3.0.4: binary LDAP attributes
Nikolai Kondrashov
Nikolai.Kondrashov at redhat.com
Wed Jan 7 14:07:50 CET 2015
Hi Alan,
On 12/09/2014 03:02 PM, Alan DeKok wrote:
> On Dec 9, 2014, at 6:51 AM, Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com> wrote:
>> They have noticed that binary LDAP values get truncated on embedded zero
>> characters (\0) in RADIUS replies, in radiusReplyMessage in particular.
>> I.e. for
>
> Arran and I have spent the last two weeks fixing those issues. The
> server *never* dealt well with embedded zeros in “string” data. Octets,
> yes. Strings, no.
We already have an integration test for strings with embedded zeros. We would
like to add a test for zeros in "binary" attributes.
I'm not sure exactly what you mean by octets here. Is it attributes with
"octets" type in dictionaries? If so, are LDAP attributes supposed to contain
hex strings for them, and it is basically "00" bytes which were the problem?
Or could there be a direct binary representation for "octets"?
Is the "abinary" type affected?
Could you perhaps suggest attribute names/types and LDAP attribute values to
test for?
Sorry, if this is very basic knowledge I could have extracted myself.
Thank you.
Nick
More information about the Freeradius-Users
mailing list