[Midnightbsd-cvs] [MidnightBSD/src] f26e9a: libradius did not perform sufficient validation of...
Lucas Holt
noreply at github.com
Wed May 26 22:39:12 EDT 2021
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: f26e9a9583ebc45190b8fb8c2742ce1272461dc1
https://github.com/MidnightBSD/src/commit/f26e9a9583ebc45190b8fb8c2742ce1272461dc1
Author: Lucas Holt <luke at foolishgames.com>
Date: 2021-05-26 (Wed, 26 May 2021)
Changed paths:
M lib/libradius/radlib.c
Log Message:
-----------
libradius did not perform sufficient validation of received messages.
rad_get_attr(3) did not verify that the attribute length is valid before
subtracting the length of the Type and Length fields. As a result, it
could return success while also providing a bogus length of SIZE_T_MAX -
2 for the Value field.
When processing attributes to find an optional authenticator,
is_valid_response() failed to verify that each attribute length is
non-zero and could thus enter an infinite loop.
Obtained from: FreeBSD
Commit: 9958a73aecaac09241845b8aac5933698dd952dd
https://github.com/MidnightBSD/src/commit/9958a73aecaac09241845b8aac5933698dd952dd
Author: Lucas Holt <luke at foolishgames.com>
Date: 2021-05-26 (Wed, 26 May 2021)
Changed paths:
M FUNDING.yml
M usr.bin/clang/lldb-tblgen/Makefile
M usr.bin/perl/BSDmakefile
Log Message:
-----------
Merge branch 'master' of github.com:MidnightBSD/src
Compare: https://github.com/MidnightBSD/src/compare/a1ff773fa20d...9958a73aecaa
More information about the Midnightbsd-cvs
mailing list