MSCHAP2 local Password change failure - "MS-CHAP-New-Cleartext-Password" char buffer not \0 terminated

Isaac Boukris iboukris at
Sat Sep 27 01:27:04 CEST 2014


I've encounter this issue while running some tests with the new
MSCHAP2 password change feature.
My setup consists of the following.

# radiusd -v
radiusd: FreeRADIUS Version 3.0.5 (git #b6c3143), for host
i686-pc-linux-gnu, built on Sep 19 2014 at 01:28:18

anna    Cleartext-Password := 'aaaa', SMB-Account-Ctrl-Text := '[Ue]'

/etc/raddb/mods-enabled/mschap (under passchange):
local_cpw = "%{exec:/bin/mys %{mschap:User-Name}

When I first enter the password I get the proper error of user
expired, when I enter the new password radiusd crashes.
This is what 'radiusd -X' shows before it exits:

(2)  mschap : MS-CHAPv2 password change request received
(2)  mschap : Password change payload valid
(2)  mschap : Doing MS-CHAPv2 password change locally
"MS-CHAP-New-Cleartext-Password" char buffer not \0 terminated
SOFT ASSERT FAILED src/lib/debug.c[1008]: 0
CAUGHT SIGNAL: User defined signal 1
Backtrace of last 35 frames:

When I add:
RDEBUG("length is: %d - and new pass is %s", new_pass->length,
I get:
(2)  mschap : length is: 4 - and new pass is

So adding the following line at the same place makes it work ok (my
script gets the new password and I get access-accept):
x[new_pass->length] = '\0';

But I am not sure it is a proper solution as I am still reading about
encoding stuff.
If any additional information or tests are needed i'll be glad to supply.

Thanks a lot for the great open software.

Isaac Boukris

More information about the Freeradius-Users mailing list