Your message dated Tue, 24 Nov 2009 03:03:16 +0100
with message-id <[email protected]>
and subject line fixed in freeradius 2.1.7+dfsg-1
has caused the Debian Bug report #530513,
regarding freeradius: double quotes in the password break when proxying with
rlm_perl
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
530513: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530513
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: freeradius
Version: 2.0.4+dfsg-6
Severity: normal
Tags: patch fixed-upstream
As seen in
https://lists.freeradius.org/pipermail/freeradius-devel/2009-May/013106.html
there's a problem with proxying authentication requests when the rlm_perl
module is used and the password contains a double quote (") or a backslash (\).
The attached patch fixes the problem and was recently committed to the
upstream repository. Filing this to track the issue for squeeze; while
I'd love to see it fixed for lenny in a stable update, I doubt it meets
the criteria.
Thanks for maintaining freeradius,
--
Niko Tyni [email protected]
>From fa2e002271ee59410ec089540317f7e5d7ddcd2b Mon Sep 17 00:00:00 2001
From: Niko Tyni <[email protected]>
Date: Wed, 20 May 2009 12:11:19 +0300
Subject: [PATCH] make_passwd: only use 'inlen' bytes of the input string
In some situations (at least a roundtrip through the rlm_perl module)
the User-Password value pair can have extra non-null bytes at the end
so that strlen(vp->data.strvalue) > vp->length.
These extra bytes shold not be used by make_passwd to construct the
Message-Authenticator, so copy just 'inlen' bytes of the input string
before rounding up the length.
---
src/lib/radius.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/lib/radius.c b/src/lib/radius.c
index 679e2ae..b49f0df 100644
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -438,10 +438,15 @@ static void make_passwd(uint8_t *output, int *outlen,
* If the length is zero, round it up.
*/
len = inlen;
+
+ if (len > MAX_PASS_LEN) len = MAX_PASS_LEN;
+
+ memcpy(passwd, input, len);
+ memset(passwd + len, 0, sizeof(passwd) - len);
+
if (len == 0) {
len = AUTH_PASS_LEN;
}
- else if (len > MAX_PASS_LEN) len = MAX_PASS_LEN;
else if ((len & 0x0f) != 0) {
len += 0x0f;
@@ -449,9 +454,6 @@ static void make_passwd(uint8_t *output, int *outlen,
}
*outlen = len;
- memcpy(passwd, input, len);
- memset(passwd + len, 0, sizeof(passwd) - len);
-
fr_MD5Init(&context);
fr_MD5Update(&context, (const uint8_t *) secret, strlen(secret));
old = context;
--
1.5.6.5
--- End Message ---
--- Begin Message ---
Version: 2.1.7+dfsg-1
Hi,
The MAX_PASS_LEN fix is integrated in FreeRADIUS 2.1.7, and the package
of that has just been uploaded.
Thanks for reporting.
--
2. That which causes joy or happiness.
--- End Message ---
