From noreply at github.com Wed May 26 22:39:12 2021 From: noreply at github.com (Lucas Holt) Date: Wed, 26 May 2021 19:39:12 -0700 Subject: [Midnightbsd-cvs] [MidnightBSD/src] f26e9a: libradius did not perform sufficient validation of... Message-ID: Branch: refs/heads/master Home: https://github.com/MidnightBSD/src Commit: f26e9a9583ebc45190b8fb8c2742ce1272461dc1 https://github.com/MidnightBSD/src/commit/f26e9a9583ebc45190b8fb8c2742ce1272461dc1 Author: Lucas Holt Date: 2021-05-26 (Wed, 26 May 2021) Changed paths: M lib/libradius/radlib.c Log Message: ----------- libradius did not perform sufficient validation of received messages. rad_get_attr(3) did not verify that the attribute length is valid before subtracting the length of the Type and Length fields. As a result, it could return success while also providing a bogus length of SIZE_T_MAX - 2 for the Value field. When processing attributes to find an optional authenticator, is_valid_response() failed to verify that each attribute length is non-zero and could thus enter an infinite loop. Obtained from: FreeBSD Commit: 9958a73aecaac09241845b8aac5933698dd952dd https://github.com/MidnightBSD/src/commit/9958a73aecaac09241845b8aac5933698dd952dd Author: Lucas Holt Date: 2021-05-26 (Wed, 26 May 2021) Changed paths: M FUNDING.yml M usr.bin/clang/lldb-tblgen/Makefile M usr.bin/perl/BSDmakefile Log Message: ----------- Merge branch 'master' of github.com:MidnightBSD/src Compare: https://github.com/MidnightBSD/src/compare/a1ff773fa20d...9958a73aecaa From noreply at github.com Wed May 26 22:40:54 2021 From: noreply at github.com (Lucas Holt) Date: Wed, 26 May 2021 19:40:54 -0700 Subject: [Midnightbsd-cvs] [MidnightBSD/src] 3ca6cf: libradius did not perform sufficient validation of... Message-ID: Branch: refs/heads/stable/2.0 Home: https://github.com/MidnightBSD/src Commit: 3ca6cf2475add3bd123eb5affa9185402ed50efc https://github.com/MidnightBSD/src/commit/3ca6cf2475add3bd123eb5affa9185402ed50efc Author: Lucas Holt Date: 2021-05-26 (Wed, 26 May 2021) Changed paths: M lib/libradius/radlib.c Log Message: ----------- libradius did not perform sufficient validation of received messages. rad_get_attr(3) did not verify that the attribute length is valid before subtracting the length of the Type and Length fields. As a result, it could return success while also providing a bogus length of SIZE_T_MAX - 2 for the Value field. When processing attributes to find an optional authenticator, is_valid_response() failed to verify that each attribute length is non-zero and could thus enter an infinite loop. Obtained from: FreeBSD From noreply at github.com Thu May 27 10:05:45 2021 From: noreply at github.com (Lucas Holt) Date: Thu, 27 May 2021 07:05:45 -0700 Subject: [Midnightbsd-cvs] [MidnightBSD/src] 3c1b5f: update MidnightBSD version to 2.0.8 Message-ID: Branch: refs/heads/stable/2.0 Home: https://github.com/MidnightBSD/src Commit: 3c1b5f8b8d3a999ac460867d6c97ea92587ec69b https://github.com/MidnightBSD/src/commit/3c1b5f8b8d3a999ac460867d6c97ea92587ec69b Author: Lucas Holt Date: 2021-05-27 (Thu, 27 May 2021) Changed paths: M sys/conf/newvers.sh Log Message: ----------- update MidnightBSD version to 2.0.8 From noreply at github.com Thu May 27 10:50:40 2021 From: noreply at github.com (Lucas Holt) Date: Thu, 27 May 2021 07:50:40 -0700 Subject: [Midnightbsd-cvs] [MidnightBSD/src] a46a66: Update UPDATING Message-ID: Branch: refs/heads/stable/2.0 Home: https://github.com/MidnightBSD/src Commit: a46a66d44896a8582f5727f43b8a6b109faecd06 https://github.com/MidnightBSD/src/commit/a46a66d44896a8582f5727f43b8a6b109faecd06 Author: Lucas Holt Date: 2021-05-27 (Thu, 27 May 2021) Changed paths: M UPDATING Log Message: ----------- Update UPDATING From noreply at github.com Thu May 27 10:51:38 2021 From: noreply at github.com (Lucas Holt) Date: Thu, 27 May 2021 07:51:38 -0700 Subject: [Midnightbsd-cvs] [MidnightBSD/src] Message-ID: Branch: refs/tags/2.0.8 Home: https://github.com/MidnightBSD/src