freeradius denial of service in authentication flow

Alan DeKok aland at
Thu Feb 13 01:07:46 UTC 2014

Hash: SHA1

Pierre Carrier wrote:
> Some forms of SSHA, including forms that would be validated by servers
> applying standard constraints on the user's password attribute, will
> generate lengths over 64 bytes after hex-decoding.

  Do you have examples of such SSHA passwords?  That would help with
testing.  Right now, it's not clear to me why this happens.  The code
does a number of checks for size of password in the various encodings.

  What, exactly, is going wrong?

> Terrible hotfix quickly packaged to avoid constant crashes here, does
> not address the vulnerability:
> --- freeradius-2.1.10+dfsg.orig/src/modules/rlm_pap/rlm_pap.c
> +++ freeradius-2.1.10+dfsg/src/modules/rlm_pap/rlm_pap.c
> @@ -244,7 +244,7 @@
>  static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
>  {
>   size_t decoded;
> - uint8_t buffer[64];
> + uint8_t buffer[4096];

  The checks in the code rely on sizeof(buffer).  Making "buffer" bigger
prevents small passwords from causing the issue.  But larger ones could
still cause it.

  I'd like to reproduce this, and come up with a definitive fix for the
problem.  I'd need examples of SSHA passwords to be sure.

> On environments where such an issue did not arise previously, a user
> allowed to provide *validated* SSHA values to their LDAP servers can
> easily trigger denial of services, as the freeradius server will crash
> on every authentication attempt.

  That's an issue, but a rare one IMHO.  The user has to exist on the
system.  So this isn't a remote DoS.

  Alan DeKok.
Version: GnuPG v1.4.13 (Darwin)
Comment: Using GnuPG with Mozilla -


More information about the freebsd-bugbusters mailing list