'EAP-TTLS: eaptls_gen_mppe_keys(), SIGSEGV, better to use RAND_xxx'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-devel
Subject:    EAP-TTLS: eaptls_gen_mppe_keys(),  SIGSEGV, better to use RAND_xxx
From:       <rok.papez () arnes ! si>
Date:       2004-02-12 17:27:50
Message-ID: 402BB796.1090608 () arnes ! si
[Download RAW message or body]

Hello!

(Today CVS version)

I'm currently debugging a segfault in eaptls_gen_mpppe_keys().
Pointer to SSL3 structure s->s3 is NULL and when dereferenced to 
retrieve client_random and server_random fields for key seeds it segfaults.

It would be probably better to get the seed for mpppe keys from
OpenSSL random engine using RAND_add() to add some data to the random 
pool and RAND_bytes() to retreive the needed amount of random data.

What is the general opinion on OpenSSL RAND_xxx functions ?

--------------------------------------
Stack trace follows:

auth: user supplied User-Password matches local User-Password
Login OK: [student5/123456] (from client localhost port 0)
   TTLS: Got tunneled reply RADIUS code 2
   TTLS: Got tunneled Access-Accept

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 4111)]
0x401f48a9 in eaptls_gen_mppe_keys (reply_vps=0x818f260, s=0x817e5d8, 
prf_label=0x401f985e "ttls keying material") at mppe_keys.c:146
146             memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
(gdb) bt
#0  0x401f48a9 in eaptls_gen_mppe_keys (reply_vps=0x818f260, 
s=0x817e5d8, prf_label=0x401f985e "ttls keying material") at mppe_keys.c:146
#1  0x401f8429 in eapttls_authenticate (arg=0x8175f58, 
handler=0x817e530) at rlm_eap_ttls.c:253
#2  0x401eb495 in eaptype_call (atype=0x8177098, handler=0x817e530) at 
eap.c:170
#3  0x401eb5fd in eaptype_select (inst=0x81349d8, handler=0x817e530) at 
eap.c:352
#4  0x401eac85 in eap_authenticate (instance=0x81349d8, 
request=0x81a1ee8) at rlm_eap.c:269
#5  0x08054f7e in call_modsingle (component=0, sp=0x8134398, 
request=0x81a1ee8, default_result=0) at modcall.c:212
#6  0x0805509e in modcall (component=0, c=0x8134398, request=0x81a1ee8) 
at modcall.c:323
#7  0x08055029 in call_modgroup (component=0, g=0x0, request=0x81a1ee8, 
default_result=0) at modcall.c:237
#8  0x08055115 in modcall (component=0, c=0x8175930, request=0x81a1ee8) 
at modcall.c:314
#9  0x08054c93 in module_authenticate (auth_type=6, request=0x81a1ee8) 
at modules.c:893
#10 0x08051990 in rad_check_password (request=0x81a1ee8) at auth.c:353
#11 0x08051dc6 in rad_authenticate (request=0x81a1ee8) at auth.c:601
#12 0x0804d7b6 in rad_respond (request=0x81a1ee8, fun=0x8051cbc 
<rad_authenticate>) at radiusd.c:1764
#13 0x0804d257 in main (argc=0, argv=0x81a1ee8) at radiusd.c:1552
#14 0x420158f7 in __libc_start_main () from /lib/i686/libc.so.6

-----
s = 0x817e5d8
s->s3 = 0x0

-- 
Lep pozdrav,
Rok Papez.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic