[defect]: version 3.2.7 crashes when password ends with %

[yehavi-git]

What type of defect/bug is this?

Crash or memory corruption (segv, abort, etc...)

How can the issue be reproduced?

Hello,
After upgrading from 3.2.6 to 3.2.7 the server crashes when a password ends with %. The clear text password is retrieved from a database using an "exec" plugin, and is returned in the format:

Cleartext-Password := "M1&2@3%"

When removing the % it works ok.

Attached is radiusd.log with GDB backtrace.

Thanks!

Log output from the FreeRADIUS daemon

(2036)       [mschap] = noop
(2036) pap: WARNING: Auth-Type already set.  Not setting to PAP
(2036)       [pap] = noop
(2036)     } # authorize = updated
(2036)   Found Auth-Type = eap
(2036)   # Executing group from file /home/yehavi/freeradius-server-3.2.7/etc/raddb/sites-enabled/eduroam
(2036)     authenticate {
(2036) eap: Removing EAP session with state 0xf885ea1bf83ff057
(2036) eap: Previous EAP request found for state 0xf885ea1bf83ff057, released from the list
(2036) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(2036) eap: Calling submodule eap_mschapv2 to process data
(2036) eap_mschapv2: # Executing group from file /home/yehavi/freeradius-server-3.2.7/etc/raddb/sites-enabled/eduroam
(2036) eap_mschapv2:   Auth-Type MS-CHAP {
(2036) mschap: Found Cleartext-Password, hashing to create NT-Password
Segmentation fault (core dumped)

Relevant log output from client utilities

radiusd.log

Backtrace from LLDB or GDB

[alandekok]

Do you have a gdb backtrace? The GitHub PR templat describes how to get that.

In my tests, it returns an error, and doesn't crash.

[yehavi-git]

Hello,
The GDB backtrace is inside the the logfile which is attached to the ticket.
Maybe the difference of the behaviour is that in my case the clear text password is returned by an external command and not from the users file.

Thanks.

[alandekok]

I've pushed some fixes which will help. I'll double-check and push more fixes shortly.

[alandekok]

recent fixes in the v3.2.x branch address the issue.

[yehavi-git]

So they would appear on 3.2.8 version (unless I use the GIT current repository)?

Thanks, __Yehavi:

[alandekok]

Yes.

[yehavi-git]

Hello,
Now it doesn't crash, but it cannot encode the password. Here is an extract from running it with -X:

eap_mschapv2: Auth-Type MS-CHAP {
(101) mschap: Found Cleartext-Password, hashing to create NT-Password
(101) mschap: ERROR: Failed generating NT-Password - Password is missing or is empty
(101) eap_mschapv2: [mschap] = fail
(101) eap_mschapv2: } # Auth-Type MS-CHAP = fail

Thanks!

[alandekok]

I've double-checked with the exec module, and I don't get that same result. I've pushed a few more patches which may help, as I found a few more corner cases.

Can you share a test which reproduces this error? Because with the latest v3.2.x code I don't see it.

[yehavi-git]

That fixed the problem. Many thanks!

__Yehavi: