> > Still, the server shouldn't core dump. I completely agree that server should never core dump.
> > The EAP module *should* check for that error condition, log a > complaint error message, and discard the EAP session. If EAP module finds an invalid EAP packet from any of the sub modules like EAP-MD5 then it always sends EAP-FAILURE to the client. So there is no way that Zero length EAP-packets are allowed. Probably, I am overlooking. Currently I am trying to simulate the problem here to fix it. The functions that are framing the EAP packet are eap_compose() & eap_wireformat() in eap.c -Raghu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html