MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii
I am running some EAP-TLS tests against our AP using freeradius 0.8.1 as the authentication server. I ran into a crash running a EAP DoS attack that sent a EAP TLS packet with flags 'c0' and with no TLS message length or TLS message data. The tests are part of qacafe's cdrouter test suite. modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: More Fragments with length included Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 8192 (LWP 19876)] 0x4207c46c in memcpy () from /lib/i686/libc.so.6 (gdb) where #0 0x4207c46c in memcpy () from /lib/i686/libc.so.6 #1 0x400cbda4 in eaptls_extract (eap_ds=0x4213158c, status=135226888) at eap_tls.c:474 #2 0x400cb66b in eaptls_authenticate (arg=0x80c32b0, handler=0x80f6608) at rlm_eap_tls.c:198 #3 0x400c2f30 in eaptype_call (eap_type=13, action=INITIATE, type_list=0x80b9e30, handler=0x80f6608) at eap.c:205 #4 0x400c3063 in eaptype_select (type_list=0x80b9e30, handler=0x80f6608, conftype=0x80b8060 "tls") at eap.c:280 #5 0x400c29f8 in eap_authenticate (instance=0x80c5910, request=0x80f5878) at rlm_eap.c:200 Frank. __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - File online, calculators, forms, and more http://tax.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html