9 Jun 21:35
[Openswan dev] [PATCH] xl2tpd refuse authentication lac fix
Dean Scarff <dos <at> scarff.id.au>
2008-06-09 19:35:24 GMT
2008-06-09 19:35:24 GMT
The "refuse authentication" option in xl2tpd.conf LAC sections has the
opposite semantics to what the English reading suggests. This bug
affects versions 1.2.0 and 1.1.12, among others probably.
The bug results in refuse-pap and refuse-chap being unconditionally
passed to pppd when 'refuse authentication = no'.
--- xl2tpd-1.2.0/file.c 2008-04-01 00:28:11.000000000 +0800
+++ xl2tpd-1.2.0.patched/file.c 2008-06-09 19:00:59.000000000 +0800
@@ -608,7 +608,7 @@
l->pap_require = result;
else if (c[0] == 'a') /* Authentication */
if (word[2] == 'f')
- l->authself = result;
+ l->authself = !result;
else
l->authpeer = result;
else /* CHAP */ if (word[2] == 'f')
LNS sections are unaffected because they already negate the 'refuse
authentication' result in the same way the LAC section does with this
patch.
--
--
Dean
RSS Feed