Hello, I've encounter this issue while running some tests with the new MSCHAP2 password change feature. My setup consists of the following. # radiusd -v radiusd: FreeRADIUS Version 3.0.5 (git #b6c3143), for host i686-pc-linux-gnu, built on Sep 19 2014 at 01:28:18 /etc/raddb/users: anna Cleartext-Password := 'aaaa', SMB-Account-Ctrl-Text := '[Ue]' /etc/raddb/mods-enabled/mschap (under passchange): local_cpw = "%{exec:/bin/mys %{mschap:User-Name} %{MS-CHAP-New-Cleartext-Password}}" When I first enter the password I get the proper error of user expired, when I enter the new password radiusd crashes. This is what 'radiusd -X' shows before it exits: (2) mschap : MS-CHAPv2 password change request received (2) mschap : Password change payload valid (2) mschap : Doing MS-CHAPv2 password change locally CONSISTENCY CHECK FAILED src/lib/cursor.c[151]: VALUE_PAIR "MS-CHAP-New-Cleartext-Password" char buffer not \0 terminated SOFT ASSERT FAILED src/lib/debug.c[1008]: 0 CAUGHT SIGNAL: User defined signal 1 Backtrace of last 35 frames: /usr/local/lib/libfreeradius-radius.so(fr_fault+0x105)[0x82d281] ... When I add: RDEBUG("length is: %d - and new pass is %s", new_pass->length, new_pass->vp_strvalue); At: https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_... I get: (2) mschap : length is: 4 - and new pass is bbbb?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? So adding the following line at the same place makes it work ok (my script gets the new password and I get access-accept): x[new_pass->length] = '\0'; But I am not sure it is a proper solution as I am still reading about encoding stuff. If any additional information or tests are needed i'll be glad to supply. Thanks a lot for the great open software. Isaac Boukris