2.x.x (and earier?): yet another decoding SSHA issue

Alan DeKok aland at deployingradius.com
Tue Jul 16 15:40:28 CEST 2013

Arran Cudbard-Bell wrote:

> SSHA1-Password will then hold the raw octet value of the hash. Unfortunately
> I believe that rlm_pap has it's own normalization logic, 
> so may still attempt to decode the raw octets as hex or base64 *sigh*. 

  Only if the data is longer than the length of the binary hash.


- length == length of hash ---> DONE

- length is 4/3 (or so) + other stuff.. --> base64

- starts with "0x" and length is 2x the length of the hash --> hex

  It should be pretty fail-safe.

  Alan DeKok.

More information about the Freeradius-Devel mailing list