make_passwd(), rlm_perl and double quotes in the password
Alan DeKok
aland at deployingradius.com
Thu Jan 28 17:46:03 CET 2010
John Morrissey wrote:
> Getting rid of vp_prints_value() in perl_store_vps() won't be possible
> without other backwards-compatibility-breaking changes.
It looks like the issue is in pairparsevalue(). ALL of the callers to
it do escaping of \\. BUT it also does escaping, which is bad.
> Namely, fr_print_string() encodes non-printing characters as octal values
> (e.g., ASCII 29 -> '\035'). rlm_perl modules may be expecting this behavior.
>
> How should this be handled?
I think simply deleting the bad code in pairparsevalue() should be fine.
Alan DeKok.
More information about the Freeradius-Devel
mailing list