User password

Matthew Newton mcn at freeradius.org
Wed May 22 13:06:27 CEST 2019


On Wed, 2019-05-22 at 09:12 +0000, Nicolas Breuer wrote:
> (9)   Calling-Station-Id = "71"
> (9)   User-Password = "alerteo268\000N: In"
> (9)   Service-Type = Framed-User
...
> 
> Any ideas from where the \000N:In comes from ?
> The user password is "alerteo268"

Looks like your NAS is broken. It's not calculating the length of the
User-Name attribute correctly and presumably leaking whatever memory
was after it.

It should be sending it with, in this case, length 10 and no NULL.

If there's no software update for the NAS to fix it then you may be
able to work around it by writing some unlang with a regex to chop it
down to the right length.

-- 
Matthew




More information about the Freeradius-Users mailing list