1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#265732: l2tpd: Fails to properly authenticate itself

    From Andreas U. Trottmann@1:229/2 to All on Sat Aug 14 19:40:10 2004
    From: [email protected]

    Package: l2tpd
    Version: 0.70-pre20031121-2
    Severity: important


    There is a bug in the source that makes it (try to) send the wrong AVP
    type for a challenge response, thus making the peer shut the session down.

    The problem seems to lie in the fact that on one hand, in the list of
    the "avps" in avp.c, it says:

    {12, 0, 0, {0}, NULL, NULL, "Q.931 Cause Code"},
    {13, AVP_F_MANDATORY, MD_SIG_SIZE, {SCCRP, SCCCN}, &chalresp_avp, &validate_gen_avp, "Challenge Response"},

    whereas avp.h says:

    #define CHALLENGE_RESP_AVP 12
    #define CAUSE_ERROR_AVP 13

    So, when trying to send a challenge response using CHALLENGE_RESP_AVP,
    it will try to use the "empty" avps[12] entry, which makes it output
    "add_avp: invalid avp id 12", and not send any response.



    Exchanging the 12 and 13 in one of the places seems to fix the problem,
    so for example this could be a working patch:

    --- l2tpd-0.70-pre20031121/avp.h Sat Aug 14 18:35:49 2004
    +++ l2tpd-0.70-pre20031121-works/avp.h Sat Aug 14 14:57:28 2004
    @@ -111,8 +111,8 @@
    #define ASSIGNED_TUN_ID_AVP 9
    #define RX_WIN_SIZE_AVP 10
    #define CHALLENGE_AVP 11
    -#define CHALLENGE_RESP_AVP 12
    -#define CAUSE_ERROR_AVP 13
    +#define CHALLENGE_RESP_AVP 13
    +#define CAUSE_ERROR_AVP 12
    #define ASSIGNED_SES_ID_AVP 14
    #define SERIAL_NUMBER_AVP 15
    #define MIN_BPS_AVP 16

    This seems to work well on a production system. However, I don't know
    anything about l2tpd internals, so this could cause other problems.




    -- System Information:
    Debian Release: 3.1
    APT prefers unstable
    APT policy: (500, 'unstable')
    Architecture: i386 (i686)
    Kernel: Linux 2.6.7-grsec
    Locale: LANG=de_CH.ISO8859-15, LC_CTYPE=de_CH.