Permalink
Browse files

FR-GV-302 - do checks based on pointers, not on decoded data

because decoded data may be empty
  • Loading branch information...
alandekok committed Jun 28, 2017
1 parent 4b05929 commit 6726c16549b131ed39f6f8886cdf5d9d922a9a97
Showing with 21 additions and 1 deletion.
  1. +9 −1 src/lib/radius.c
  2. +12 −0 src/tests/unit/rfc.txt
@@ -2952,16 +2952,23 @@ static ssize_t data2vp_concat(TALLOC_CTX *ctx,
* don't care about walking off of the end of it.
*/
while (ptr < end) {
if (ptr[1] < 2) return -1;
if ((ptr + ptr[1]) > end) return -1;

total += ptr[1] - 2;

ptr += ptr[1];

if (ptr == end) break;

/*
* Attributes MUST be consecutive.
*/
if (ptr[0] != attr) break;
}

end = ptr;

vp = fr_pair_afrom_da(ctx, da);
if (!vp) return -1;

@@ -2974,14 +2981,15 @@ static ssize_t data2vp_concat(TALLOC_CTX *ctx,

total = 0;
ptr = start;
while (total < vp->vp_length) {
while (ptr < end) {
memcpy(p, ptr + 2, ptr[1] - 2);
p += ptr[1] - 2;
total += ptr[1] - 2;
ptr += ptr[1];
}

*pvp = vp;

return ptr - start;
}

@@ -178,6 +178,18 @@ data Failed to parse IPv4 address string "256/8"
attribute PMIP6-Home-IPv4-HoA = bob/8
data Failed to parse IPv4 address string "bob/8"

#
# A "concat" attribute, with no data
#
decode 89 02
data PKM-SS-Cert = 0x

#
# Or with weirdly formatted data
#
decode 89 03 ff 89 02 89 03 fe
data PKM-SS-Cert = 0xfffe

$INCLUDE tunnel.txt
$INCLUDE errors.txt
$INCLUDE extended.txt

0 comments on commit 6726c16

Please sign in to comment.