Possible Bug in valuepair / rlm_file etc etc.

Alister Winfield alister.winfield at uk.easynet.net
Mon Oct 24 11:55:17 CEST 2005

On Fri, 2005-10-21 at 13:51 -0400, Alan DeKok wrote:
> Alister Winfield <alister.winfield at uk.easynet.net> wrote:
> > I have found a potential bug in the way rlm_file or valuepair does the
> > xlat of %{var} items. These are supposedly dynamic, being based on a
> > per-packet replacement. The following example can be done a different
> > way but its the simplest example I can think of ;-)
>   Yeah, it's a bug.  The "users" file originally didn't have variable
> expansion, and once we added it, things like this happen.
> > Am I missing something here and if not I'll be back soon with a complete
> > patch (Currently I just save the old check_item and put it back which is
> > fine in a single thread but not so clever in a threaded system).
>   Rather, if flags.xlat is set, do:
>   VALUE_PAIR *new_check = rad_malloc(sizeof(*new_check));
>   memcpy(new_check, check, sizeof(*new_check));
>   new_check->next = NULL
>   paircmp(... new_check...)
>   pairfree(&new_check);
>   Alan DeKok.

Are you suggesting this in valuepair.c inside the loop that walks the
check items, or in rlm_file which I suspect would require the full check
items list to be copied to keep everything sane? I suspect you mean in
valuepair.c but thought it wise to ask ;).

Anyway just noticed another unfortunate feature in rlm_file.c. The !=
and !~ tests only notice if the very first matching attribute doesn't
match the value / regex but there is no way of asking the question does
this attribute value pair NOT exist anywhere in the packet. I have a fix
for this which involves effectively doing a positive match then
inverting the response if required. 

Alister Winfield.

More information about the Freeradius-Devel mailing list