#
369896 |
|
28-May-2021 |
markj |
libradius: Fix attribute length validation in rad_get_attr(3)
The length of the attribute header needs to be excluded when comparing the attribute length against the length of the packet. Otherwise, validation may incorrectly fail when fetching the final attribute in a message.
Fixes: 8d5c78130 ("libradius: Fix input validation bugs") Reported by: Peter Eriksson Tested by: Peter Eriksson Sponsored by: The FreeBSD Foundation
(cherry picked from commit 6bb5699d2b59491097bc21ffa3c097cdd4853f89)
Git Hash: dbb3df26a8a3e1343b42844a6a6e3e9adf49ca8c Git Author: markj@FreeBSD.org
|
#
369866 |
|
26-May-2021 |
markj |
libradius: Fix input validation bugs
Approved by: so Security: FreeBSD-SA-21:12.libradius Security: CVE-2021-29629 Sponsored by: The FreeBSD Foundation
(cherry picked from commit 8d5c7813061dfa0b187500dfe3aeea7a28181c13)
Git Hash: 5e90dfc54f864651fd98087c6e1f1cbce203b20c Git Author: markj@FreeBSD.org
|
#
331722 |
|
29-Mar-2018 |
eadler |
Revert r330897:
This was intended to be a non-functional change. It wasn't. The commit message was thus wrong. In addition it broke arm, and merged crypto related code.
Revert with prejudice.
This revert skips files touched in r316370 since that commit was since MFCed. This revert also skips files that require $FreeBSD$ property changes.
Thank you to those who helped me get out of this mess including but not limited to gonzo, kevans, rgrimes.
Requested by: gjb (re)
|
#
330897 |
|
14-Mar-2018 |
eadler |
Partial merge of the SPDX changes
These changes are incomplete but are making it difficult to determine what other changes can/should be merged.
No objections from: pfg
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
243964 |
|
06-Dec-2012 |
delphij |
Fix build: reflect the increased field number.
|
#
243956 |
|
06-Dec-2012 |
sem |
- Rewrite radius servers traversal algorithm. - Add functions for working with IPv6 attributes.
Approved by: ae
|
#
228730 |
|
20-Dec-2011 |
melifaro |
Add binding support to libradius(3).
Submitted by: Sergey Matveychuk <sem33@yandex-team.ru> Approved by: ae (mentor) MFC after: 2 weeks
|
#
197621 |
|
29-Sep-2009 |
mav |
Fix bug, when RADIUS client gave up after single sendto() error, do not trying backup servers.
PR: kern/103764, misc/139214
|
#
197086 |
|
11-Sep-2009 |
mav |
Add simple embedded RADIUS server support to libradius, by extending existing API, keeping backward compatibility.
First consumer for this functionality is going to become forthcoming MPD-5.4, supporting CoA and DR of RFC 3576: Dynamic Authorization Extensions to RADIUS.
MFC after: 1 month
|
#
168341 |
|
04-Apr-2007 |
kan |
Use correct u_int and socklen_t types for parameters if function is expecting them, not int.
|
#
130490 |
|
14-Jun-2004 |
stefanf |
Use %zu to print values with type size_t.
|
#
128684 |
|
27-Apr-2004 |
ru |
- Added rad_demangle() for demangling user-passwords (needed for MS-CHAPv1 MPPE-keys). - Added rad_demangle_mppe_key() for demangling mppe-keys (needed for MPPE-keys). - Added some typecasts for avoiding compiler warnings. - Fix: better handle wrong usage of the lib (if the programmer has not called rad_create_request() but rad_put_*(), then a weird error message was returned). - Added a new function for putting the Message-Authenticator. - Verify the Message-Authenticator, if it was found inside a response packet and silently drop the packet, if the validation failed. - Implicitly put the Message-Authenticator, if the EAP-Message attribute was added. - Added some missing defines.
Submitted by: Michael Bretterklieber PR: 46555
|
#
98131 |
|
11-Jun-2002 |
brian |
Add the following functions:
rad_request_authenticator() Returns the Request-Authenticator relevant to the most recently received RADIUS response.
rad_server_secret() Returns the Shared Secret relevant to the most recently received RADIUS response.
Neither of these functions should be necessary, however, the MS-MPPE-Recv-Key and MS-MPPE-Send-Key Microsoft Vendor Specific attributes are supplied in a mangled (encrypted) format, requiring this information to demangle.
It's not clear whether these functions should be replaced with a rad_demangle() function or whether these attributes are one-offs.
Sponsored by: Monzoon
|
#
96322 |
|
10-May-2002 |
brian |
Add rad_get_vendor_attr() for deciphering vendor attributes received from the RADIUS server.
|
#
96154 |
|
07-May-2002 |
brian |
Add support for vendor specific RADIUS extensions.
Only the extensions from rfc2548 are specified for now.
|
#
84219 |
|
30-Sep-2001 |
dillon |
Add __FBSDID()s to libradius
|
#
68499 |
|
08-Nov-2000 |
eivind |
Fix password clearing bug which prevented challenge/response from working.
Reviewed by: jdp
|
#
65222 |
|
29-Aug-2000 |
ache |
strtok -> strsep (no strtok allowed in libraries)
|
#
52709 |
|
31-Oct-1999 |
jdp |
Add support for RADIUS accounting. Note, this changes the format of the /etc/radius.conf file. But the code contains hacks for backward compatibility, so old files will continue to work.
I updated the man pages and made a couple of minor changes, but everything else was submitted by Oleg.
PR: misc/14284 Submitted by: Oleg Semyonov <os@altavista.net>
|
#
43662 |
|
05-Feb-1999 |
brian |
Allow an alternate to rad_send_request() for programs that don't wish to wait for the RADIUS server to respond. Reviewed by: jdp
|
#
43400 |
|
29-Jan-1999 |
brian |
Install -C radlib.h
Don't insist that RAD_USER_PASSWORD is supplied before calling rad_send_request(). Instead, insist on only one of RAD_USER_PASSWORD and RAD_CHAP_PASSWORD.
Sponsored by: Internet Business Solutions Ltd., Switzerland
|
#
41119 |
|
12-Nov-1998 |
jdp |
This commit was generated by cvs2svn to compensate for changes in r41118, which included commits to RCS files with non-trunk default branches.
|
#
41118 |
|
12-Nov-1998 |
jdp |
Initial import of RADIUS client library donated by Juniper Networks, Inc.
|