make_passwd(), rlm_perl and double quotes in the password

Alan DeKok aland at
Thu Jan 28 17:46:03 CET 2010

John Morrissey wrote:
> Getting rid of vp_prints_value() in perl_store_vps() won't be possible
> without other backwards-compatibility-breaking changes.

  It looks like the issue is in pairparsevalue().  ALL of the callers to
it do escaping of \\.  BUT it also does escaping, which is bad.

> Namely, fr_print_string() encodes non-printing characters as octal values
> (e.g., ASCII 29 -> '\035'). rlm_perl modules may be expecting this behavior.
> How should this be handled?

  I think simply deleting the bad code in pairparsevalue() should be fine.

  Alan DeKok.

More information about the Freeradius-Devel mailing list