fprintf(fr_log_fp, " Socket:\t%d\n", packet->sockfd);
#ifdef WITH_TCP
- fprintf(fr_log_fp, " Proto:\t%u\n", packet->proto);
+ fprintf(fr_log_fp, " Proto:\t%d\n", packet->proto);
#endif
if (packet->src_ipaddr.af == AF_INET) {
struct sockaddr_storage src;
socklen_t sizeof_src = sizeof(src);
- data_len = recvfrom(sockfd, header, sizeof(header), MSG_PEEK,
- (struct sockaddr *)&src, &sizeof_src);
+ data_len = recvfrom(sockfd, header, sizeof(header), MSG_PEEK, (struct sockaddr *)&src, &sizeof_src);
if (data_len < 0) {
if ((errno == EAGAIN) || (errno == EINTR)) return 0;
return -1;
}
/*
+ * Convert AF. If unknown, discard packet.
+ */
+ if (!fr_sockaddr2ipaddr(&src, sizeof_src, src_ipaddr, src_port)) {
+ FR_DEBUG_STRERROR_PRINTF("Unkown address family");
+ rad_recv_discard(sockfd);
+
+ return 1;
+ }
+
+ /*
* Too little data is available, discard the packet.
*/
if (data_len < 4) {
FR_DEBUG_STRERROR_PRINTF("Expected at least 4 bytes of header data, got %zu bytes", data_len);
+invalid:
+ FR_DEBUG_STRERROR_PRINTF("Invalid data from %s: %s",
+ fr_inet_ntop(src_ipaddr->af, &src_ipaddr->ipaddr),
+ fr_strerror());
rad_recv_discard(sockfd);
return 1;
+ }
- } else { /* we got 4 bytes of data. */
- /*
- * See how long the packet says it is.
- */
- packet_len = (header[2] * 256) + header[3];
-
- /*
- * The length in the packet says it's less than
- * a RADIUS header length: discard it.
- */
- if (packet_len < RADIUS_HDR_LEN) {
- FR_DEBUG_STRERROR_PRINTF("Expected at least " STRINGIFY(RADIUS_HDR_LEN) " bytes of packet "
- "data, got %zu bytes", packet_len);
- rad_recv_discard(sockfd);
-
- return 1;
-
- /*
- * Enforce RFC requirements, for sanity.
- * Anything after 4k will be discarded.
- */
- } else if (packet_len > MAX_PACKET_LEN) {
- FR_DEBUG_STRERROR_PRINTF("Length field value too large, expected maximum of "
- STRINGIFY(MAX_PACKET_LEN) " bytes, got %zu bytes", packet_len);
- rad_recv_discard(sockfd);
+ /*
+ * See how long the packet says it is.
+ */
+ packet_len = (header[2] * 256) + header[3];
- return 1;
- }
+ /*
+ * The length in the packet says it's less than
+ * a RADIUS header length: discard it.
+ */
+ if (packet_len < RADIUS_HDR_LEN) {
+ FR_DEBUG_STRERROR_PRINTF("Expected at least " STRINGIFY(RADIUS_HDR_LEN) " bytes of packet "
+ "data, got %zu bytes", packet_len);
+ goto invalid;
}
/*
- * Convert AF. If unknown, discard packet.
+ * Enforce RFC requirements, for sanity.
+ * Anything after 4k will be discarded.
*/
- if (!fr_sockaddr2ipaddr(&src, sizeof_src, src_ipaddr, src_port)) {
- FR_DEBUG_STRERROR_PRINTF("Unkown address family");
- rad_recv_discard(sockfd);
-
- return 1;
+ if (packet_len > MAX_PACKET_LEN) {
+ FR_DEBUG_STRERROR_PRINTF("Length field value too large, expected maximum of "
+ STRINGIFY(MAX_PACKET_LEN) " bytes, got %zu bytes", packet_len);
+ goto invalid;
}
*code = header[0];
buffer[253] = '\0';
/*
- * Take off trailing zeros from the END.
- * This allows passwords to have zeros in
- * the middle of a field.
- *
- * However, if the password has a zero at
- * the end, it will get mashed by this
- * code. There's really no way around
- * that.
+ * MS-CHAP-MPPE-Keys are 24 octets, and
+ * encrypted. Since it's binary, we can't
+ * look for trailing zeros.
*/
- while ((datalen > 0) && (buffer[datalen - 1] == '\0')) datalen--;
+ if (da->flags.length) {
+ if (datalen > da->flags.length) {
+ datalen = da->flags.length;
+ } /* else leave datalen alone */
+ } else {
+ /*
+ * Take off trailing zeros from the END.
+ * This allows passwords to have zeros in
+ * the middle of a field.
+ *
+ * However, if the password has a zero at
+ * the end, it will get mashed by this
+ * code. There's really no way around
+ * that.
+ */
+ while ((datalen > 0) && (buffer[datalen - 1] == '\0')) datalen--;
+ }
break;
/*