Release 1.0.5?

Nicolas Baradakis nbk at
Mon Aug 22 19:14:52 CEST 2005

Alan DeKok wrote:

> > - A post on the mailing list suggests to change the case-insensitive
> >   searches for PostgreSQL. We need someone who has a setup with
> >   PostgreSQL to test these changes and sends a patch for postgresql.conf.
>   Peter Nixon?

Thor Spruyt is familiar with PostgreSQL, and has sent a few patches to
fix known issues with postgresql.conf and db_postgresql.sql.

> > - I'm not running LDAP on my site, but if bug #261 is reproductible,
> >   it should be fixed in 1.0.5 (attributes retrieved from ldap are
> >   truncated at first space)
>   It's more complicated than that.  It gets excited over '=', too.
>   The LDAP module has *always* worked that way, so it's not a priority
> for 1.0.5.

That's right, but it seems easy to fix this issue. If I understand
correctly the code in ldap_pairget(), we should have either "[value]"
or "[operator] [value]" in a one-to-one-mapped attribute.

If the statement above is correct, the code should be:

	ptr = str_from_ldap;
	operator = gettoken(&ptr);
	if (operator is valid)
		value = ptr;
		value = str_from_ldap;

> > Maybe bug #73, too ? (libldap and libsasl problems)
> Sounds good.  I don't use LDAP, so I can't test it.

I've had a wonderful time with autoconf... but it should be fixed now.

On other news, Primoz Bratanic is testing his tool of "automated
vulnerability search" on the source code of FreeRADIUS. Thanks to him,
I was able to fix three possible buffer overflows in xlat.c and
rlm_sqlcounter.c. (see the Automatic CVS report)

Primoz also found out that the SQL query in rlm_sqlcounter isn't
correctly escaped. (possible SQL injection vulnerability) As the
function 'sql_escape_func' is static in module 'rlm_sql', I don't
know if we should copy/paste the code or make the function publicly

We should also fix this in 1.0.5, before the people from Gentoo start
to make publicity about this.

Nicolas Baradakis

More information about the Freeradius-Devel mailing list