projects / freeradius.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ef8b06c)
Be more stringent about encoding TLVs
authorAlan T. DeKok <aland@freeradius.org>
Tue, 6 Oct 2009 12:38:23 +0000 (14:38 +0200)
committerAlan T. DeKok <aland@freeradius.org>
Mon, 31 May 2010 08:16:17 +0000 (10:16 +0200)
src/lib/radius.c patch | blob | history

diff --git a/src/lib/radius.c b/src/lib/radius.c
index cf3aa99..45dbb7a 100644 (file)
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -712,6 +712,7 @@ static uint8_t *vp2data(const RADIUS_PACKET *packet,
                        fr_strerror_printf("ERROR: Cannot encode NULL TLV");
                        return NULL;
                }
+               if (vp->length > room) return 0; /* can't chop TLVs to fit */
                break;
 
        default:                /* unknown type: ignore it */
@@ -985,10 +986,18 @@ int rad_vp2attr(const RADIUS_PACKET *packet, const RADIUS_PACKET *original,
 
                        /*
                         *      Ignore TLVs that don't have data, OR
-                        *      have too much data.
+                        *      have too much data to fit in the
+                        *      packet, OR have too much data to fit
+                        *      in the attribute.
                         */
                        if (vp->flags.has_tlv &&
-                           (!vp->vp_tlv || (vp->length > room))) return 0;
+                           (!vp->vp_tlv || (vp->length > room) ||
+
+                            /*
+                             *         6 + 1 (vsa_tlen) + 1 (vsa_llen)
+                             *         + 1 (vsa_offset).
+                             */
+                            (vp->length > (255 - 9)))) return 0;
 
 
                        /*
Unnamed repository; edit this file 'description' to name the repository.