3.0.4: binary LDAP attributes

Alan DeKok aland at deployingradius.com
Tue Dec 9 14:02:42 CET 2014


On Dec 9, 2014, at 6:51 AM, Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com> wrote:
> They have noticed that binary LDAP values get truncated on embedded zero
> characters (\0) in RADIUS replies, in radiusReplyMessage in particular.
> I.e. for

  Arran and I have spent the last two weeks fixing those issues.  The server *never* dealt well with embedded zeros in “string” data.  Octets, yes. Strings, no.

> In related discoveries, it seems that backslashes get removed from LDAP
> attribute values in RADIUS replies, so

  That’s part of what we were fixing.

> Is this intended?

  No.  Please try the v3.0.x git branch.  We’ve fixed these issues, and added test cases for them all.

  The normal user won’t see any change.  People who have embedded zeros in strings will see that they now work.

  Alan DeKok.



More information about the Freeradius-Users mailing list