diff options
| author | adrianp <adrianp> | 2005-07-09 17:25:00 +0000 |
|---|---|---|
| committer | adrianp <adrianp> | 2005-07-09 17:25:00 +0000 |
| commit | 4f8fcc79315fb841828b1819bc69293a6ad71e92 (patch) | |
| tree | 9a006e12a5829a0291c02110e7e3889b4ed54596 /net/freeradius/patches | |
| parent | 16ac790dfe63689574d98dfc9a86fdc96408a873 (diff) | |
| download | pkgsrc-4f8fcc79315fb841828b1819bc69293a6ad71e92.tar.gz | |
- Update to freeradius 1.0.4
- The security issues mentioned in this update were incorporated
into patch-ak previously and a security advisory was already
made in regards to this.
> FreeRADIUS 1.0.4 ; Date: 2005/06/11 22:46:52, urgency=medium
>
> * Fix installation problem.
> * Increase a buffer size, so radrelay doesn't truncate values.
> * Updates in the documentation. Patches from Thor Spruyt.
>
> FreeRADIUS 1.0.3 ; Date: 2005/06/03 17:15:11, urgency=high
> Security Fixes
> * Always escape the strings in the SQL module.
> * Check buffer bound when input character needs escaping in
> the SQL module. Bug found by Primoz Bratanic.
>
> Bug fixes
> * Return EAP-Fail in Access-Reject, rather than an empty Access-Reject
> * Don't send Proxy-State from home server in TTLS.
> * Fixes for forking external programs, so the server doesn't
> suddenly stop processing requests, or stop forking programs.
> * radzap now works, but it's command-line options have changed
> completely, and it's a shell script.
> * radwho has updated command-line options, and no longer reads
> Unix "utmp" files.
> * Fix bug in calling checkrad script with NAS port > 9999999
> * Fix long-standing bug when both crypt and pthreads are in use
> * Don't SEGV when rlm_sql gets 'NULL' value from request.
> * Re-arrange code in radrelay to not duplicate accounting packets.
> * In rlm_attr_rewrite, change the value when the attribute type
> is different from string.
Diffstat (limited to 'net/freeradius/patches')
| -rw-r--r-- | net/freeradius/patches/patch-ak | 90 |
1 files changed, 0 insertions, 90 deletions
diff --git a/net/freeradius/patches/patch-ak b/net/freeradius/patches/patch-ak deleted file mode 100644 index f5e80698007..00000000000 --- a/net/freeradius/patches/patch-ak +++ /dev/null @@ -1,90 +0,0 @@ -$NetBSD: patch-ak,v 1.3 2005/05/18 21:58:45 adrianp Exp $ - ---- src/modules/rlm_sql/rlm_sql.c.orig 2004-09-30 15:54:22.000000000 +0100 -+++ src/modules/rlm_sql/rlm_sql.c -@@ -158,6 +158,7 @@ static int rlm_sql_init(void) { - */ - static int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username); - static int generate_sql_clients(SQL_INST *inst); -+static int sql_escape_func(char *out, int outlen, const char *in); - - /* - * sql xlat function. Right now only SELECTs are supported. Only -@@ -184,7 +185,7 @@ static int sql_xlat(void *instance, REQU - /* - * Do an xlat on the provided string (nice recursive operation). - */ -- if (!radius_xlat(querystr, sizeof(querystr), fmt, request, func)) { -+ if (!radius_xlat(querystr, sizeof(querystr), fmt, request, sql_escape_func)) { - radlog(L_ERR, "rlm_sql (%s): xlat failed.", - inst->config->xlat_name); - return 0; -@@ -409,18 +410,18 @@ static int sql_escape_func(char *out, in - - while (in[0]) { - /* -- * Only one byte left. -- */ -- if (outlen <= 1) { -- break; -- } -- -- /* - * Non-printable characters get replaced with their - * mime-encoded equivalents. - */ - if ((in[0] < 32) || - strchr(allowed_chars, *in) == NULL) { -+ /* -+ * Only 3 or less bytes available. -+ */ -+ if (outlen <= 3) { -+ break; -+ } -+ - snprintf(out, outlen, "=%02X", (unsigned char) in[0]); - in++; - out += 3; -@@ -430,7 +431,14 @@ static int sql_escape_func(char *out, in - } - - /* -- * Else it's a nice character. -+ * Only one byte left. -+ */ -+ if (outlen <= 1) { -+ break; -+ } -+ -+ /* -+ * Allowed character. - */ - *out = *in; - out++; -@@ -517,7 +525,7 @@ static int sql_groupcmp(void *instance, - */ - if (sql_set_user(inst, req, sqlusername, 0) < 0) - return 1; -- if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, NULL)){ -+ if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, sql_escape_func)){ - radlog(L_ERR, "rlm_sql (%s): xlat failed.", - inst->config->xlat_name); - /* Remove the username we (maybe) added above */ -@@ -1149,7 +1157,7 @@ static int rlm_sql_checksimul(void *inst - if(sql_set_user(inst, request, sqlusername, 0) <0) - return RLM_MODULE_FAIL; - -- radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, NULL); -+ radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, sql_escape_func); - - /* initialize the sql socket */ - sqlsocket = sql_get_socket(inst); -@@ -1193,7 +1201,7 @@ static int rlm_sql_checksimul(void *inst - return RLM_MODULE_OK; - } - -- radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, NULL); -+ radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func); - if(rlm_sql_select_query(sqlsocket, inst, querystr)) { - radlog(L_ERR, "rlm_sql (%s): sql_checksimul: Database query error", inst->config->xlat_name); - sql_release_socket(inst, sqlsocket); |