From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 11 Dec 2023 19:58:13 +0000 (-0500)
Subject: remove last vestige of %string(...)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=08d2b8e25870235d5c16f2a5c63a5ec5fb8f121a;p=thirdparty%2Ffreeradius-server.git

remove last vestige of %string(...)

and correct the filter_password policy so that it works
---

diff --git a/raddb/policy.d/filter b/raddb/policy.d/filter
index d4631c2dd7e..54441a3e28a 100644
--- a/raddb/policy.d/filter
+++ b/raddb/policy.d/filter
@@ -118,12 +118,18 @@ filter_username {
 #  This policy filters them out.
 #
 filter_password {
-	if (&User-Password && \
-	   (&User-Password != "%string(User-Password)")) {
-		string tmp
-		&tmp := %string(User-Password)
-		&request.User-Password := %string(tmp)
-	 }
+	if &User-Password {
+   		group tmp
+		octets delim
+
+		#
+		#  Because "\000" yields "zero length delimiter is not allowed"
+		#
+		&delim = 0x00
+		&tmp.User-Password := %explode(%{User-Password}, "%{delim}")
+
+		&User-Password := &tmp.User-Password[0]
+	}
 }
 
 filter_inner_identity {
diff --git a/src/tests/keywords/filter_password b/src/tests/keywords/filter_password
new file mode 100644
index 00000000000..1c2c07af2af
--- /dev/null
+++ b/src/tests/keywords/filter_password
@@ -0,0 +1,31 @@
+#
+# Tests for NUL in the middle of a string
+#
+
+&Reply-Message := "bob\000hello"
+
+#
+#  Commented out because it fails
+#
+#if %length("\000") != 1 {
+#	test_fail
+#}
+
+if &Reply-Message {
+   	group tmp
+	octets delim
+
+	#
+	#  Because "\000" yields "zero length delimiter is not allowed"
+	#
+	&delim = 0x00
+	&tmp.Reply-Message := %explode(%{Reply-Message}, "%{delim}")
+
+	&Reply-Message := &tmp.Reply-Message[0]
+}
+
+if &Reply-Message != "bob" {
+	test_fail
+}
+
+success