From: Kevin Wasserman Date: Wed, 2 Jul 2014 11:56:39 +0000 (-0400) Subject: Channel bindings fixes X-Git-Tag: v3.0.10-moonshot~75 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;ds=sidebyside;h=46cefce284e35d714655b2fdc9a273a5434fabad;p=freeradius.git Channel bindings fixes -fix size calculation -skip unwanted attrs when copying -add safety check to copy code in case size is wrong -add cast to get correct result from talloc_array_length() --- diff --git a/src/modules/rlm_eap/libeap/eap_chbind.c b/src/modules/rlm_eap/libeap/eap_chbind.c index a99ebf5..802182b 100644 --- a/src/modules/rlm_eap/libeap/eap_chbind.c +++ b/src/modules/rlm_eap/libeap/eap_chbind.c @@ -45,7 +45,7 @@ static bool chbind_build_response(REQUEST *request, CHBIND_REQ *chbind) if (vp->da->flags.encrypt != FLAG_ENCRYPT_NONE) continue; if (!vp->da->vendor && (vp->da->attr == PW_MESSAGE_AUTHENTICATOR)) continue; - total = 2 + vp->length; + total += 2 + vp->length; } /* @@ -88,8 +88,15 @@ static bool chbind_build_response(REQUEST *request, CHBIND_REQ *chbind) for (vp = fr_cursor_init(&cursor, &request->reply->vps); vp != NULL; vp = fr_cursor_next(&cursor)) { - length = rad_vp2attr(NULL, NULL, NULL, &vp, ptr, end - ptr); - ptr += length; + /* + * Skip things which shouldn't be in channel bindings. + */ + if (vp->da->flags.encrypt != FLAG_ENCRYPT_NONE) continue; + if (!vp->da->vendor && (vp->da->attr == PW_MESSAGE_AUTHENTICATOR)) continue; + if (ptr < end) { + length = rad_vp2attr(NULL, NULL, NULL, &vp, ptr, end - ptr); + ptr += length; + } } return true; @@ -282,7 +289,7 @@ VALUE_PAIR *eap_chbind_packet2vp(REQUEST *request, const chbind_packet_t *packet vp = paircreate(request->packet, PW_UKERNA_CHBIND, VENDORPEC_UKERNA); if (!vp) return NULL; - pairmemcpy(vp, (const uint8_t *) packet, talloc_array_length(packet)); + pairmemcpy(vp, (const uint8_t *) packet, talloc_array_length((uint8_t *)packet)); return vp; }