Date: Mon, 7 Jan 2002 12:49:15 -0800 (PST) From: Brad Huntting <huntting@glarp.com> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/33661: PAP AuthAck/AuthNak parsing problem in pppd Message-ID: <200201072049.g07KnFp42108@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 33661
>Category: bin
>Synopsis: PAP AuthAck/AuthNak parsing problem in pppd
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 07 12:50:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Brad Huntting
>Release: 4.4-RELEASE
>Organization:
CU Boulder CS Dept
>Environment:
FreeBSD nomadic.glarp.com 4.4-RELEASE FreeBSD 4.4-RELEASE #0: Tue Sep 18 11:57:08 PDT 2001 murray@builder.FreeBSD.org:/usr/src/sys/compile/GENERIC i386
>Description:
Some ppp implementations send PAP AuthAck packets without a message. RFC1334 (sec 2.2 and 2.2.2) is not very clear about wheather this is kosher. At any rate, pppd does not deal with this situation
gracefully.
>How-To-Repeat:
Sign up for VoiceStream's iStream service. Get a Motorola P280 cell phone. Put the following lines in /etc/ppp/peers/vs:
noipdefault
cuaa0 38400 crtscts
connect '/usr/bin/chat -v -f /etc/ppp/chat-vs'
ipcp-accept-local
ipcp-accept-remote
user <yournamehere>
And in /etc/ppp/chat-vs:
ABORT "BUSY"
ABORT "NO\sCARRIER"
TIMEOUT 2
""
AT OK-AT-OK-AT-OK-AT-OK
AT&F OK
ATE1Q0 OK
AT+CGDCONT=1,IP,\sinternet2.voicestream.com\s OK
AT+CGQMIN=1,0,0,3,0,0 OK
AT+CGQREQ=1,0,0,3,0,0 OK
ATD*99# CONNECT
And fire up "cuaa0 57600 debug call vs" as root.
You should see a string of syslog messages that looks like:
Jan 7 00:15:42 nomadic pppd[511]: sent [PAP AuthReq id=0x1 user="<yournamehere>" password="<yourpasswdhere>"]
Jan 7 00:15:42 nomadic pppd[511]: rcvd [PAP AuthAck id=0x1]
Jan 7 00:15:42 nomadic pppd[511]: rcvd [IPCP ConfReq id=0x2 <addr 192.168.100.101> <compress VJ 0f 01>]
Jan 7 00:15:45 nomadic pppd[511]: sent [PAP AuthReq id=0x2 user="<yournamehere>" password="<yourpasswdhere>"]
Jan 7 00:15:45 nomadic pppd[511]: rcvd [PAP AuthAck id=0x2]
Jan 7 00:15:48 nomadic pppd[511]: sent [PAP AuthReq id=0x3 user="<yournamehere>" password="<yourpasswdhere>"]
Jan 7 00:15:48 nomadic pppd[511]: rcvd [PAP AuthAck id=0x3]
Jan 7 00:15:51 nomadic pppd[511]: sent [PAP AuthReq id=0x4 user="<yournamehere>" password="<yourpasswdhere>"]
Jan 7 00:15:51 nomadic pppd[511]: rcvd [PAP AuthAck id=0x4]
Jan 7 00:15:54 nomadic pppd[511]: sent [PAP AuthReq id=0x5 user="<yournamehere>" password="<yourpasswdhere>"]
Jan 7 00:15:54 nomadic pppd[511]: rcvd [PAP AuthAck id=0x5]
(sorry, but that's the best I can do)
>Fix:
Apply this patch
--- usr.sbin/pppd/upap.c.orig Fri Aug 27 19:19:08 1999
+++ usr.sbin/pppd/upap.c Mon Jan 7 13:06:55 2002
@@ -418,19 +418,23 @@
/*
* Parse message.
+ * Note: Some ppp implementations return AuthAck w/ no message.
*/
- if (len < sizeof (u_char)) {
+ if (len < 0) {
UPAPDEBUG((LOG_INFO, "pap_rauthack: rcvd short packet."));
return;
+ } else if (len == 0) {
+ UPAPDEBUG((LOG_INFO, "pap_rauthack: no message in AuthAck."));
+ } else /* len > 0 */ {
+ GETCHAR(msglen, inp);
+ len -= sizeof (u_char);
+ if (len < msglen) {
+ UPAPDEBUG((LOG_INFO, "pap_rauthack: rcvd short packet."));
+ return;
+ }
+ msg = (char *) inp;
+ PRINTMSG(msg, msglen);
}
- GETCHAR(msglen, inp);
- len -= sizeof (u_char);
- if (len < msglen) {
- UPAPDEBUG((LOG_INFO, "pap_rauthack: rcvd short packet."));
- return;
- }
- msg = (char *) inp;
- PRINTMSG(msg, msglen);
u->us_clientstate = UPAPCS_OPEN;
@@ -457,19 +461,23 @@
/*
* Parse message.
+ * (note comment in upap_rauthack())
*/
- if (len < sizeof (u_char)) {
- UPAPDEBUG((LOG_INFO, "pap_rauthnak: rcvd short packet."));
- return;
- }
- GETCHAR(msglen, inp);
- len -= sizeof (u_char);
- if (len < msglen) {
+ if (len < 0) {
UPAPDEBUG((LOG_INFO, "pap_rauthnak: rcvd short packet."));
return;
+ } else if (len == 0) {
+ UPAPDEBUG((LOG_INFO, "pap_rauthnak: no message in AuthNak."));
+ } else /* len > 0 */ {
+ GETCHAR(msglen, inp);
+ len -= sizeof (u_char);
+ if (len < msglen) {
+ UPAPDEBUG((LOG_INFO, "pap_rauthnak: rcvd short packet."));
+ return;
+ }
+ msg = (char *) inp;
+ PRINTMSG(msg, msglen);
}
- msg = (char *) inp;
- PRINTMSG(msg, msglen);
u->us_clientstate = UPAPCS_BADAUTH;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201072049.g07KnFp42108>