\000 in "octets" attribute?
Bjørn Mork
bjorn at mork.no
Thu Jun 15 12:51:16 CEST 2006
Stefan Winter <stefan.winter at restena.lu> writes:
>> RFC 2865 says
>>
>> "Note that none of the types in RADIUS terminate with a NUL (hex
>> 00). In particular, types "text" and "string" in RADIUS do not
>> terminate with a NUL (hex 00). The Attribute has a length field
>> and does not use a terminator. Text contains UTF-8 encoded 10646
>> [7] characters and String contains 8-bit binary data. Servers and
>> servers and clients MUST be able to deal with embedded nulls.
>> RADIUS implementers using C are cautioned not to use strcpy() when
>> handling strings."
>>
>> There is nothing here that forbids an attribute containing nothing but
>> a NUL, or ending in NUL. The point is that the NUL in that case must
>> be a *significant part* of the attribute value. RADIUS clients and
>> servers MUST *handle* the NULs, not silently ignore them like string
>> terminators.
>
> Reading is a tough task, obviously. They are required NOT to end with a NUL.
Obviously. Where in the quoted text from the RFC do you find the word
"end"?
>> That is: "blah\000" and "blah" have different value and length, but
>> they are both allowed as attribute values.
>
> blah\000 is an attribute that has a hex 00 as last character, while the RFC
> says "In particular, types "text" and "string" in RADIUS do not
> terminate with a NUL (hex 00)."
"terminate with" != "end with"
The RFC talks about NULs used as terminators. A terminator is a
character that is not part of the string, but is used merely to
signify the end of data.
Bjørn
More information about the Freeradius-Users
mailing list