0 Kudos

Sanitize Password input from controller

Submitted by -
Status: New Idea

Hi! 

 

Could not find an issue tracker so this is hopefully the best place to post an issue.

 

There seem to be no/not-good-enough sanitation on passwords for users on radius. I created a new user with the following password, "Zk}b?"M6SYF)!4j6h+", which broke RADIUS and therefore my l2tp vpn. Please sanitize user input. I am expecting this to be fixed pretty soon!

 

Log as follows. User removed about 19:35:

admin@Firewall:~$ sudo cat /var/log/freeradius/radius.log
Sun Mar 17 17:52:18 2019 : Error: /etc/freeradius/users[29]: Parse error (check) for entry myUser: Expected end of line or comma
Sun Mar 17 17:52:18 2019 : Error: Errors reading /etc/freeradius/users
Sun Mar 17 17:52:18 2019 : Error: /etc/freeradius/modules/files[7]: Instantiation failed for module "files"
Sun Mar 17 17:52:18 2019 : Error: /etc/freeradius/sites-enabled/default[170]: Failed to load module "files".
Sun Mar 17 17:52:18 2019 : Error: /etc/freeradius/sites-enabled/default[69]: Errors parsing authorize section.
Sun Mar 17 17:52:18 2019 : Error: Failed to load virtual server <default>
Sun Mar 17 17:52:28 2019 : Error: /etc/freeradius/users[29]: Parse error (check) for entry myUser: Expected end of line or comma
Sun Mar 17 17:52:28 2019 : Error: Errors reading /etc/freeradius/users
Sun Mar 17 17:52:28 2019 : Error: /etc/freeradius/modules/files[7]: Instantiation failed for module "files"
Sun Mar 17 17:52:28 2019 : Error: /etc/freeradius/sites-enabled/default[170]: Failed to load module "files".
Sun Mar 17 17:52:28 2019 : Error: /etc/freeradius/sites-enabled/default[69]: Errors parsing authorize section.
Sun Mar 17 17:52:28 2019 : Error: Failed to load virtual server <default>
Sun Mar 17 18:12:52 2019 : Error: /etc/freeradius/users[29]: Parse error (check) for entry myUser: Expected end of line or comma
Sun Mar 17 18:12:52 2019 : Error: Errors reading /etc/freeradius/users
Sun Mar 17 18:12:52 2019 : Error: /etc/freeradius/modules/files[7]: Instantiation failed for module "files"
Sun Mar 17 18:12:52 2019 : Error: /etc/freeradius/sites-enabled/default[170]: Failed to load module "files".
Sun Mar 17 18:12:52 2019 : Error: /etc/freeradius/sites-enabled/default[69]: Errors parsing authorize section.
Sun Mar 17 18:12:52 2019 : Error: Failed to load virtual server <default>
Sun Mar 17 19:58:33 2019 : Info: Loaded virtual server <default>
Sun Mar 17 19:58:33 2019 : Info: Loaded virtual server inner-tunnel
Sun Mar 17 19:58:33 2019 : Info: ... adding new socket proxy address * port 50350
Sun Mar 17 19:58:33 2019 : Info: Ready to process requests.