Multiple bugs in 1.7.3
Status: Beta
Brought to you by:
xebd
1. Wrong pointer is passed to rad_packet_find_attr in accel-pppd/radius/dm_coa.c:coa_request.
2. Server may crash due to NULL pointer dereference if all RADIUS servers are down. This happens in accel-pppd/radius/acct.c:rad_acct_interim_update after __rad_req_send, as it may internally fire EV_PPP_FINISHING, thus calling rad_acct_stop, which frees rpd->acct_req.
3. On little-endian machines an incorrect LCP Magic-Number is logged when sending LCP echo replies (accel-pppd/ppp/ppp_lcp.c:send_echo_reply). This is purely a cosmetic defect.
Three patches are attached.
Thanks.
Pass proper pointer to rad_packet_find_attr
Ahem. My bad, only one patch got uploaded and SF does not allow me to add attachments anymore.
I've uploaded them at http://rghost.ru/42511158
Sorry for the inconvenience.
Do not segfault on RADIUS failures during interim
Proper logging of LCP Magic-Numbers
Applied, thanks.
Sorry for being persistent, but as you had reverted one commit, it seems that the patch that replaced rpd->dm_coa_req with rpd->dm_coa_req->pack was wrong for some reason. However, I don't get how it works, as you're passing a struct rad_dm_coa_req_t * in place of struct rad_packet_t*.
Could you explain it a bit, please?
Thanks.
struct radius_pd_t
{
...
struct rad_packet_t *dm_coa_req;
...
};
there is no struct rad_dm_coa_req_t *
it is struct rad_packet_t*.