MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
I am running some EAP-TLS tests against our AP using
freeradius 0.8.1 as the authentication server.
I ran into a crash running a EAP DoS attack that sent
a EAP TLS packet with flags 'c0' and with no TLS
message length or TLS message data. The tests are
part of qacafe's cdrouter test suite.
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: More Fragments with length included
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 8192 (LWP 19876)]
0x4207c46c in memcpy () from /lib/i686/libc.so.6
(gdb) where
#0 0x4207c46c in memcpy () from /lib/i686/libc.so.6
#1 0x400cbda4 in eaptls_extract (eap_ds=0x4213158c,
status=135226888) at eap_tls.c:474
#2 0x400cb66b in eaptls_authenticate (arg=0x80c32b0,
handler=0x80f6608) at rlm_eap_tls.c:198
#3 0x400c2f30 in eaptype_call (eap_type=13,
action=INITIATE, type_list=0x80b9e30,
handler=0x80f6608)
at eap.c:205
#4 0x400c3063 in eaptype_select (type_list=0x80b9e30,
handler=0x80f6608, conftype=0x80b8060 "tls")
at eap.c:280
#5 0x400c29f8 in eap_authenticate
(instance=0x80c5910, request=0x80f5878) at
rlm_eap.c:200
Frank.
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
