From owner-freebsd-bugs Mon Jan 7 12:50:24 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 57B1537B417 for ; Mon, 7 Jan 2002 12:50:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g07Ko1Y42219; Mon, 7 Jan 2002 12:50:01 -0800 (PST) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 7337337B419 for ; Mon, 7 Jan 2002 12:49:15 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g07KnFp42108; Mon, 7 Jan 2002 12:49:15 -0800 (PST) (envelope-from nobody) Message-Id: <200201072049.g07KnFp42108@freefall.freebsd.org> Date: Mon, 7 Jan 2002 12:49:15 -0800 (PST) From: Brad Huntting To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: bin/33661: PAP AuthAck/AuthNak parsing problem in pppd Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 33661 >Category: bin >Synopsis: PAP AuthAck/AuthNak parsing problem in pppd >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jan 07 12:50:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Brad Huntting >Release: 4.4-RELEASE >Organization: CU Boulder CS Dept >Environment: FreeBSD nomadic.glarp.com 4.4-RELEASE FreeBSD 4.4-RELEASE #0: Tue Sep 18 11:57:08 PDT 2001 murray@builder.FreeBSD.org:/usr/src/sys/compile/GENERIC i386 >Description: Some ppp implementations send PAP AuthAck packets without a message. RFC1334 (sec 2.2 and 2.2.2) is not very clear about wheather this is kosher. At any rate, pppd does not deal with this situation gracefully. >How-To-Repeat: Sign up for VoiceStream's iStream service. Get a Motorola P280 cell phone. Put the following lines in /etc/ppp/peers/vs: noipdefault cuaa0 38400 crtscts connect '/usr/bin/chat -v -f /etc/ppp/chat-vs' ipcp-accept-local ipcp-accept-remote user And in /etc/ppp/chat-vs: ABORT "BUSY" ABORT "NO\sCARRIER" TIMEOUT 2 "" AT OK-AT-OK-AT-OK-AT-OK AT&F OK ATE1Q0 OK AT+CGDCONT=1,IP,\sinternet2.voicestream.com\s OK AT+CGQMIN=1,0,0,3,0,0 OK AT+CGQREQ=1,0,0,3,0,0 OK ATD*99# CONNECT And fire up "cuaa0 57600 debug call vs" as root. You should see a string of syslog messages that looks like: Jan 7 00:15:42 nomadic pppd[511]: sent [PAP AuthReq id=0x1 user="" password=""] Jan 7 00:15:42 nomadic pppd[511]: rcvd [PAP AuthAck id=0x1] Jan 7 00:15:42 nomadic pppd[511]: rcvd [IPCP ConfReq id=0x2 ] Jan 7 00:15:45 nomadic pppd[511]: sent [PAP AuthReq id=0x2 user="" password=""] Jan 7 00:15:45 nomadic pppd[511]: rcvd [PAP AuthAck id=0x2] Jan 7 00:15:48 nomadic pppd[511]: sent [PAP AuthReq id=0x3 user="" password=""] Jan 7 00:15:48 nomadic pppd[511]: rcvd [PAP AuthAck id=0x3] Jan 7 00:15:51 nomadic pppd[511]: sent [PAP AuthReq id=0x4 user="" password=""] Jan 7 00:15:51 nomadic pppd[511]: rcvd [PAP AuthAck id=0x4] Jan 7 00:15:54 nomadic pppd[511]: sent [PAP AuthReq id=0x5 user="" password=""] Jan 7 00:15:54 nomadic pppd[511]: rcvd [PAP AuthAck id=0x5] (sorry, but that's the best I can do) >Fix: Apply this patch --- usr.sbin/pppd/upap.c.orig Fri Aug 27 19:19:08 1999 +++ usr.sbin/pppd/upap.c Mon Jan 7 13:06:55 2002 @@ -418,19 +418,23 @@ /* * Parse message. + * Note: Some ppp implementations return AuthAck w/ no message. */ - if (len < sizeof (u_char)) { + if (len < 0) { UPAPDEBUG((LOG_INFO, "pap_rauthack: rcvd short packet.")); return; + } else if (len == 0) { + UPAPDEBUG((LOG_INFO, "pap_rauthack: no message in AuthAck.")); + } else /* len > 0 */ { + GETCHAR(msglen, inp); + len -= sizeof (u_char); + if (len < msglen) { + UPAPDEBUG((LOG_INFO, "pap_rauthack: rcvd short packet.")); + return; + } + msg = (char *) inp; + PRINTMSG(msg, msglen); } - GETCHAR(msglen, inp); - len -= sizeof (u_char); - if (len < msglen) { - UPAPDEBUG((LOG_INFO, "pap_rauthack: rcvd short packet.")); - return; - } - msg = (char *) inp; - PRINTMSG(msg, msglen); u->us_clientstate = UPAPCS_OPEN; @@ -457,19 +461,23 @@ /* * Parse message. + * (note comment in upap_rauthack()) */ - if (len < sizeof (u_char)) { - UPAPDEBUG((LOG_INFO, "pap_rauthnak: rcvd short packet.")); - return; - } - GETCHAR(msglen, inp); - len -= sizeof (u_char); - if (len < msglen) { + if (len < 0) { UPAPDEBUG((LOG_INFO, "pap_rauthnak: rcvd short packet.")); return; + } else if (len == 0) { + UPAPDEBUG((LOG_INFO, "pap_rauthnak: no message in AuthNak.")); + } else /* len > 0 */ { + GETCHAR(msglen, inp); + len -= sizeof (u_char); + if (len < msglen) { + UPAPDEBUG((LOG_INFO, "pap_rauthnak: rcvd short packet.")); + return; + } + msg = (char *) inp; + PRINTMSG(msg, msglen); } - msg = (char *) inp; - PRINTMSG(msg, msglen); u->us_clientstate = UPAPCS_BADAUTH; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message