--- radiusd-livingston-2.1.orig/README.security.patch +++ radiusd-livingston-2.1/README.security.patch @@ -0,0 +1,27 @@ + +5th July 2001 +Horms (Simon Horman) , +VA Linux Systems, Pty., Ltd. + +Mark Dowd + +This package includes patches in response to a vulnerability published by +Internet Security Systems, Inc. (http://www.iss.net) on the 5th July 2001, +relating to buffer overflows. + +This patch addresses immediate risks raised by this vulnerability and +is intended as a minimal set of changes to secure systems. + +This patch and a more comprehensive patch is available from: + +ftp://ftp.vergenet.net/pub/lucent_radius/ + + +This patch has been prepared with the assistance of: + +Wichert Akkerman , +VA Linux Systems, BV + +Andrew Tridgell , +VA Linux Systems, Pty., Ltd. + --- radiusd-livingston-2.1.orig/raddb/dictionary +++ radiusd-livingston-2.1/raddb/dictionary @@ -144,6 +144,10 @@ ATTRIBUTE NAS-Port-Id 87 string ATTRIBUTE Framed-Pool 88 string +ATTRIBUTE Tunnel-Client-Auth-ID 90 string +ATTRIBUTE Tunnel-Server-Auth-ID 91 string + + # # Integer Translations # @@ -396,3 +400,10 @@ VALUE Server-Config Password-Warning 5 +# Local extensions + +ATTRIBUTE Anonymous-Caller 2000 integer + +VALUE Anonymous-Caller no 0 +VALUE Anonymous-Caller yes 1 + --- radiusd-livingston-2.1.orig/src/acct.c +++ radiusd-livingston-2.1/src/acct.c @@ -65,6 +65,7 @@ #include #include #include +#include #include "radius.h" @@ -106,7 +107,7 @@ int recfrom(); int retsig; int result; - size_t salen; + socklen_t salen; struct sockaddr_in *sin; u_short port; time_t time(); @@ -119,7 +120,8 @@ sin = (struct sockaddr_in *) & rad_saremote; result = recvfrom (fd, (char *) recv_buffer, (int) sizeof(recv_buffer), - (int) 0, (struct sockaddr *)&rad_saremote, &salen); + (int) 0, (struct sockaddr *)&rad_saremote, + &salen); if (result < AUTH_HDR_LEN) { log_err("accounting: runt packet of %d bytes\n",result); --- radiusd-livingston-2.1.orig/src/builddbm.c +++ radiusd-livingston-2.1/src/builddbm.c @@ -61,12 +61,18 @@ #include #include #include +#include #include "radius.h" #if defined(NDBM) -# include # include +# if defined(BERKELEY_DB) +# define DB_DBM_HSEARCH 1 +# include +# else +# include +# endif #else /* not NDBM */ # include #endif /* NDBM */ @@ -190,14 +196,14 @@ errno = 0; if (chdir(radius_dir) < 0) { - fprintf(stderr, "%s: unable to change to directory %s - %s\n",progname,radius_dir,sys_errlist[errno]); + fprintf(stderr, "%s: unable to change to directory %s - %s\n",progname,radius_dir,strerror(errno)); exit(-1); } #ifdef NDBM errno = 0; if((db = dbm_open("users", O_RDWR | O_CREAT | O_TRUNC, 0600)) == (DBM *)NULL) { - fprintf(stderr, "%s: dbm_open failed - %s\n", progname, sys_errlist[errno]); + fprintf(stderr, "%s: dbm_open failed - %s\n", progname, strerror(errno)); exit(-1); } @@ -205,21 +211,21 @@ errno = 0; if((fd = open("users.pag", O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) { - fprintf(stderr,"%s: Couldn't open users.pag for writing - %s\n",progname,sys_errlist[errno]); + fprintf(stderr,"%s: Couldn't open users.pag for writing - %s\n",progname,strerror(errno)); exit(-1); } close(fd); errno = 0; if((fd = open("users.dir", O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) { - fprintf(stderr,"%s: Couldn't open users.dir for writing - %s\n",progname,sys_errlist[errno]); + fprintf(stderr,"%s: Couldn't open users.dir for writing - %s\n",progname,strerror(errno)); exit(-1); } close(fd); errno = 0; if(dbminit("users") != 0) { - fprintf(stderr, "%s: dbminit failed - %s\n",progname, sys_errlist[errno]); + fprintf(stderr, "%s: dbminit failed - %s\n",progname, strerror(errno)); exit(-1); } --- radiusd-livingston-2.1.orig/src/dbmkeys.c +++ radiusd-livingston-2.1/src/dbmkeys.c @@ -51,19 +51,25 @@ #include #include +#include +#include #include "radius.h" #ifdef NDBM -# include +# ifdef BERKELEY_DB +# define DB_DBM_HSEARCH 1 +# include +# else +# include +# endif #else /* not NDBM */ # include #endif /* not NDBM */ extern int errno; -extern char *sys_errlist[]; -main(argc, argv) +int main(argc, argv) int argc; char * argv[]; { @@ -80,7 +86,7 @@ #endif /* not NDBM */ { printf("Couldn't open DBM file error<%s>\n", - sys_errlist[errno]); + strerror(errno)); exit(errno); } --- radiusd-livingston-2.1.orig/src/dbmrec.c +++ radiusd-livingston-2.1/src/dbmrec.c @@ -51,11 +51,18 @@ #include #include +#include +#include #include "radius.h" #ifdef NDBM -# include +# ifdef BERKELEY_DB +# define DB_DBM_HSEARCH 1 +# include +# else +# include +# endif #else /* not NDBM */ # include #endif /* NDBM */ @@ -70,7 +77,6 @@ int debug_mem = 0; extern int errno; -extern char * sys_errlist[]; int main(argc, argv) @@ -113,7 +119,7 @@ #endif /* NDBM */ { printf("Couldn't open DBM file error<%s>\n", - sys_errlist[errno]); + strerror(errno)); exit(errno); } --- radiusd-livingston-2.1.orig/src/dict.c +++ radiusd-livingston-2.1/src/dict.c @@ -52,6 +52,7 @@ #include #include #include +#include #include "radius.h" --- radiusd-livingston-2.1.orig/src/log.c +++ radiusd-livingston-2.1/src/log.c @@ -98,6 +98,24 @@ /************************************************************************* * + * Function: log_info + * + * Purpose: Log the debug message + * + *************************************************************************/ + +void +log_info(char * fmt, ...) +{ + va_list args; + + va_start(args, fmt); + log_msg(LOG_INFO, fmt, args); + va_end(args); +} + +/************************************************************************* + * * Function: log_msg * * Purpose: Log the priority message @@ -145,8 +163,8 @@ */ openlog("radius", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH); #ifdef VSYSLOG - vsprintf(buffer, fmt, args); - syslog(priority, buffer); + vsnprintf(buffer, sizeof(buffer), fmt, args); + syslog(priority, "%s", buffer); #else /* not VSYSLOG */ vsyslog(priority, fmt, args); #endif /* not VSYSLOG */ @@ -154,3 +172,5 @@ } return; } + + --- radiusd-livingston-2.1.orig/src/md5test.c +++ radiusd-livingston-2.1/src/md5test.c @@ -67,7 +67,11 @@ #include #include +#include +void md5_calc(void *, void *, unsigned int); + +int main(argc,argv) int argc; char **argv; @@ -76,13 +80,12 @@ int h; int i,n = 0,len; - *argv++; while (scanf("%2x",&h) != EOF) { buf[n++] = h & 0xff; } - printf("%d %s\n",n,*argv); + printf("%d %s\n",n,argv[1]); len=strlen(*argv); - memcpy(&buf[n],*argv,len); + memcpy(&buf[n],argv[1],len); md5_calc(pw_digest, buf, n+len); for (i=0;i #include #include +#include #include "radius.h" @@ -72,6 +73,47 @@ extern char *radacct_dir; extern char *progname; +/************************************************************************* + * + * Function: validfilename + * + * Purpose: Check to make sure a filename is valid + * I.e. weed out nasties + * + *************************************************************************/ + +/* Valid characters in a filename */ +static char *validfilname_chars = +"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz01234567890#-+ \t/"; + +int +validfilename(filename) +char *filename; +{ + /* Not a valid filename if it is NULL or zero length */ + if(filename==NULL || *filename=='\0'){ + return(0); + } + + /* Check each character in the filename to make sure + * it is valid as per validfilname_chars + */ + while(*filename!='\0'){ + if(strchr(validfilname_chars, *filename)==NULL){ + return(0); + } + filename++; + } + + /* Not a filename if it ends with a '/' */ + if(*filename=='/'){ + return(0); + } + + return(1); +} + + void process_menu(authreq, activefd, pw_digest) AUTH_REQ *authreq; @@ -84,10 +126,10 @@ VALUE_PAIR *get_attribute(); VALUE_PAIR *menu_pairs(); VALUE_PAIR *pairalloc(); - char menu_name[128]; + char menu_name[256]; char menu_input[32]; int i; - char state_value[128]; + char state_value[256]; void send_accept(); void send_reject(); void pairfree(); @@ -96,7 +138,8 @@ if((attr = get_attribute(authreq->request, PW_STATE)) != (VALUE_PAIR *)NULL && strncmp(attr->strvalue, "MENU=", 5) == 0){ - strcpy(menu_name, &attr->strvalue[5]); + strncpy(menu_name, &attr->strvalue[5], sizeof(menu_name)-1); + menu_name[sizeof(menu_name)-1] = '\0'; /* The menu input is in the Password Field */ attr = get_attribute(authreq->request, PW_PASSWORD); @@ -121,7 +164,8 @@ (VALUE_PAIR *)NULL) { /* Change this to a menu state */ - sprintf(state_value, "MENU=%s", term_attr->strvalue); + snprintf(state_value, sizeof(state_value), "MENU=%s", + term_attr->strvalue); term_attr->attribute = PW_STATE; strcpy(term_attr->strvalue, state_value); strcpy(term_attr->name, "Challenge-State"); @@ -168,7 +212,8 @@ int len; sprintf(menu_buffer, "%s/menus/%s", radius_dir, menu_name); - if((fd = fopen(menu_buffer, "r")) == (FILE *)NULL) { + if(!validfilename(menu_buffer) || + (fd = fopen(menu_buffer, "r")) == (FILE *)NULL) { return("\r\n*** User Menu is Not Available ***\r\n"); } @@ -176,7 +221,7 @@ nread = 0; ptr = menu_buffer; *ptr = '\0'; - while(fgets(ptr, 4096 - nread, fd) != NULL && nread < 4096) { + while(fgets(ptr, 4096 - nread - 4, fd) != NULL && nread < 4096) { if(mode == 0) { if(strncmp(ptr, "menu", 4) == 0) { @@ -221,14 +266,16 @@ int fclose(); sprintf(buffer, "%s/menus/%s", radius_dir, menu_name); - if((fd = fopen(buffer, "r")) == (FILE *)NULL) { + if(!validfilename(buffer) || + (fd = fopen(buffer, "r")) == (FILE *)NULL) { return((VALUE_PAIR *)NULL); } /* Skip past the menu */ mode = 0; nread = 0; - while(fgets(buffer, sizeof(buffer), fd) != NULL) { + while(fgets(buffer, sizeof(buffer) - 1, fd) != NULL) { + buffer[sizeof(buffer)-1]='\0'; if(mode == 0) { if(strncmp(buffer, "menu", 4) == 0) { mode = 1; @@ -251,7 +298,8 @@ reply_first = (VALUE_PAIR *)NULL; /* Look for a matching menu entry */ - while(fgets(buffer, sizeof(buffer), fd) != NULL) { + while(fgets(buffer, sizeof(buffer)-1, fd) != NULL) { + buffer[sizeof(buffer)-1]='\0'; /* Terminate the buffer */ ptr = buffer; @@ -265,7 +313,7 @@ if(strcmp(selection, buffer) == 0 || strcmp("DEFAULT", buffer) == 0) { /* We have a match */ - while(fgets(buffer, sizeof(buffer), fd) != NULL) { + while(fgets(buffer, sizeof(buffer)-1, fd) != NULL) { if(*buffer == ' ' || *buffer == '\t') { /* * Parse the reply values --- radiusd-livingston-2.1.orig/src/pass.c +++ radiusd-livingston-2.1/src/pass.c @@ -57,6 +57,7 @@ #include #include #include +#include #include "radius.h" #include "users.h" --- radiusd-livingston-2.1.orig/src/proxy.c +++ radiusd-livingston-2.1/src/proxy.c @@ -69,6 +69,7 @@ #include #include #include +#include #include "radius.h" #include "users.h" @@ -136,11 +137,10 @@ char *ip_hostname(); char digest[AUTH_VECTOR_LEN]; char hold_digest[AUTH_VECTOR_LEN]; - char *sentreqauth; - int recvfrom(); + char *sentreqauth = NULL; int result; int secretlen; - size_t salen; + socklen_t salen; struct sockaddr_in *sin; struct sockaddr_in rad_saremote; u_short port; @@ -156,7 +156,8 @@ result = recvfrom (fd, (char *) recv_buffer, (int) sizeof(recv_buffer), - (int) 0, (struct sockaddr *)&rad_saremote, &salen); + (int) 0, (struct sockaddr *)&rad_saremote, + &salen); host = ntohl(sin->sin_addr.s_addr); port = ntohs(sin->sin_port); @@ -483,7 +484,7 @@ static int first = 0; static time_t last_update_time; FILE *fd; - PEER *curserv; + PEER *curserv = NULL; PEER *peeralloc(); PEER *server; UINT4 get_ipaddr(); @@ -499,7 +500,7 @@ int nproxy; struct stat statbuf; u_char buffer[256]; - u_short rport; + int rport; void peerfree(); int fclose(); @@ -507,7 +508,7 @@ /* Check last modified time of proxy file */ sprintf((char *)buffer, "%s/%s", radius_dir, RADIUS_PROXY); - if(stat(buffer, &statbuf) != 0) { + if(stat((char *)buffer, &statbuf) != 0) { if (first == 0) { log_err("proxy file %s not found; not using proxy\n", buffer); first++; @@ -526,7 +527,7 @@ errno = 0; if (gethostname(ourname, 128) != 0) { log_err("update_proxy: unable to get own hostname; %s\n", - sys_errlist[errno]); + strerror(errno)); } ouraddress = get_ipaddr(ourname); if (ouraddress == 0) { @@ -544,7 +545,7 @@ /* Open the proxy file */ if((fd = fopen((const char *)buffer, "r")) == (FILE *)NULL) { log_err("Error: could not read proxy file %s; %s\n", buffer, - sys_errlist[errno]); + strerror(errno)); return(-1); } @@ -567,7 +568,7 @@ || *buffer == '\n') { continue; } - hostnm = strtok(buffer, " \t\n"); + hostnm = strtok((char *)buffer, " \t\n"); secret = strtok((char *)NULL, " \t\n"); realm = strtok((char *)NULL, " \t\n"); if (realm == (char *)NULL) { @@ -705,7 +706,7 @@ char *number; char *ptr; char *realm; - char *strchr(); +/* char *strchr(); */ int rad_forw_ipass(); int ret; void push_proxy(); @@ -1051,7 +1052,7 @@ AUTH_REQ *qp; AUTH_REQ *prevqp; static char inuse[256]; - u_char newid; + int newid; static u_char curid = 0; static int flushcount = 0; extern int max_proxy_time; --- radiusd-livingston-2.1.orig/src/radius.h +++ radiusd-livingston-2.1/src/radius.h @@ -146,6 +146,8 @@ #define PW_CRYPT_PASSWORD 1006 #define PW_CONNECT_RATE 1007 +#define PW_ANONYMOUS 2000 + /* * INTEGER TRANSLATIONS */ @@ -247,8 +249,8 @@ /* Default Database File Names */ -#define RADIUS_DIR "/etc/raddb" -#define RADACCT_DIR "/usr/adm/radacct" +#define RADIUS_DIR "/etc/radiusd-livingston" +#define RADACCT_DIR "/var/log/radiusd-livingston" #define RADIUS_DICTIONARY "dictionary" #define RADIUS_CLIENTS "clients" --- radiusd-livingston-2.1.orig/src/radiusd.c +++ radiusd-livingston-2.1/src/radiusd.c @@ -68,6 +68,7 @@ #include #include #include +#include #include "radius.h" #include "users.h" @@ -134,6 +135,7 @@ int argc; char **argv; { + FILE *pid_file; UINT4 get_ipaddr(); UINT4 then; char argval; @@ -172,6 +174,7 @@ spawn_flag = 1; radius_dbm = 0; accept_zero = 0; + radius_port = 0; max_requests = MAX_REQUESTS; max_request_time = MAX_REQUEST_TIME; max_proxy_time = MAX_PROXY_TIME; @@ -382,6 +385,18 @@ } } + /* Save the PID in /var/run/radiusd-livingston.pid + Code added 22 SEP 1996 by Chris Fearnley + Code stolen from http_log.c in the apache 1.1.1 distribution */ + if(!(pid_file = fopen("/var/run/radiusd-livingston.pid","w"))) { + perror("fopen"); + fprintf(stderr,"radiusd: could not log pid to file %s\n", + "/var/run/radiusd-livingston.pid"); + exit(1); + } + fprintf(pid_file,"%ld\n",(long)getpid()); + fclose(pid_file); + /* * Disconnect from tty */ @@ -486,7 +501,7 @@ if(status == -1) { if (errno == EINTR) continue; - log_err("exiting after select returned error %d, %s\n",errno,sys_errlist[errno]); + log_err("exiting after select returned error %d, %s\n",errno,strerror(errno)); sig_fatal(101); } @@ -549,7 +564,7 @@ void rad_exit(); u_short lport; - if (*port>5) { + if (*port>6) { lport = htons(*port); } else { svp = getservbyname(service, "udp"); @@ -564,7 +579,7 @@ fd = socket (AF_INET, SOCK_DGRAM, 0); if (fd < 0) { - log_err("%s socket error %s\n", service, sys_errlist[errno]); + log_err("%s socket error %s\n", service, strerror(errno)); rad_exit(-1); } @@ -580,7 +595,7 @@ result = bind (fd, (struct sockaddr *)&salocal, sizeof (*sin)); if (result < 0) { - log_err("%s bind error %s\n", service, sys_errlist[errno]); + log_err("%s bind error %s\n", service, strerror(errno)); rad_exit(-1); } @@ -605,7 +620,6 @@ int length; { AUTH_HDR *auth; - int sendto(); struct sockaddr_in saremote; struct sockaddr_in *sin; void hexdump(); @@ -651,8 +665,7 @@ int result; int find_client(); int handle_proxy(); - int recvfrom(); - size_t salen; + socklen_t salen; struct sockaddr_in *sin; u_short port; void radrespond(); @@ -673,7 +686,8 @@ sin = (struct sockaddr_in *) & rad_saremote; result = recvfrom (fd, (char *) recv_buffer, (int) sizeof(recv_buffer), - (int) 0, (struct sockaddr *)&rad_saremote, &salen); + (int) 0, (struct sockaddr *)&rad_saremote, + &salen); addr = ntohl(sin->sin_addr.s_addr); port = ntohs(sin->sin_port); @@ -1460,17 +1474,17 @@ } #ifdef SMARTCARD if ((msg_id = msgget(msg_key, IPC_CREAT | 0600)) == -1) { - log_err("child_authenticate: msgget for key %x for id %d returned error: %s\n", msg_key, msg_id, sys_errlist[errno]); + log_err("child_authenticate: msgget for key %x for id %d returned error: %s\n", msg_key, msg_id, strerror(errno)); break; } if ((length = msgrcv(msg_id, recv_buffer, sizeof recv_buffer - sizeof(long), 0, 0)) == -1) { - log_err("child_authenticate: msgrcv for msgid %d returned error: %s\n", msg_id, sys_errlist[errno]); + log_err("child_authenticate: msgrcv for msgid %d returned error: %s\n", msg_id, strerror(errno)); break; } if (msgctl(msg_id, IPC_RMID, 0) == -1) { - log_err("child_authenticate: msgctl for msgid %d returned error: %s\n", msg_id, sys_errlist[errno]); + log_err("child_authenticate: msgctl for msgid %d returned error: %s\n", msg_id, strerror(errno)); } sin = (struct sockaddr_in *) &rad_saremote; authreq = radrecv( @@ -1507,7 +1521,7 @@ VALUE_PAIR *user_check; VALUE_PAIR *user_reply; char auth_name[AUTH_STRING_LEN + 2]; - char callfrom[32]; + char callfrom[32],callingnum[16]; char pw_digest[16]; char string[AUTH_STRING_LEN + 20 + 2]; char umsg[AUTH_STRING_LEN + 2]; @@ -1586,9 +1600,11 @@ callpair = get_attribute(authreq->request, PW_CALLING); if (callpair == (VALUE_PAIR *)NULL || callpair->lvalue > 20) { - callfrom[0] = '\0'; + callfrom[0] = callingnum[0] = '\0'; } else { - sprintf(callfrom," at %s",callpair->strvalue); + snprintf(callfrom, sizeof(callfrom), " at %s", + callpair->strvalue); + strncpy(callingnum,callpair->strvalue,sizeof(callingnum)); } /* @@ -1692,6 +1708,17 @@ } break; + case PW_ANONYMOUS: + if (check_item->lvalue == 0) { + if ((callingnum[0]<'0') || + (callingnum[0]>'9')) { + sprintf(umsg, + "Anonymous calling not allowed\r\n"); + user_msg = umsg; + result = -1; + } + } + break; default: if(auth_item == (VALUE_PAIR *)NULL) { result = -1; @@ -1902,12 +1929,12 @@ code = PW_PASSWORD_REJECT; } else { -#endif PASSCHANGE +#endif /* PASSCHANGE */ code = PW_AUTHENTICATION_REJECT; report[RR_REJECT]++; #ifdef PASSCHANGE } -#endif PASSCHANGE +#endif /* PASSCHANGE */ DEBUG("sending reject to %s\n", req2strp(authreq)); total_length = build_packet(authreq,(VALUE_PAIR *)NULL,msg,code,FW_REPLY,send_buffer); @@ -2044,7 +2071,8 @@ /* Check to see if the response is a menu */ if((menu_attr = get_attribute(reply, PW_MENU)) != (VALUE_PAIR *)NULL) { msg = get_menu(menu_attr->strvalue); - sprintf(state_value, "MENU=%s", menu_attr->strvalue); + snprintf(state_value, sizeof(state_value), "MENU=%s", + menu_attr->strvalue); send_challenge(authreq, msg, state_value, activefd); return; } @@ -2385,19 +2413,31 @@ AUTH_REQ *authreq; u_char *secret; { - u_char buffer[128]; - int secretlen; + u_char *buffer; + size_t secretlen; + size_t len; - /* Use the secret to setup the decryption digest */ - memset(buffer, 0, sizeof(buffer)); secretlen = strlen((char *)secret); - memcpy((char *)buffer, (char *)secret,secretlen); + len = secretlen + AUTH_VECTOR_LEN; + + memset(digest, 0, sizeof(digest)); + + buffer = (u_char *)malloc(len+1); + if(buffer == NULL) + return; + + /* Use the secret to setup the decryption digest */ + memset(buffer, 0, len+1); + memcpy((char *)buffer, (char *)secret, secretlen); memcpy(buffer + secretlen, authreq->vector, AUTH_VECTOR_LEN); - md5_calc(digest, buffer, secretlen + AUTH_VECTOR_LEN); - memset(buffer, 0, secretlen+AUTH_VECTOR_LEN); + md5_calc(digest, buffer, len); + memset(buffer, 0, len); + + free(buffer); return; } + /************************************************************************* * * Function: calc_next_digest @@ -2566,7 +2606,7 @@ /* Check last modified time of clients file */ sprintf((char *)buffer, "%s/%s", radius_dir, RADIUS_CLIENTS); - if(stat(buffer, &statbuf) != 0) { + if(stat((char *)buffer, &statbuf) != 0) { log_err("Error: clients file %s not found\n", buffer); return(-1); } @@ -2586,7 +2626,7 @@ sprintf((char *)oldcache, "%s/%s", radius_dir, RADIUS_CLIENT_CACHE); sprintf((char *)newcache, "%s.lock", oldcache); #if defined(NDBM) - if((db = dbm_open(newcache, O_RDWR | O_CREAT | O_TRUNC, 0600)) + if((db = dbm_open((char *)newcache, O_RDWR | O_CREAT | O_TRUNC, 0600)) == (DBM *)NULL) { #else if(dbminit(newcache) != 0) { @@ -2608,7 +2648,7 @@ named.dptr = ip_str; named.dsize = strlen(ip_str); contentd.dptr = (char *)buffer; - contentd.dsize = strlen(buffer); + contentd.dsize = strlen((char *)buffer); #if defined(NDBM) if(dbm_store(db, named, contentd, DBM_INSERT) != 0) { #else /* not NDBM */ @@ -2624,11 +2664,11 @@ } dbm_close(db); fclose(clientfd); - s1 = strlen(newcache); - strcat(newcache,".db"); - if (stat(newcache,&statbuf2) == 0) { - strcat(oldcache,".db"); - if (rename(newcache,oldcache) != 0) { + s1 = strlen((char *)newcache); + strcat((char *)newcache,".db"); + if (stat((char *)newcache,&statbuf2) == 0) { + strcat((char *)oldcache,".db"); + if (rename((char *)newcache,(char *)oldcache) != 0) { log_err("Error: could not move client cache file %s to %s, error %d\n",newcache,oldcache,errno); return(-1); } else { @@ -2636,18 +2676,18 @@ } } else { newcache[s1] = '\0'; - s2 = strlen(oldcache); - strcat(newcache,".pag"); - strcat(oldcache,".pag"); - if (rename(newcache,oldcache) != 0) { + s2 = strlen((char *)oldcache); + strcat((char *)newcache,".pag"); + strcat((char *)oldcache,".pag"); + if (rename((char *)newcache,(char *)oldcache) != 0) { log_err("Error: could not move client cache file %s to %s, error %d\n",newcache,oldcache,errno); return(-1); } newcache[s1] = '\0'; oldcache[s2] = '\0'; - strcat(newcache,".dir"); - strcat(oldcache,".dir"); - if (rename(newcache,oldcache) != 0) { + strcat((char *)newcache,".dir"); + strcat((char *)oldcache,".dir"); + if (rename((char *)newcache,(char *)oldcache) != 0) { log_err("Error: could not move client cache file %s to %s, error %d\n",newcache,oldcache,errno); rcode = -1; } else { --- radiusd-livingston-2.1.orig/src/radtest.c +++ radiusd-livingston-2.1/src/radtest.c @@ -80,18 +80,28 @@ static char sccsid[] = "$Id: radtest.c,v 1.1 1999/06/23 23:40:43 cdr Exp $ Copyright 1992-1999 Lucent Technologies Inc"; - -#include "stdio.h" -#include "stdlib.h" -#include "errno.h" -#include "sys/types.h" -#include "sys/socket.h" -#include "sys/param.h" -#include "sys/time.h" -#include "netdb.h" -#include "netinet/in.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include #include "radius.h" +int dict_init(); +void md5_calc(void *, void *, unsigned int); +char * req2strp(AUTH_REQ *); +char * ipaddr2strp(UINT4); +void fprint_attr_val(FILE *, VALUE_PAIR *); + + int fd; char * host_name; struct sockaddr_in addr; @@ -115,7 +125,7 @@ char *radius_log = "/dev/tty"; UINT4 now = 0; -main(argc, argv) +int main(argc, argv) char * argv[]; { AUTH_HDR *ah; @@ -134,7 +144,7 @@ int i; int len; int rc; - int sa_len; + socklen_t sa_len; int service_type; int val; int verbose_flag; @@ -492,7 +502,7 @@ rad_exit(errno); } if (FD_ISSET(fd, &fdset)) { - sa_len = sizeof sa_ihd; + sa_len = sizeof(sa_ihd); if ((rc = recvfrom(fd, r_buf, sizeof r_buf, 0, (struct sockaddr *)&sa_ihd, &sa_len)) < 0) { perror("recvfrom: "); @@ -528,7 +538,7 @@ ah->code, ah->id, ah->length); - return; + return 1; break; } @@ -545,6 +555,7 @@ } close(fd); + exit(0); } --- radiusd-livingston-2.1.orig/src/testuser.c +++ radiusd-livingston-2.1/src/testuser.c @@ -57,7 +57,7 @@ #include #include "radius.h" #include "users.h" -#include +/* #include */ char *progname; int debug_flag; --- radiusd-livingston-2.1.orig/src/users.c +++ radiusd-livingston-2.1/src/users.c @@ -60,6 +60,7 @@ #include #include #include +#include int db_index; @@ -376,7 +377,7 @@ int atoi(); char attrstr[64]; char valstr[256]; - DICT_ATTR *attr; + DICT_ATTR *attr = NULL; DICT_ATTR *dict_attrfind(); DICT_VALUE *dval; DICT_VALUE *dict_valfind(); @@ -407,7 +408,7 @@ case PARSE_MODE_NAME: /* Attribute Name */ - fieldcpy(attrstr, &buffer); + fieldcpy(attrstr, &buffer, sizeof(attrstr)-1); if((attr = dict_attrfind(attrstr)) == (DICT_ATTR *)NULL) { return(-1); @@ -428,7 +429,7 @@ case PARSE_MODE_VALUE: /* Value */ - fieldcpy(valstr, &buffer); + fieldcpy(valstr, &buffer, sizeof(valstr)-1); pair = pairalloc("userparse"); @@ -514,17 +515,19 @@ *************************************************************************/ static void -fieldcpy(string, uptr) +fieldcpy(string, uptr, len) char *string; char **uptr; +int len; { char *ptr; ptr = *uptr; if(*ptr == '"') { ptr++; - while(*ptr != '"' && *ptr != '\0' && *ptr != '\n') { + while(*ptr != '"' && *ptr != '\0' && *ptr != '\n' && len > 0) { *string++ = *ptr++; + len--; } *string = '\0'; if(*ptr == '"') { @@ -535,8 +538,9 @@ } while(*ptr != ' ' && *ptr != '\t' && *ptr != '\0' && *ptr != '\n' && - *ptr != '=' && *ptr != ',') { + *ptr != '=' && *ptr != ',' && len > 0) { *string++ = *ptr++; + len--; } *string = '\0'; *uptr = ptr; --- radiusd-livingston-2.1.orig/src/users.h +++ radiusd-livingston-2.1/src/users.h @@ -52,7 +52,12 @@ # ifdef NDBM # include +# if BERKELEY_DB +# define DB_DBM_HSEARCH 1 +# include +# else # include +# endif # else /* not NDBM */ # include # endif /* NDBM */ --- radiusd-livingston-2.1.orig/src/util.c +++ radiusd-livingston-2.1/src/util.c @@ -59,6 +59,7 @@ #include #include #include +#include #include "radius.h" @@ -363,7 +364,7 @@ hmembuf = nmembuf; } if (debug_mem) { - log_err("called bufalloc(%d,%s) = %x %d\n",size,where,(int)buf,nmembuf); + log_err("called bufalloc(%d,%s) = %p %d\n",size,where,buf,nmembuf); } return buf; @@ -389,7 +390,7 @@ extern int debug_mem; if (debug_mem) { - log_err("called buffree(%x,%s) = %d\n",(int)buf,where,nmembuf); + log_err("called buffree(%p,%s) = %d\n",buf,where,nmembuf); } if (buf == (char *)NULL) { log_err("%s called buffree with NULL pointer\n",where); @@ -571,7 +572,7 @@ hmemreq = nmemreq; } if (debug_mem) { - log_err("called reqalloc(%s) = %x %d\n",where,(int)authreq,nmemreq); + log_err("called reqalloc(%s) = %p %d\n",where,authreq,nmemreq); } return authreq; @@ -597,7 +598,7 @@ extern int debug_mem; if (debug_mem) { - log_err("called reqfree(%x,%s) = %d\n",(int)authreq,where,nmemreq); + log_err("called reqfree(%p,%s) = %d\n",authreq,where,nmemreq); } if (authreq == (AUTH_REQ *)NULL) { log_err("%s called reqfree with NULL pointer\n",where); @@ -730,7 +731,7 @@ int n; { int i; - int j; + int j = 0; char s[64]; if (n > 200) { --- radiusd-livingston-2.1.orig/src/version.c +++ radiusd-livingston-2.1/src/version.c @@ -52,6 +52,7 @@ #include #include #include +#include #include "radius.h" extern char *progname; @@ -87,20 +88,21 @@ { char buffer[1024]; void build_version(); - void log_msg(); + void log_info(); - build_version(buffer); - log_msg(LOG_INFO, buffer); + build_version(buffer, sizeof(buffer)); + log_info("%s", buffer); } void -build_version(bp) +build_version(bp, bp_len) char * bp; +const size_t bp_len; { extern int accept_zero; extern int radius_dbm; - sprintf(bp, "%s: %s ", progname, VERSION); + snprintf(bp, bp_len-48, "%s: %s ", progname, VERSION); /* here are all the conditional feature flags */ --- radiusd-livingston-2.1.orig/src/vports.c +++ radiusd-livingston-2.1/src/vports.c @@ -64,6 +64,7 @@ #include #include #include +#include #include "radius.h" #ifdef VPORTS @@ -145,7 +146,7 @@ cidcur = cidfirst; while(cidcur != NULL) { - if (!strcmp(cidcur->num, num)) { + if (!strcmp((char *)cidcur->num, (char *)num)) { return (VP_CALLED *)cidcur; } cidcur = cidcur->next; @@ -166,7 +167,7 @@ return; } cidcur = new_cidlist(); - strcpy(cidcur->num, num); + strcpy((char *)cidcur->num, (char *)num); cidcur->max = max; return; } @@ -440,7 +441,7 @@ return (VP_ACCTID *)NULL; acctid_cur = nasip_cur->acctid_first; while(acctid_cur != NULL) { - if (!strcmp(acctid_cur->acctid, acctid)) + if (!strcmp((char *)acctid_cur->acctid, (char *)acctid)) return (VP_ACCTID *)acctid_cur; acctid_cur = acctid_cur->next; } @@ -460,7 +461,7 @@ } if (nasip_cur->acctidinit != VP_LIST_INIT) { acctid_cur = begin_acctidlist(nasip_cur); - strcpy(acctid_cur->acctid, acctid); + strcpy(acctid_cur->acctid, (char *)acctid); return (VP_ACCTID *)acctid_cur; } if ((acctid_cur = malloc(sizeof(VP_ACCTID))) == NULL) { @@ -469,7 +470,7 @@ } acctid_cur->next = NULL; acctid_cur->prev = nasip_cur->acctid_last; - strcpy(acctid_cur->acctid, acctid); + strcpy(acctid_cur->acctid, (char *)acctid); if (nasip_cur->acctid_last != NULL) nasip_cur->acctid_last->next = acctid_cur; nasip_cur->acctid_last = acctid_cur; @@ -486,7 +487,7 @@ u_char called_sid[16]; int required; int in_use; - int service_type; + int service_type = 0; required = 0; @@ -505,7 +506,7 @@ case PW_CALLED: required++; - strcpy(called_sid, vp->strvalue); + strcpy((char *)called_sid, vp->strvalue); break; } vp = vp->next; @@ -544,13 +545,13 @@ VP_CALLED *cidcur; VP_NAS *nasip_cur; VP_ACCTID *acctid_cur; - UINT4 addr; + UINT4 addr = 0; char *ipaddr2strp(); u_char called_sid[16]; u_char acct_id[16]; u_char reboot_req; u_char required; - u_int record_type; + u_int record_type = 0; reboot_req = 0; required = 0; @@ -577,12 +578,12 @@ case PW_ACCT_SESSION_ID: required++; - strcpy(acct_id, vp->strvalue); + strcpy((char *)acct_id, vp->strvalue); break; case PW_CALLED: required++; - strcpy(called_sid, vp->strvalue); + strcpy((char *)called_sid, vp->strvalue); break; } vp = vp->next; --- radiusd-livingston-2.1.orig/src/conf/Linux_Deb +++ radiusd-livingston-2.1/src/conf/Linux_Deb @@ -0,0 +1,11 @@ +# Debian Linux +# +RADLIBS = -lcrypt -ldb +CPPFLAGS = -DBERKELEY_DB # -DNOSHADOW +COPT = -g -Wall + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) +COPT += -O0 +else +COPT += -O2 +endif