freeradius denial of service in authentication flow

[Alan DeKok]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pierre Carrier wrote:
> Some forms of SSHA, including forms that would be validated by servers
> applying standard constraints on the user's password attribute, will
> generate lengths over 64 bytes after hex-decoding.

  Do you have examples of such SSHA passwords?  That would help with
testing.  Right now, it's not clear to me why this happens.  The code
does a number of checks for size of password in the various encodings.

  What, exactly, is going wrong?

> Terrible hotfix quickly packaged to avoid constant crashes here, does
> not address the vulnerability:
> 
> --- freeradius-2.1.10+dfsg.orig/src/modules/rlm_pap/rlm_pap.c
> +++ freeradius-2.1.10+dfsg/src/modules/rlm_pap/rlm_pap.c
> @@ -244,7 +244,7 @@
>  static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
>  {
>   size_t decoded;
> - uint8_t buffer[64];
> + uint8_t buffer[4096];

  The checks in the code rely on sizeof(buffer).  Making "buffer" bigger
prevents small passwords from causing the issue.  But larger ones could
still cause it.

  I'd like to reproduce this, and come up with a definitive fix for the
problem.  I'd need examples of SSHA passwords to be sure.

> On environments where such an issue did not arise previously, a user
> allowed to provide *validated* SSHA values to their LDAP servers can
> easily trigger denial of services, as the freeradius server will crash
> on every authentication attempt.

  That's an issue, but a rare one IMHO.  The user has to exist on the
system.  So this isn't a remote DoS.

  Alan DeKok.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQCVAwUBUvwZFqkul4vkAkl9AQJohgQAmAw3IbPAuA0DprpviCPiOMtJ+DTQZ8i8
FrBlXOIoAYU2f7Li4M8PSDizvrGaKIoXtwoMbLiJKfTWobWroOu8Ew1Yu+rKDbQG
4dMT7KoOaEky79A4kNGsbjAObny7G5+ckxaVxfNE+r2DyrWHyOPfqbKtb/PO0NrC
JVyo0LHuFP4=
=q9tL
-----END PGP SIGNATURE-----