radius_xlat chops embedded NULs in cisco-av-pair

Alan DeKok aland at deployingradius.com
Mon Mar 31 16:37:36 CEST 2014

Arran Cudbard-Bell wrote:
> 		if (fr_print_string(vp->vp_strvalue, vp->length, p, len + 1) != len) {
> 			talloc_free(p);
> 			fr_strerror_printf("Incorrect size of buffer allocated to hold escaped string");
> 			return NULL;

  Except that an embedded zero will end up as 4 characters of "\000".
It will *always* hit that error.

  The xlat code doesn't ask for strings to be escaped because it assumes
that the escaping is done elsewhere.  That assumption is arguably wrong
for embedded NULs.

  I think that the xlat code should always escape those characters.

  I'll take a look through the git history to see why xlat behaves this
way.  The underlying assumptions may no longer be valid.

  Alan DeKok.

More information about the Freeradius-Users mailing list