Broken base64_decode in rlm_pap
Tomas Hoger
thoger at pobox.sk
Sat Feb 10 21:36:32 CET 2007
Hi all!
I've come across an issue with verification of {SSHA} encrypted passwords
in FreeRadius 1.1.4. Verification fails for correct passwords. I've
managed to track problem through normify() to base64_decode() function in
rlm_pap.c. This seems to be a culprit:
if (src[length] != '=') return 0; /* no trailing '=' */
Code assumes every base64-encoded string must end with trailing '=', but
this assumption does not seem to be true. SSHA encrypted base64 encoded
password does not. E.g.:
$ /usr/sbin/slappasswd -h {SSHA} -s password
{SSHA}n0woq5pPczJ2k/z12gWO8Ita4mvuBlSE
It seems that trailing '='s are only used, when padding is required:
$ perl -e 'use MIME::Base64; print encode_base64("a")'
YQ==
$ perl -e 'use MIME::Base64; print encode_base64("aa")'
YWE=
$ perl -e 'use MIME::Base64; print encode_base64("aaa")'
YWFh
$ perl -e 'use MIME::Base64; print encode_base64("aaaa")'
YWFhYQ==
With check removed, SSHA passwords work fine. But I'm not sure if it has a
chance to break something else.
Ideas for better fix?
th.
More information about the Freeradius-Users
mailing list