Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1058884 - Calls to exec module or back-tick exec does not strip trailing whitespace or CR
Summary: Calls to exec module or back-tick exec does not strip trailing whitespace or CR
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: freeradius
Version: 20
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: John Dennis
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-01-28 17:04 UTC by Stefan Paetow
Modified: 2014-06-16 23:27 UTC (History)
4 users (show)

Fixed In Version: freeradius-3.0.3-2.fc20
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-16 23:27:52 UTC


Attachments (Terms of Use)

Description Stefan Paetow 2014-01-28 17:04:09 UTC
Description of problem:

When using a back-tick exec call in unlang, the trailing CR or whitespace are not trimmed from the call. This leads to issues with attributes. In FreeRADIUS 2.x this does not occur.

Version-Release number of selected component (if applicable): 3.0.1

How reproducible: Easy (all the time when using a back-tick)

Steps to Reproduce:
1. Insert the following into the post-auth section:

update control {
    Tmp-String-1 := `/bin/date -u +%%FT%%TZ`
}

2. Run radiusd -X
3. Examine the debug output and look at the Tmp-String-1 attribute that's been set after an authentication occurs.

Actual results: 

This is the FR 3.0 debug output for this statement

(20)   update control {
(20) Executing: "/bin/date -u +%%FT%%TZ"
(20)    expand: "+%%FT%%TZ" -> '+%FT%TZ'
(20)  Program returned code (0): 2014-01-27T17:20:42Z
(20)             Tmp-String-1 := '2014-01-27T17:20:42Z\n'
(20)    } # update control = noop

See the trailing '\n', it shouldn't be there

Expected results:

FR 2.2.0 output (which is still correct)

        expand: +%%FT%%TZ -> +%FT%TZ
Exec-Program output: 2014-01-27T17:35:00Z
Exec-Program-Wait: plaintext: 2014-01-27T17:35:00Z
Exec-Program: returned: 0
+++[control] returns noop

Additional info:

As a workaround, add the below after the 'offending' update statement to strip the whitespace

if ("%{control:Tmp-String-1}" =~ /^(([^ ]+)([ ]*)([^ ]+))([ ]*)$/) {
    update control {
        Tmp-String-1 := "%{1}"
    }
}

There is a commit in Github for this:

https://github.com/FreeRADIUS/freeradius-server/commit/023974a2829f3f260c38f7a85b31aa929636abcf

Comment 1 Fedora Update System 2014-05-07 18:32:49 UTC
freeradius-3.0.2-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/freeradius-3.0.2-1.fc20

Comment 2 Fedora Update System 2014-05-08 10:05:01 UTC
Package freeradius-3.0.2-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing freeradius-3.0.2-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-6089/freeradius-3.0.2-1.fc20
then log in and leave karma (feedback).

Comment 3 Fedora Update System 2014-05-24 17:18:29 UTC
freeradius-3.0.3-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/freeradius-3.0.3-1.fc20

Comment 4 Fedora Update System 2014-06-16 23:27:52 UTC
freeradius-3.0.3-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.