MSCHAP2 local Password change failure - "MS-CHAP-New-Cleartext-Password" char buffer not \0 terminated

Isaac Boukris iboukris at gmail.com
Sat Sep 27 01:27:04 CEST 2014 

Hello,

I've encounter this issue while running some tests with the new
MSCHAP2 password change feature.
My setup consists of the following.

# radiusd -v
radiusd: FreeRADIUS Version 3.0.5 (git #b6c3143), for host
i686-pc-linux-gnu, built on Sep 19 2014 at 01:28:18

/etc/raddb/users:
anna    Cleartext-Password := 'aaaa', SMB-Account-Ctrl-Text := '[Ue]'

/etc/raddb/mods-enabled/mschap (under passchange):
local_cpw = "%{exec:/bin/mys %{mschap:User-Name}
%{MS-CHAP-New-Cleartext-Password}}"

When I first enter the password I get the proper error of user
expired, when I enter the new password radiusd crashes.
This is what 'radiusd -X' shows before it exits:

(2)  mschap : MS-CHAPv2 password change request received
(2)  mschap : Password change payload valid
(2)  mschap : Doing MS-CHAPv2 password change locally
CONSISTENCY CHECK FAILED src/lib/cursor.c[151]: VALUE_PAIR
"MS-CHAP-New-Cleartext-Password" char buffer not \0 terminated
SOFT ASSERT FAILED src/lib/debug.c[1008]: 0
CAUGHT SIGNAL: User defined signal 1
Backtrace of last 35 frames:
/usr/local/lib/libfreeradius-radius.so(fr_fault+0x105)[0x82d281]
...

When I add:
RDEBUG("length is: %d - and new pass is %s", new_pass->length,
new_pass->vp_strvalue);
At:
https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_mschap/rlm_mschap.c#L977
I get:
(2)  mschap : length is: 4 - and new pass is
bbbb??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

So adding the following line at the same place makes it work ok (my
script gets the new password and I get access-accept):
x[new_pass->length] = '\0';

But I am not sure it is a proper solution as I am still reading about
encoding stuff.
If any additional information or tests are needed i'll be glad to supply.

Thanks a lot for the great open software.

Isaac Boukris

More information about the Freeradius-Users mailing list