2.x.x (and earier?): yet another decoding SSHA issue
Alan DeKok
aland at deployingradius.com
Tue Jul 16 15:40:28 CEST 2013
Arran Cudbard-Bell wrote:
> SSHA1-Password will then hold the raw octet value of the hash. Unfortunately
> I believe that rlm_pap has it's own normalization logic,
> so may still attempt to decode the raw octets as hex or base64 *sigh*.
Only if the data is longer than the length of the binary hash.
i.e.
- length == length of hash ---> DONE
- length is 4/3 (or so) + other stuff.. --> base64
- starts with "0x" and length is 2x the length of the hash --> hex
It should be pretty fail-safe.
Alan DeKok.
More information about the Freeradius-Devel
mailing list