Release of Version 3.0.4

Nikolai Kondrashov Nikolai.Kondrashov at redhat.com
Thu Sep 11 14:53:14 CEST 2014


Hi Arran,

On 09/10/2014 11:24 PM, Arran Cudbard-Bell wrote:
> On 10 Sep 2014, at 11:59, Alan DeKok <aland at deployingradius.com> wrote:
>>   We've release version 3.0.4.  It has a long changelong from 3.0.3:
>>
>> http://freeradius.org/version3.html
>>
>>   But the wait has been worth it, I think.  Lots of minor fixes, and
>> many new features.
>>
>>   The regex handling for strings has been fixed.  This means that where
>> it was hard / impossible to use regexes before, it's now simpler.  The
>> down-side is that you MAY have to update your regexes.
>
> Specifically, if you were using attribute references:
>
> if (&Attribute =~ /my regex/) {
>
> }
>
> The raw value of the attribute will be used without any pre-escaping.
>
> This applies not just to regexes but all comparisons.
>
> update request {
> 	Tmp-String-0 := '"foo"'
> }
>
> Can now be matched with:
>
> if (&Tmp-String-0 := '"foo"') {
>
> Instead of:
>
> if (&Tmp-String-0 := '\"foo\"') {
>
> Using the raw value however means that values with embedded \0s can cause issues.
>
> Most of the comparison code has been fixed, but there's still problems with regexes,
> due to the POSIX functions (regcomp, regexec), not taking a length argument.
>
> There are non-POSIX extensions (regncomp, renexec), but they're not in the PCRE
> compatibility library, so we've got to consider what to do there.
>
> If your strings/regexes don't contain/deal with unprintables or double quotes, no
> changes are required.

Thank you for describing the change.
Still, can you provide more details?
As this has potential of breaking user configurations, we (Red Hat) should try
to be as specific as possible to help people avoid or quickly fix the issues.

How was it working before and how is it working now?

Am I right that some characters (double quote, perhaps backslash, what else?)
were escaped in attribute values before comparison/regex matching? Which ones
exactly?

Am I right that nothing is escaped now?

What do you think should be done to make a configuration compatible with the
new version?

Or, if there are particular pieces of changed code which are easy to list, I
can try to understand what changed myself.

Thank you.

Nick


More information about the Freeradius-Users mailing list