Encrypted attrs can only be for old-style attrs.

Closes CID #1035573
FreeRADIUS · Mar 25, 2014 · ca8251c · ca8251c
1 parent 058ba66
commit ca8251c
Showing 1 changed file with 10 additions and 5 deletions.
diff --git a/src/lib/radius.c b/src/lib/radius.c
@@ -3461,12 +3461,17 @@ static ssize_t data2vp(RADIUS_PACKET *packet,
 	 *	Decrypt the attribute.
 	 */
 	if (secret && packet && (da->flags.encrypt != FLAG_ENCRYPT_NONE)) {
+		/*
+		 *	Encrypted attributes can only exist for the
+		 *	old-style format.  Extended attributes CANNOT
+		 *	be encrypted.
+		 */
+		if (attrlen > 253) {
+			return -1;
+		}
+
 		if (data == start) {
-			if (attrlen < sizeof(buffer)) {
-				memcpy(buffer, data, attrlen);
-			} else {
-				memcpy(buffer, data, sizeof(buffer));
-			}
+			memcpy(buffer, data, attrlen);
 		}
 		data = buffer;