Date: Thu, 1 Dec 2005 17:05:28 GMT From: Francis Dupont <Francis.Dupont@enst-bretagne.fr> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/89808: malformed Framed-IPv6-Prefix crashes PPP Message-ID: <200512011705.jB1H5S8S019997@www.freebsd.org> Resent-Message-ID: <200512011710.jB1HA2NA050144@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 89808 >Category: bin >Synopsis: malformed Framed-IPv6-Prefix crashes PPP >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Dec 01 17:10:02 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Francis Dupont >Release: FreeBSD 5.4 >Organization: Point6 c/o GET/ENST Bretagne >Environment: FreeBSD orion.ipv6.rennes.enst-bretagne.fr 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Thu Sep 1 16:00:11 CEST 2005 dupont@orion.ipv6.rennes.enst-bretagne.fr:/usr/src/kame/freebsd5/sys/i386/compile/ORION i386 >Description: When PPP (/usr/sbin/ppp) receives a mal formed Framed-IPv6-Prefix in a RADIUS accept message the rad_cvt_ipv6prefix() function returns a NULL which is not tested. >How-To-Repeat: Configure a RADIUS server with a bogus Framed-IPv6-Prefix (BTW freeradius doesn't check this so it can trigger the issue. >Fix: In /usr/src/usr.sbin/ppp/radius.c please check the return value from rad_cvt_ipv6prefix()! >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512011705.jB1H5S8S019997>