Disallow attribute zero in the dictionaries. Closes #851

Except for Colubris, who use it

diff --git a/src/lib/dict.c b/src/lib/dict.c
index db178ac..c32c625 100644 (file)
--- a/src/lib/dict.c
+++ b/src/lib/dict.c
@@ -660,6 +660,13 @@ int dict_addattr(char const *name, int attr, unsigned int vendor, PW_TYPE type,
                return -1;
        }
 
+       /*
+        *      Disallow attributes of type zero.
+        */
+       if (!attr && !vendor) {
+               fr_strerror_printf("dict_addattr: Attribute 0 is invalid and cannot be used");
+               return -1;
+       }
 
        /*
         *      If the attr is '-1', that means use a pre-existing
@@ -800,6 +807,12 @@ int dict_addattr(char const *name, int attr, unsigned int vendor, PW_TYPE type,
                        return -1;
                }
 
+               if (!attr && dv->type != 1) {
+                       fr_strerror_printf("dict_addattr: Attribute %s cannot have value zero",
+                                          name);
+                       return -1;
+               }
+
                /*
                 *      FIXME: Switch over dv->type, and limit things
                 *      properly.

diff --git a/src/lib/radius.c b/src/lib/radius.c
index 588a842..29c912c 100644 (file)
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -2181,7 +2181,10 @@ int rad_tlv_ok(uint8_t const *data, size_t length,
                        break;
 
                case 1:
-                       if (data[0] == 0) goto zero;
+                       /*
+                        *      Zero is allowed, because the Colubris
+                        *      people are dumb and use it.
+                        */
                        break;
 
                default: