| Age | Commit message (Collapse) | Author |
|---|
|
If dns_opt->addr is NULL, then we have no address to propose (none
defined in accel-ppp.conf and none provided by RADIUS). Currently,
in that case, accel-ppp accepts and acks the address found in the peer's
configuration request. But the peer would normally use the undefined IP
address, so if we ack it, we explicitely tell the peer that 0.0.0.0 is
the primary/secondary DNS server.
If the peer already knows a DNS server IP address, it doesn't have to
negociate it with accel-ppp. It can just use it directly, after it
retrieved its own IP address. Therefore there is no need for accel-ppp
to blindly accept addresses proposed by the peer.
This patch rejects *-DNS-Address if accel-ppp has no DNS server to
propose, making it explicit to the peer that its request can't be
satisfied.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
When handling the EV_DNS event, IPCP assumes that the ->dns1 and ->dns2
fields of the event structure are properly set. But that may not be the
case.
If only one of the MS-Primary-DNS-Server or MS-Secondary-DNS-Server
RADIUS attributes was received, then only ->dns1 or ->dns2 is set,
while the other keeps a non initialised value. This uninitialised value
is then copied by ev_dns() and proposed to the peer when negociating
the Primary-DNS-Address or Secondary-DNS-Address IPCP options.
That leaks four bytes of the stack to the network and prevents using
the values found in the [dns] section of accel-ppp.conf as fallback.
Fix this by initialising the whole event structure in rad_proc_attrs().
Then, in ev_dns(), we can check if ->dns1 or ->dns2 is properly set
before copying them. That allows to propery fallback to accel-ppp.conf
values when one of the values was not provided by RADIUS.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
* l2tp: Fix allocation checking when adding octets AVP
* cli, tcp: Fix non-NULL terminated string reception
* Fix va_end() missing calls
* chap-secrets: implemented encryption
* auth_pap: make messages like other auth modules
* cli: check xmit_buf is not null at enter to write function
* pppoe: implemented regular expression support
* chap-secrets: implemented encryption
* ippool: fixed initialization order
* optional shaper compiling
* ppp: dns/wins code cleanup
|
|
|
|
|
|
|
|
|
|
|
|
|
