Hi, comparing Suffix or Prefix without it being set lets the server crash (see backtrace below). This is easily reproducable with this: authorize { # also happens with Prefix if (Suffix == "blub") { } ... This happens on x86 and x64, with 2.1.7 as well as git stable. I guess there should be a check somewhere, maybe for req==NULL in presufcmp(), but I'm not sure. The obvious work around is setting these attributes (with update request) to empty strings or checking them like "if (Prefix && Prefix == ...)". Besides that, I'm surprised that there is special handling for Prefix and Suffix. I thought they are just some attributes I can use as I wish. I parse User-Name with a regex and set them accordingly with %{1} etc.
rad_recv: Access-Request packet from host 127.0.0.1 port 54511, id=178, length=67 User-Name = "does_not_matter" User-Password = "b" NAS-IP-Address = 172.17.13.190 NAS-Port = 1 +- entering group authorize {...} ++? if (Suffix == "blub")
Program received signal SIGSEGV, Segmentation fault. 0x00000035b3c7f541 in strlen () from /lib64/libc.so.6 (gdb) bt #0 0x00000035b3c7f541 in strlen () from /lib64/libc.so.6 #1 0x00007ffff750b790 in presufcmp (instance=0x0, req=0x7e5a10, request=0x0, check=0x7e6120, check_pairs=0x0, reply_pairs=0x0) at paircmp.c:134 #2 0x00000000004273a3 in radius_callback_compare (req=0x7e5a10, request=0x0, check=0x7e6120, check_pairs=0x0, reply_pairs=0x0) at valuepair.c:270 #3 0x0000000000438260 in radius_do_cmp (request=0x7e5a10, presult=0x7fffffffc280, lt=T_BARE_WORD, pleft=0x7fffffffbe70 "Suffix", token=T_OP_CMP_EQ, rt=T_DOUBLE_QUOTED_STRING, pright=0x7fffffffba70 "blub", cflags=0, modreturn=6) at evaluate.c:360 #4 0x0000000000439385 in radius_evaluate_condition (request=0x7e5a10, modreturn=6, depth=1, ptr=0x7fffffffc330, evaluate_it=1, presult=0x7fffffffd360) at evaluate.c:833 #5 0x0000000000438c61 in radius_evaluate_condition (request=0x7e5a10, modreturn=6, depth=0, ptr=0x7fffffffd810, evaluate_it=1, presult=0x7fffffffd81c) at evaluate.c:614 #6 0x000000000041eb9d in modcall (component=1, c=0x780500, request=0x7e5a10) at modcall.c:432 #7 0x000000000041cb89 in indexed_modcall (comp=1, idx=0, request=0x7e5a10) at modules.c:691 #8 0x000000000041e035 in module_authorize (autz_type=0, request=0x7e5a10) at modules.c:1453 #9 0x0000000000409421 in rad_authenticate (request=0x7e5a10) at auth.c:565 #10 0x000000000043327e in radius_handle_request (request=0x7e5a10, fun=0x409226 <rad_authenticate>) at event.c:3693 #11 0x00000000004258e1 in thread_pool_addrequest (request=0x7e5a10, fun=0x409226 <rad_authenticate>) at threads.c:841 #12 0x0000000000432850 in event_socket_handler (xel=0x7df710, fd=22, ctx=0x7e57c0) at event.c:3317 #13 0x00007ffff7df36d3 in fr_event_loop (el=0x7df710) at event.c:400 #14 0x0000000000433189 in radius_event_process () at event.c:3679 #15 0x00000000004223e9 in main (argc=2, argv=0x7fffffffe588) at radiusd.c:398
Regards Jakob