2.2.0 crash at a strange location

Alan DeKok aland at deployingradius.com
Mon May 6 15:02:00 CEST 2013

Stefan Winter wrote:
> Hi one more time,
> and another update: it's one specific SSHA1-Hash which makes the server crash; I can reproduce this easily.
> The magic hash value is:
> SSHA1-Password := PVwqvpqoyQBACLE3Nxk2ItoDjx1RT3JyKm9SdkRTb1o5aSUm
> and makes things fail specifically during a memcpy inside normify().
> Below is what valgrind has to say. Note that the user input in 
> User-Password is irrelevant; failure is before it's even checked.

  Weird.  I've fixed it, after some poking of the function.  It now
base64-decodes the password once, and only once.

  Alan DeKok.

More information about the Freeradius-Devel mailing list