3.0.x: user-password length decoding sometimes wrong?
Alan DeKok
aland at deployingradius.com
Mon Nov 30 17:04:53 CET 2015
On Nov 30, 2015, at 11:00 AM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> Better to do something more explicit with a regex, in case we get around to fixing string expansion :)
Regexes on some platforms don't deal well with embedded zeros.
I'm happy with leaving %{string:..} as being explicitly not binary safe.
The alternative is:
update request {
Tmp-Octets-0 := &User-Password
}
# Some systems send User-Password = "\000\000foo"
# which is stupid
if (Tmp-Octets-0 =~ /^0x00/) {
reject
}
if (Tmp-Octets-0 =~ /^(0x(..)+)00/) {
# get the text BEFORE the zeros
update request {
Tmp-Octets-0 := "%{1}"
}
update request {
User-Password := "%{string:Tmp-Octets-0}"
}
}
Alan DeKok.
More information about the Freeradius-Users
mailing list