Allow EAP-Message APVs > 253 octets in EAP-TTLS module

According to RFC 5281, section 11.2.1 tunneled EAP packets that are
larger than 253 octets MUST be contained in a single EAP-Message AVP.

Also fixed the debug statement.

diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
index 9ad6264..caaa62e 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
@@ -201,8 +201,11 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, SSL *ssl,
                        goto next_attr;
                }
 
-               if (size > 253) {
-                       RDEBUG2("WARNING: diameter2vp skipping long attribute %u, attr");
+               /*
+                * EAP-Message AVPs can be larger than 253 octets.
+                */
+               if ((size > 253) && !((VENDOR(attr) == 0) && (attr == PW_EAP_MESSAGE))) {
+                       RDEBUG2("WARNING: diameter2vp skipping long attribute %u", attr);
                        goto next_attr;
                }