Segmentation Fault on "[pap] Normalizing SSHA1-Password from base64 encoding"

Hugo Cisneiros (Eitch) hugo.cisneiros at
Fri Sep 6 18:24:07 CEST 2013


I'm getting the same errors as these messages:

I also did everything that Stefan Winter did - gdb live server,
valgrind, look at the source, compare with 3.0 - and got the same
results. In the -devel thread Alan DeKok says there won't be any
patches or development on the 2.2.x branch anymore, and I tested with
3.0 with success.

So I ask: is there any way to backport the fix to 2.2.x branch? I
don't know C very well but if it's not so hard, I might try talking to
people who knows how to code and create a unnoficial patch. I saw that
the base64 is now using a brave new approach on 3.0.

And also, if keeping this bug forever in the 2.2.x branch, what is, in
your opinions, the best way to store the encrypted passwords? I'm
using SSHA-Passwords attribute, salted with the "uuidgen" command. And
I was thinking, if I use a salt with only 16 characters instead of
32+, is there any chance for this bug to happen? It'll be easier for
me to fix the salts instead of the code. I can't migrate to 3.0 right
now because the system is in production state.

(Please, don't say Cleartext-Passwords are the solution :P)

The following hash generates the crash:




More information about the Freeradius-Users mailing list