3.0.x: user-password length decoding sometimes wrong?
Stefano Mason
stefano.mason at eng-mo.it
Mon Nov 30 17:30:19 CET 2015
On 11/30/2015 05:04 PM, Alan DeKok wrote:
> Regexes on some platforms don't deal well with embedded zeros.
>
> I'm happy with leaving %{string:..} as being explicitly not binary safe.
>
> The alternative is:
>
> update request {
> Tmp-Octets-0 := &User-Password
> }
>
> # Some systems send User-Password = "\000\000foo"
> # which is stupid
> if (Tmp-Octets-0 =~ /^0x00/) {
> reject
> }
>
> if (Tmp-Octets-0 =~ /^(0x(..)+)00/) {
>
> # get the text BEFORE the zeros
> update request {
> Tmp-Octets-0 := "%{1}"
> }
> update request {
> User-Password := "%{string:Tmp-Octets-0}"
> }
> }
Thanks Alan, but the alternative isn't good in all situation. When I
used the previous code the regex fail with all the password that end
with zero, like: mikemouse00.
Anyway thank you very much because it was just your code that allowed me
to find the one proposed:
update request {
Tmp-String-0 := "%{string:User-Password}"
User-Password := "%{string:Tmp-String-0}"
}
Best regards.
Stefano
More information about the Freeradius-Users
mailing list