MSCHAP2 local Password change failure - "MS-CHAP-New-Cleartext-Password" char buffer not \0 terminated
Hello, I've encounter this issue while running some tests with the new MSCHAP2 password change feature. My setup consists of the following. # radiusd -v radiusd: FreeRADIUS Version 3.0.5 (git #b6c3143), for host i686-pc-linux-gnu, built on Sep 19 2014 at 01:28:18 /etc/raddb/users: anna Cleartext-Password := 'aaaa', SMB-Account-Ctrl-Text := '[Ue]' /etc/raddb/mods-enabled/mschap (under passchange): local_cpw = "%{exec:/bin/mys %{mschap:User-Name} %{MS-CHAP-New-Cleartext-Password}}" When I first enter the password I get the proper error of user expired, when I enter the new password radiusd crashes. This is what 'radiusd -X' shows before it exits: (2) mschap : MS-CHAPv2 password change request received (2) mschap : Password change payload valid (2) mschap : Doing MS-CHAPv2 password change locally CONSISTENCY CHECK FAILED src/lib/cursor.c[151]: VALUE_PAIR "MS-CHAP-New-Cleartext-Password" char buffer not \0 terminated SOFT ASSERT FAILED src/lib/debug.c[1008]: 0 CAUGHT SIGNAL: User defined signal 1 Backtrace of last 35 frames: /usr/local/lib/libfreeradius-radius.so(fr_fault+0x105)[0x82d281] ... When I add: RDEBUG("length is: %d - and new pass is %s", new_pass->length, new_pass->vp_strvalue); At: https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_... I get: (2) mschap : length is: 4 - and new pass is bbbb?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? So adding the following line at the same place makes it work ok (my script gets the new password and I get access-accept): x[new_pass->length] = '\0'; But I am not sure it is a proper solution as I am still reading about encoding stuff. If any additional information or tests are needed i'll be glad to supply. Thanks a lot for the great open software. Isaac Boukris
Hi Alan, On Sat, Sep 27, 2014 at 4:54 PM, Alan DeKok <aland@deployingradius.com> wrote:
Isaac Boukris wrote:
I've encounter this issue while running some tests with the new MSCHAP2 password change feature.
I've pushed a fix.
Alan DeKok.
I am getting a new error now. # radiusd -v radiusd: FreeRADIUS Version 3.0.5 (git #ba5087c), for host i686-pc-linux-gnu, built on Sep 24 2014 at 20:22:52 (1) mschap : MS-CHAPv2 password change request received (1) mschap : Password change payload valid (1) mschap : Doing MS-CHAPv2 password change locally CONSISTENCY CHECK FAILED src/lib/cursor.c[151]: VALUE_PAIR "MS-CHAP-New-Cleartext-Password" length 8 is greater than char buffer length 4 SOFT ASSERT FAILED src/lib/debug.c[1001]: 0 CAUGHT SIGNAL: User defined signal 1 Backtrace of last 35 frames: /usr/local/lib/libfreeradius-radius.so(fr_fault+0x105)[0xfa9281] ... I am currently testing with simple ASCII passwords, original is 'aaaa' and the new is 'bbbb'. Note that the decrypted password is in UTF-16-LE which - i think - always uses 2 bytes for each character (not always actually, but even for ASCII chars) so its length will be 8 in my test but after the conversion to UTF-8 the length will depend on characters used and may vary, in my test it will be 4 only since for ASCII characters UTF-8 uses one byte per char. Thank you, Isaac B.
participants (2)
-
Alan DeKok -
Isaac Boukris