Dear 3APA3A,
--Friday, November 21, 2003, 12:46:01 PM, you wrote to [EMAIL PROTECTED]: 3> http://www.security.nnov.ru/search/document.asp?docid=2578 Either I 3> missed this bug during audit 1,5 years ago or it was introduced 3> later. Ammm... 3 years ago :) time goes fast :)) Probably it's time to do security audit again... revision 1.63 date: 2001/11/29 09:45:00; author: 3APA3A; state: Exp; lines: +51 -7 ! Vendor-Specific attribute check added to rad_receive to avoid memory corruption in case of invalid attribute length inside Vendor-Specific attribute ! dict_vendorcode() call removed from rad_decode(). We do not need it any more. -- ~/ZARAZA ЭНИАКам - по морде! (Лем) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html