Broken base64_decode in rlm_pap

Tomas Hoger thoger at pobox.sk
Sat Feb 10 21:36:32 CET 2007


Hi all!

I've come across an issue with verification of {SSHA} encrypted passwords
in FreeRadius 1.1.4.  Verification fails for correct passwords.  I've
managed to track problem through normify() to base64_decode() function in
rlm_pap.c.  This seems to be a culprit:

  if (src[length] != '=') return 0; /* no trailing '=' */

Code assumes every base64-encoded string must end with trailing '=', but
this assumption does not seem to be true.  SSHA encrypted base64 encoded
password does not.  E.g.:

$ /usr/sbin/slappasswd -h {SSHA} -s password
{SSHA}n0woq5pPczJ2k/z12gWO8Ita4mvuBlSE

It seems that trailing '='s are only used, when padding is required:

$ perl -e 'use MIME::Base64; print encode_base64("a")'
YQ==
$ perl -e 'use MIME::Base64; print encode_base64("aa")'
YWE=
$ perl -e 'use MIME::Base64; print encode_base64("aaa")'
YWFh
$ perl -e 'use MIME::Base64; print encode_base64("aaaa")'
YWFhYQ==

With check removed, SSHA passwords work fine.  But I'm not sure if it has a
chance to break something else.

Ideas for better fix?

th.




More information about the Freeradius-Users mailing list