Hi, we're seeing failed logins when proxying authentication requests through to another RADIUS server if the password contains a double quote ("). I've debugged the issue a bit, and what happens is that when the password does a roundtrip through the rlm_perl module, the value pair structure ends up with extra bytes at the end so that strlen(vp->data.strvalue) > vp->length. These extra bytes are the result of escaping the double quote before entering the Perl code and then unescaping it afterwards. For instance, the password abcdef" is passed as abcdef\" to the Perl code, and afterwards it becomes abcdef"" with length 7 (so the extra byte is not supposed to hurt AIUI.) Unfortunately make_passwd() rounds 'inlen' up to a multiple of 16 before copying the input string, so the extra bytes end up in the message authenticator of the proxied request. It seems to me that the escaping and unescaping done in rlm_perl via perl_store_vps() -> vp_prints_value() -> librad_safeprint() and get_hv_content() -> pairadd_sv() -> pairmake() -> pairparsevalue() is a bit unnecessary, and that the unescaping could zero out the extra bytes, but the main bug is in make_passwd() IMO. I have reproduced this with a Debian 2.0.4 freeradius package, a Fedora 2.1.3 package, and a current git.freeradius.org checkout (commit ef2a7db5e). I'm attaching a proposed patch to make_passwd(). Please let me know if you need more information, I can easily produce stack traces and the like. Thanks for your work on FreeRADIUS, -- Niko Tyni ntyni@cc.helsinki.fi