#
77c04f3e |
| 04-Jun-2024 |
Enji Cooper <ngie@FreeBSD.org> |
radlib: fix a memory leak in `is_valid_request`
Call `HMAC_CTX_free` if returning early from `is_valid_request` when processing `Message-Authenticator` tags.
Reported by: Coverity MFC after: 1 week
radlib: fix a memory leak in `is_valid_request`
Call `HMAC_CTX_free` if returning early from `is_valid_request` when processing `Message-Authenticator` tags.
Reported by: Coverity MFC after: 1 week Fixes: 8d5c7813061d ("libradius: Fix input validation bugs") Differential Revision: https://reviews.freebsd.org/D45488
show more ...
|
#
a2f733ab |
| 24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
lib: Automated cleanup of cdefs and other formatting
Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row.
Remov
lib: Automated cleanup of cdefs and other formatting
Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
show more ...
|
#
1d386b48 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c pattern
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
4d846d26 |
| 10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
show more ...
|
#
a901f2af |
| 28-Oct-2021 |
Ed Maste <emaste@FreeBSD.org> |
libradius: fix WITHOUT_OPENSSL build
int alen is used only with SSL.
Reported by: Michael Dexter, Build Option Survey MFC after: 3 days Fixes: 8d5c7813061d ("libradius: Fix input validation bugs")
libradius: fix WITHOUT_OPENSSL build
int alen is used only with SSL.
Reported by: Michael Dexter, Build Option Survey MFC after: 3 days Fixes: 8d5c7813061d ("libradius: Fix input validation bugs") Sponsored by: The FreeBSD Foundation
show more ...
|
#
48b11217 |
| 02-Jun-2021 |
Cy Schubert <cy@FreeBSD.org> |
libradius: fix no SSL build
int alen is only used with SSL.
|
#
6bb5699d |
| 28-May-2021 |
Mark Johnston <markj@FreeBSD.org> |
libradius: Fix attribute length validation in rad_get_attr(3)
The length of the attribute header needs to be excluded when comparing the attribute length against the length of the packet. Otherwise
libradius: Fix attribute length validation in rad_get_attr(3)
The length of the attribute header needs to be excluded when comparing the attribute length against the length of the packet. Otherwise, validation may incorrectly fail when fetching the final attribute in a message.
Fixes: 8d5c78130 ("libradius: Fix input validation bugs") Reported by: Peter Eriksson Tested by: Peter Eriksson MFC after: now Sponsored by: The FreeBSD Foundation
show more ...
|
#
8d5c7813 |
| 25-May-2021 |
Mark Johnston <markj@FreeBSD.org> |
libradius: Fix input validation bugs
Approved by: so Security: FreeBSD-SA-21:12.libradius Security: CVE-2021-29629 MFC after: now Sponsored by: The FreeBSD Foundation
|
#
d449578f |
| 13-Dec-2019 |
Conrad Meyer <cem@FreeBSD.org> |
libradius: Rip out dubious use of srandomdev(3)+random(3)
These functions appear to intend to produce unpredictable results. Just use arc4random.
While here, use an explicit_bzero instead of memse
libradius: Rip out dubious use of srandomdev(3)+random(3)
These functions appear to intend to produce unpredictable results. Just use arc4random.
While here, use an explicit_bzero instead of memset where the intent is clearly to zero out a secret (clear_passphrase).
show more ...
|
#
328bbc11 |
| 19-Sep-2018 |
Jung-uk Kim <jkim@FreeBSD.org> |
Make libradius(3) buildable.
|
#
5e53a4f9 |
| 26-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
lib: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I was using mis-identified many licenses so this was mostly a manual - error pr
lib: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I was using mis-identified many licenses so this was mostly a manual - error prone - task.
The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
show more ...
|
#
c2654dc8 |
| 07-Dec-2012 |
Xin LI <delphij@FreeBSD.org> |
Fix build: reflect the increased field number.
|
#
bf5a1b65 |
| 06-Dec-2012 |
Sergey Matveychuk <sem@FreeBSD.org> |
- Rewrite radius servers traversal algorithm. - Add functions for working with IPv6 attributes.
Approved by: ae
|
#
07d7b74b |
| 20-Dec-2011 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Add binding support to libradius(3).
Submitted by: Sergey Matveychuk <sem33@yandex-team.ru> Approved by: ae (mentor) MFC after: 2 weeks
|
#
21fc30e1 |
| 29-Sep-2009 |
Alexander Motin <mav@FreeBSD.org> |
Fix bug, when RADIUS client gave up after single sendto() error, do not trying backup servers.
PR: kern/103764, misc/139214
|
#
3fc0b61c |
| 11-Sep-2009 |
Alexander Motin <mav@FreeBSD.org> |
Add simple embedded RADIUS server support to libradius, by extending existing API, keeping backward compatibility.
First consumer for this functionality is going to become forthcoming MPD-5.4, suppo
Add simple embedded RADIUS server support to libradius, by extending existing API, keeping backward compatibility.
First consumer for this functionality is going to become forthcoming MPD-5.4, supporting CoA and DR of RFC 3576: Dynamic Authorization Extensions to RADIUS.
MFC after: 1 month
show more ...
|
#
c5384974 |
| 04-Apr-2007 |
Alexander Kabaev <kan@FreeBSD.org> |
Use correct u_int and socklen_t types for parameters if function is expecting them, not int.
|
#
067a9d4c |
| 14-Jun-2004 |
Stefan Farfeleder <stefanf@FreeBSD.org> |
Use %zu to print values with type size_t.
|
#
b4b831ef |
| 27-Apr-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
- Added rad_demangle() for demangling user-passwords (needed for MS-CHAPv1 MPPE-keys). - Added rad_demangle_mppe_key() for demangling mppe-keys (needed for MPPE-keys). - Added some typecasts for
- Added rad_demangle() for demangling user-passwords (needed for MS-CHAPv1 MPPE-keys). - Added rad_demangle_mppe_key() for demangling mppe-keys (needed for MPPE-keys). - Added some typecasts for avoiding compiler warnings. - Fix: better handle wrong usage of the lib (if the programmer has not called rad_create_request() but rad_put_*(), then a weird error message was returned). - Added a new function for putting the Message-Authenticator. - Verify the Message-Authenticator, if it was found inside a response packet and silently drop the packet, if the validation failed. - Implicitly put the Message-Authenticator, if the EAP-Message attribute was added. - Added some missing defines.
Submitted by: Michael Bretterklieber PR: 46555
show more ...
|
#
628e6cd4 |
| 12-Jun-2002 |
Brian Somers <brian@FreeBSD.org> |
Add the following functions:
rad_request_authenticator() Returns the Request-Authenticator relevant to the most recently received RADIUS response.
rad_server_secret() Returns the Sh
Add the following functions:
rad_request_authenticator() Returns the Request-Authenticator relevant to the most recently received RADIUS response.
rad_server_secret() Returns the Shared Secret relevant to the most recently received RADIUS response.
Neither of these functions should be necessary, however, the MS-MPPE-Recv-Key and MS-MPPE-Send-Key Microsoft Vendor Specific attributes are supplied in a mangled (encrypted) format, requiring this information to demangle.
It's not clear whether these functions should be replaced with a rad_demangle() function or whether these attributes are one-offs.
Sponsored by: Monzoon
show more ...
|
#
fc3f62fa |
| 10-May-2002 |
Brian Somers <brian@FreeBSD.org> |
Add rad_get_vendor_attr() for deciphering vendor attributes received from the RADIUS server.
|
#
b49a88f6 |
| 07-May-2002 |
Brian Somers <brian@FreeBSD.org> |
Add support for vendor specific RADIUS extensions.
Only the extensions from rfc2548 are specified for now.
|
#
f8014c09 |
| 30-Sep-2001 |
Matthew Dillon <dillon@FreeBSD.org> |
Add __FBSDID()s to libradius
|
#
62ac643d |
| 08-Nov-2000 |
Eivind Eklund <eivind@FreeBSD.org> |
Fix password clearing bug which prevented challenge/response from working.
Reviewed by: jdp
|
#
c5159910 |
| 29-Aug-2000 |
Andrey A. Chernov <ache@FreeBSD.org> |
strtok -> strsep (no strtok allowed in libraries)
|