Perl attribute: length vs 0-byte termination

Chaigneau, Nicolas nicolas.chaigneau at capgemini.com
Mon Mar 31 08:59:54 CEST 2014


Hello,

There is a bug in 3.0.2.

Get the latest version of libradius.h which fixes the issue :

https://github.com/FreeRADIUS/freeradius-server/commits/v3.0.x/src/include/libradius.h

Then rebuild rlm_perl.

Regards,
Nicolas.



> -----Message d'origine-----
> De : freeradius-users-
> bounces+nicolas.chaigneau=capgemini.com at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+nicolas.chaigneau=capgemini.com at lists.freeradius.org] De la
> part de Julius Plenz
> Envoyé : vendredi 28 mars 2014 20:04
> À : freeradius-users at lists.freeradius.org
> Objet : Perl attribute: length vs 0-byte termination
> 
> Hi,
> 
> some recent change seems to have broken the "rlm_perl" attribute
> handling. For a string, instead of adding a scalar value with
> appropriate length, it seems the whole buffer (including 0-byte) is
> inserted into the Perl hash. Consider this authorize() method:
> 
>   sub authorize {
>     $RAD_REPLY{'Reply-Message'} = "Username >>".$RAD_REQUEST{'User-
> Name'}."<<";
>     return RLM_MODULE_UPDATED;
>   }
> 
> This leads, wrongly, to a prematurely terminated string:
> 
>   rlm_perl: Added pair Reply-Message = Username >>user
> 
> When you add a line like this at the beginning of the subroutine:
> 
>   $RAD_REQUEST{'User-Name'} =~ s/\0//g;
> 
> ...then you'll receive the typical garbage that's in uncleared memory:
> 
>   rlm_perl: Added pair Reply-Message = Username >>user ??"c¨?ìå ??...
> 
> Somehow, the length computation of the SVs must be fixed, but I don't
> know what broke it or how to repair it...
> 
> Any help appreciated, thanks in advance!
> 
> Julius
> 
> P.S.: I've tested this with FreeRADIUS Git tag "release_3_0_2".
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.



More information about the Freeradius-Users mailing list