[RADIATOR] decode_password2(): LF in padding kills password
Mike McCauley
mikem at open.com.au
Tue Jun 16 07:01:07 CDT 2009
Hi Roland,
thanks for reporting this and sending your patch. We have now reverted to the
original code, which is available in the latest patch set.
We apologise for any inconvenience.
Cheers.
On Tuesday 16 June 2009 07:58:49 pm Roland Rosenfeld wrote:
> Hi!
>
> Under very rare conditions I noticed "Bad encrypted password" where
> the password was definitely correct. I did some debugging noticed,
> that this was triggered by a linefeed in the padding of the
> (decrypted) User-Password.
>
> I know, that the padding of the User-Password should be filled with 0,
> but my test client only uses two 0 and junk after this and according
> to the comment in decode_password() Cisco has some similar bug.
>
> With Radiator 3.x the problem doesn't trigger, while 4.1 to 4.4 all
> trigger the problem here. I compared the decode_password() functions
> and noticed that 3.x uses
> my $index = index($pwdout, "\000");
> substr($pwdout, $index) = '' if $index != -1;
> to strip the junk while 4.x uses
> $pwdout =~ s/\0.*//;
> which runs into trouble if $pwout contains a linefeed, because
> everything right to the linefeed is kept instead of removed.
>
> As a quick workaround the attached patch reverts the change, which
> works without problems here.
>
> Tschoeeee
>
> Roland
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, DIAMETER etc. Full source
on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list