Skip to content

Commit

Permalink
Enforce "length" on octets for encode / decode
Browse files Browse the repository at this point in the history
  • Loading branch information
@alandekok
alandekok committed Nov 20, 2015
1 parent 0ffe3be commit 02c2a66
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
7 changes: 7 additions & 0 deletions src/lib/radius_decode.c
View file
Expand Up @@ -970,6 +970,13 @@ ssize_t fr_radius_decode_pair_value(TALLOC_CTX *ctx, vp_cursor_t *cursor, fr_dic
break;

default:
/*
* Chop the attribute to its maximum length.
*/
if ((parent->type == PW_TYPE_OCTETS) &&
(parent->flags.length && (datalen > parent->flags.length))) {
datalen = parent->flags.length;
}
break;
} /* switch over encryption flags */
}
Expand Down
11 changes: 10 additions & 1 deletion src/lib/radius_encode.c
View file
Expand Up @@ -650,8 +650,17 @@ static ssize_t encode_value(uint8_t *out, size_t outlen,
len = vp->vp_length;

switch (da->type) {
case PW_TYPE_STRING:
case PW_TYPE_OCTETS:
/*
* If asked to encode more data than allowed, we
* encode only the allowed data.
*/
if (da->flags.length && (len > da->flags.length)) {
len = da->flags.length;
}
/* FALL-THROUGH */

case PW_TYPE_STRING:
data = vp->data.ptr;
if (!data) {
fr_strerror_printf("ERROR: Cannot encode NULL data");
Expand Down

0 comments on commit 02c2a66

Please sign in to comment.