Re: BUG #5687: RADIUS Authentication issues

From: Alan T DeKok <aland(at)freeradius(dot)org>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #5687: RADIUS Authentication issues
Date: 2010-10-07 19:29:20
Message-ID: 4CAE1F90.5030804@freeradius.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Magnus Hagander wrote:
> If you can test the complete patch in your environment (particularly
> if you already have a "bad packet injector" that you know creates the
> issue on 9.0), that would be great though.

If you use FreeRADIUS, use "radclient" to send the following text:

User-Name = "bob"
User-Password = "hello"
Raw-Attribute = 0x0501

The last bit is a malformed RADIUS attribute.

>> OK. My only interest there was to ensure that a DoS attack wouldn't
>> result in the log being flooded with "invalid packet" messages.
>
> Uh, how exactly does your patch prevent that?

Hmm.... not so much.

Alan DeKok.

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Dimitri Fontaine 2010-10-07 20:04:28 Re: BUG #5687: RADIUS Authentication issues
Previous Message Magnus Hagander 2010-10-07 19:04:01 Re: BUG #5687: RADIUS Authentication issues