Project

General

Profile

Bug #889

[eap_radius] AcctSessionId string len too small.

Added by bronze man over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
libcharon
Target version:
Start date:
13.03.2015
Due date:
Estimated time:
Affected version:
5.2.2
Resolution:
Fixed

Description

AcctSessionId only have 16 bytes,It will make my server problem when iks_sa_id > 10000.

I have some strange log in my server: {"Cat":"error","Time":"2015-03-12T20:12:30+08:00","Data":["[radius.Accounting Update] connId 1425699257-9714 username luxxx do not have any data transfer"]} {"Cat":"error","Time":"2015-03-12T20:51:16+08:00","Data":["[radius.Accounting Update] connId 1425699257-9827 username Jhxxx do not have any data transfer"]} {"Cat":"error","Time":"2015-03-12T21:12:44+08:00","Data":["[radius.Accounting Update] connId 1425699257-9794 toIncr less 0, in:1504801 out:1948369 last:4576575"]} {"Cat":"error","Time":"2015-03-12T22:13:30+08:00","Data":["[radius.AccountingRequest start] connId 1425699257-1000 exist"]} {"Cat":"error","Time":"2015-03-12T22:13:35+08:00","Data":["[radius.Accounting Update] connId 1425699257-1000 username not match get: 6ixxx save: Pfxxx"]} {"Cat":"error","Time":"2015-03-12T22:13:40+08:00","Data":["[radius.Accounting Update] connId 1425699257-1000 username not match get: 6ixxx save: Pfxxx"]} {"Cat":"error","Time":"2015-03-12T22:13:45+08:00","Data":["[radius.Accounting Update] connId 1425699257-1000 username not match get: 6ixxx save: Pfxxx"]}

please look at
https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/eap_radius/eap_radius_accounting.c#L102
https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/eap_radius/eap_radius_accounting.c#L297
https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/eap_radius/eap_radius_accounting.c#L488

Associated revisions

Revision c4b63322 (diff)
Added by Martin Willi over 5 years ago

eap-radius: Increase Acct-Session-ID string buffer

As the startup timestamp needs 10 characters, we only have left 4 characters
for the IKE_SA unique identifier. This is insufficient when having 10000 IKE_SAs
or more established, resulting in non-unique session identifiers.

Fixes #889.

History

#1 Updated by bronze man over 5 years ago

{"Cat":"error","Time":"2015-03-12T20:12:30+08:00","Data":["[radius.Accounting Update] connId 1425699257-9714 username luxxx do not have any data transfer"]}
{"Cat":"error","Time":"2015-03-12T20:51:16+08:00","Data":["[radius.Accounting Update] connId 1425699257-9827 username Jhxxx do not have any data transfer"]}
{"Cat":"error","Time":"2015-03-12T21:12:44+08:00","Data":["[radius.Accounting Update] connId 1425699257-9794 toIncr less 0, in:1504801 out:1948369 last:4576575"]}
{"Cat":"error","Time":"2015-03-12T22:13:30+08:00","Data":["[radius.AccountingRequest start] connId 1425699257-1000 exist"]}
{"Cat":"error","Time":"2015-03-12T22:13:35+08:00","Data":["[radius.Accounting Update] connId 1425699257-1000 username not match get: 6ixxx save: Pfxxx"]}
{"Cat":"error","Time":"2015-03-12T22:13:40+08:00","Data":["[radius.Accounting Update] connId 1425699257-1000 username not match get: 6ixxx save: Pfxxx"]}
{"Cat":"error","Time":"2015-03-12T22:13:45+08:00","Data":["[radius.Accounting Update] connId 1425699257-1000 username not match get: 6ixxx save: Pfxxx"]}

#2 Updated by Martin Willi over 5 years ago

  • Tracker changed from Issue to Bug
  • Category set to libcharon
  • Status changed from New to Closed
  • Assignee set to Martin Willi
  • Target version set to 5.3.0
  • Resolution set to Fixed

I've increased the buffer size to 24 bytes with the referenced commit.

Regards
Martin

Also available in: Atom PDF