Regexp match wrongly copied to control list

[Brian Candler]

I have an issue with FreeRadius 2.1.12.

If I make use of a check/control regexp match in either rlm_sql or
rlm_files, and the match succeeds, then a spurious attribute is added onto
the control list containing the regexp which was matched.

To demonstrate:

authorize {
        update reply {
                Reply-Message += "Before: %{control:User-Name}"
        }
        testuser
        update reply {
                Reply-Message += "After: %{control:User-Name}"
        }
...

testuser is an instance of rlm_files which contains:

DEFAULT         User-Name =~ "@example\\.com$"
        Reply-Message += "Matched"

Then send a test packet:
# radtest test at example.com secret localhost 1 testing123

The response includes:

	Reply-Message = "Before: "
	Reply-Message = "Matched"
	Reply-Message = "After: @example\\.com$"

Debug output:

rad_recv: Access-Request packet from host 127.0.0.1 port 49269, id=27, length=86
	User-Name = "test at example.com"
	User-Password = "secret"
	NAS-IP-Address = 192.168.56.101
	NAS-Port = 1
	Message-Authenticator = 0x476a68f002b8b1f49df07064f8e1411a
# Executing section authorize from file /etc/freeradius/sites-enabled/stratRadius
+- entering group authorize {...}
	expand: Before: %{control:User-Name} -> Before: 
++[reply] returns notfound
[testuser] 	expand: %{Called-Station-Id} -> 
[testuser] 	expand: %{User-Name} -> test at example.com
[testuser] users: Matched entry DEFAULT at line 1
++[testuser] returns ok
	expand: After: %{control:User-Name} -> After: @example\.com$
++[reply] returns ok

This is a problem because I was using the attribute in the control list for
something else.

It only seems to be a side-effect of the regexp match. If instead I use:

DEFAULT         User-Name == "test at example.com"
        Reply-Message += "Matched"

then the control:User-Name is not updated.

Regards,

Brian.