radius_xlat chops embedded NULs in cisco-av-pair

Kiril kyrmail at gmail.com
Mon Mar 31 08:00:43 CEST 2014

there is a problem under freeradius 2.1.12 when incoming radius packet
has embedded NUL bytes in the middle of the string attribute
in debug packet output it is printed as Cisco-AVPair =
but when we use %{Cisco-AVPair[*]} in sql accounting query it is
expanded as "release-source="
in previous version 1.x the bahaviour was different - xlat-ed string
in query was shown as in debug output

according to RFC 2869 section 5 it is said:
"Servers and servers and clients MUST be able to deal with embedded
nulls. RADIUS implementers using C are cautioned not to use strcpy()
when handling strings."

and radius_xlat function uses strlcpy(out, vp->vp_strvalue, outlen) in
vp_prints_value, so not the full string vp->vp_strvalue is copied

what should be done in this case: fix the radius source, or fix the NAS?

More information about the Freeradius-Users mailing list