Re: String overflow problem?
Grant McKechnie (gme@rpdata.com.au)
Thu, 10 Oct 1996 13:55:34 +0000
I Know thisis not the topic bu thow did you get to put your home page
link at the bottom of the screen. I work for an ISP and think it
could be a good tool.
www.rpdata.net.au
> John W. Temples wrote:
> >
> > I was trying to track down a radiusd core dump which appeared to be
> > triggered by accounting stop packets containing a username with a large
> > number of blanks at the end. I found this in radius.h:
> >
> > #define AUTH_STRING_LEN 128 /* maximum of 254 */
> >
> > As I read the RADIUS draft, an attribute string can be up to 253 bytes
> > (not 254); in any event, why is the code using a 128 byte buffer which
> > gets memcpy'd to without a bounds check? Does ComOS have a 127 byte
> > limitation in the length of an attribute value?
>
> There is also an interesting issue with the AuthInfo.secret length
> which is only 16 characters. Ih the routine where the secret is
> checked,
> the buffer string is 128 characters. It then does a strcpy from that
> to the authinfo.secret, which is 16 chars. When I finished the ODBC
> read in routines, I didn't catch that and every auth was trashing the
> authinfo when structure and overwriting portions of the structure
> causing
> random crashing.
>
> --
> Dale E. Reed Jr. (daler@iea.com)
> _____________________________________________________________________
> Internet Engineering Associates | RadiusNT, Emerald, and NT FAQs
> Internet Solutions for Today | http://www.emerald.iea.com
>
>
******************************************************************
* *
* Grant McKechnie | Systems Administrator *
* RP Data Pty Ltd *
* +61 2 98938255 *
* gme@rpdata.net.au *
* grant@rpdata.net.au *
* *
******************************************************************