On 23/03/17 09:23, Nikolai Kondrashov wrote:
On 12/09/2014 01:51 PM, Nikolai Kondrashov wrote:
Our (Red Hat) QA was testing the effect of this entry in 3.0.4 ChangeLog:
* Modify pairparsevalue to deal with embedded NULLs better, and use the binary versions of attribute values in rlm_ldap.
They have noticed that binary LDAP values get truncated on embedded zero characters (\0) in RADIUS replies, in radiusReplyMessage in particular. I.e. for
radiusReplyMessage:: cmVwbHkgd2l0aCBhAGI=
The response output by radtest was
Reply-Message = 'reply with a'
The network capture also showed that RADIUS reply packets contained truncated values.
We still see the above behavior in v3.0.13.
This looks relevant: https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/src/modules/rlm_... https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/src/lib/pair.c#L... https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/src/lib/value.c#... These appear to all be 8-bit clean, using talloc_bstrndup and the quote handling seems OK. At a glance it looks fine to me, I wonder if the problem is deeper in the server core. What happens if you butcher the dictionaries and change Reply-Message to be "octets", just to test?