segfault with regex and hint

Tue Aug 18 19:30:26 CEST 2009

Hi,

Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
>> 
>> It's that time of year to overhaul the cesspool that makes up my 
>> FreeRADIUS config files.
>> 
>> I am running FreeRADIUS from git[1] about two days ago and found that by 
>> putting the following in my 'hints' file gives me the segfault shown 
>> below[2].  If I remove the end bit[3] then I do not get the segfault, 
>> but then I also do not get my comparison :)
> 
> you are doing 2 seperate comparisons for the one attribute. is that correct/allowed?
> 
/me shrugs

I'm just here to report bugs :)

For mac-auth detection I just moved to a policy, so I really do not care 
if the bug gets fixed or not[1].  I can imagine cases where people want 
to 
use the hints file to 'sanitise' incoming RADIUS packets though in a 
neat one-liner that keeps it out of the virtual host stanza for example:

----
DEFAULT Calling-Station-Id =~ "/^([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2})$/i"
	Calling-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}"
----

For any who is curious/cares for the archives, I use the following 
policy:
----
mac_auth {
  if ( Realm == NULL && !EAP-Message && NAS-Port-Type == "Ethernet" \
          && Service-Type == Call-Check \
          && Stripped-User-Name == "%{User-Password}" \
          && Stripped-User-Name =~ /^[0-9a-f]{12}$/i \
          && Calling-Station-Id =~ /^([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2})$/i \
          && Stripped-User-Name =~ /^%{1}%{2}%{3}%{4}%{5}%{6}$/i ) {
    ok
  }
  else {
    notfound
  }
}
----

Cheers

[1] although I guess having a "hey lets copy from address 0x0" path in 
	FreeRADIUS is probably considered bad style :)

-- 
Alexander Clouter
.sigmonster says: Debug is human, de-fix divine.