MSCHAP2 local Password change failure - "MS-CHAP-New-Cleartext-Password" char buffer not \0 terminated

Isaac Boukris iboukris at
Sat Sep 27 18:26:30 CEST 2014

Hi Alan,

On Sat, Sep 27, 2014 at 4:54 PM, Alan DeKok <aland at> wrote:
> Isaac Boukris wrote:
>> I've encounter this issue while running some tests with the new
>> MSCHAP2 password change feature.
>   I've pushed a fix.
>   Alan DeKok.

I am getting a new error now.

# radiusd -v
radiusd: FreeRADIUS Version 3.0.5 (git #ba5087c), for host
i686-pc-linux-gnu, built on Sep 24 2014 at 20:22:52

(1)  mschap : MS-CHAPv2 password change request received
(1)  mschap : Password change payload valid
(1)  mschap : Doing MS-CHAPv2 password change locally
"MS-CHAP-New-Cleartext-Password" length 8 is greater than char buffer
length 4
SOFT ASSERT FAILED src/lib/debug.c[1001]: 0
CAUGHT SIGNAL: User defined signal 1
Backtrace of last 35 frames:

I am currently testing with simple ASCII passwords, original is 'aaaa'
and the new is 'bbbb'.

Note that the decrypted password is in UTF-16-LE which - i think -
always uses 2 bytes for each character (not always actually, but even
for ASCII chars) so its length will be 8 in my test but after the
conversion to UTF-8 the length will depend on characters used and may
vary, in my test it will be 4 only since for ASCII characters UTF-8
uses one byte per char.

Thank you,
Isaac B.

More information about the Freeradius-Users mailing list