascend mod of radius (fwd)"
Next in thread: Dale E. Reed Jr.: "Re: String overflow problem?"