radius_xlat chops embedded NULs in cisco-av-pair

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Mar 31 14:21:41 CEST 2014


On 31 Mar 2014, at 13:08, Kiril <kyrmail at gmail.com> wrote:

> > The string (RFC type 'text') should be escaped before being added to the concatenation buffer. I'll take a look and see if it's fixed in later versions.
> 
> maybe the entire attribute value data is copied
> but when sql_escape_func from rlm_sql module is called it stops on the first NUL byte in it, so maybe the escaping fails?

Any output of an xlat function should be fully escaped, such that unprintables appear and a backslash prefixed octal number. Other parts of the code which assume that'd been done will stop on embedded NULLs.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140331/5e9ebb4a/attachment.pgp>


More information about the Freeradius-Users mailing list