3.0.4: binary LDAP attributes

Phil Mayers p.mayers at imperial.ac.uk
Thu Mar 23 12:05:25 CET 2017

On 23/03/17 09:23, Nikolai Kondrashov wrote:
> On 12/09/2014 01:51 PM, Nikolai Kondrashov wrote:
>> Our (Red Hat) QA was testing the effect of this entry in 3.0.4 ChangeLog:
>>     * Modify pairparsevalue to deal with embedded NULLs better,
>>       and use the binary versions of attribute values in rlm_ldap.
>> They have noticed that binary LDAP values get truncated on embedded zero
>> characters (\0) in RADIUS replies, in radiusReplyMessage in particular.
>> I.e. for
>>     radiusReplyMessage:: cmVwbHkgd2l0aCBhAGI=
>> The response output by radtest was
>>     Reply-Message = 'reply with a'
>> The network capture also showed that RADIUS reply packets contained
>> truncated
>> values.
> We still see the above behavior in v3.0.13.

This looks relevant:




These appear to all be 8-bit clean, using talloc_bstrndup and the quote 
handling seems OK. At a glance it looks fine to me, I wonder if the 
problem is deeper in the server core.

What happens if you butcher the dictionaries and change Reply-Message to 
be "octets", just to test?

More information about the Freeradius-Users mailing list