segfault with regex and hint

Alexander Clouter alex at
Tue Aug 18 19:30:26 CEST 2009


Alan Buxey <A.L.M.Buxey at> wrote:
>> It's that time of year to overhaul the cesspool that makes up my 
>> FreeRADIUS config files.
>> I am running FreeRADIUS from git[1] about two days ago and found that by 
>> putting the following in my 'hints' file gives me the segfault shown 
>> below[2].  If I remove the end bit[3] then I do not get the segfault, 
>> but then I also do not get my comparison :)
> you are doing 2 seperate comparisons for the one attribute. is that correct/allowed?
/me shrugs

I'm just here to report bugs :)

For mac-auth detection I just moved to a policy, so I really do not care 
if the bug gets fixed or not[1].  I can imagine cases where people want 
use the hints file to 'sanitise' incoming RADIUS packets though in a 
neat one-liner that keeps it out of the virtual host stanza for example:

DEFAULT Calling-Station-Id =~ "/^([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2})$/i"
	Calling-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}"

For any who is curious/cares for the archives, I use the following 
mac_auth {
  if ( Realm == NULL && !EAP-Message && NAS-Port-Type == "Ethernet" \
          && Service-Type == Call-Check \
          && Stripped-User-Name == "%{User-Password}" \
          && Stripped-User-Name =~ /^[0-9a-f]{12}$/i \
          && Calling-Station-Id =~ /^([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2})$/i \
          && Stripped-User-Name =~ /^%{1}%{2}%{3}%{4}%{5}%{6}$/i ) {
  else {


[1] although I guess having a "hey lets copy from address 0x0" path in 
	FreeRADIUS is probably considered bad style :)

Alexander Clouter
.sigmonster says: Debug is human, de-fix divine.

More information about the Freeradius-Users mailing list