length of value_pair value is only 127

Hagen Muench hagen at webtronaut.de
Mon Jul 21 14:53:35 CEST 2014


After testing with the radclient tooI l could figure out that it's rather
a limitation of the ntradping utility. Sorry for any inconvenience.

Hagen

>
> On 16 Jul 2014, at 09:07, Hagen Muench <hagen at webtronaut.de> wrote:
>
>> Hello,
>>
>> I have to process a vendor specific attribute from cisco, i.e. the
>> Cisco-SSG-Account-Info attribute.
>>
>> ---snip---
>> #define PW_SSG_ACCOUNT_INFO 250
>> #define CISCO2ATTR(x) ((9 << 16) | (x))
>> ...
>> vp = pairfind(request->packet->vps, CISCO2ATTR(PW_SSG_ACCOUNT_INFO));
>> if (!vp) {
>>   radlog(L_INFO, "Value pair not found!");
>> }
>> else{
>>   radlog(L_INFO, "%s, %i", vp->vp_strvalue, strlen(vp->vp_strvalue));
>> }
>> ...
>> ---snip---
>> If I send an authentication request the attribute is found. The problem
>> is
>> that the vp->vp_strvalue is cut after 128 chars and
>> strlen(vp->vp_strvalue)) is 127. Though the length of vp_strvalue is
>> defined in libradius.h by MAX_STRING_LEN (0-253 octets) according to
>> RFC.
>>
>> I have sent the request by the NTRadPing test utility.
>>
>> Is it a known issue? Thank you for help.
>
> If it's a string type, the majority of VALUE_PAIR code in v2.x.x is not
> \0 safe, so processing will stop at the first null byte.
>
> V3.0.x is better, but not perfect.
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS development team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html




More information about the Freeradius-Devel mailing list