Should MAX_STRING_LEN be 253?
Greetings everyone. This email concerns the constant "MAX_STRING_LEN". Problem description: libradius.h #define MAX_STRING_LEN 254 /* RFC2138: string 0-253 octets */ I have been working on a EAP radius authentication issue where the Radius server is a Windows 2008 NPS. Authentication fails due to malformed packets. The freeradius package is being used to encode the message to be sent to the server. RFC2138 says: A summary of the Attribute format is shown below. The fields are transmitted from left to right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | Type | Length | Value ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- The format of the value field is one of four data types. string 0-253 octets Based on the RFC the constant is correctly defined to be 254 bytes. All the same, if 2 bytes of the 255 bytes are reserved for type and length, I am left with 253 bytes to store my data. As the constant MAX_STRING_LEN is being used in our code to split a big EAP message into multiple segments, we tend to loose one byte in every segment causing authentication failure (malformed packet received). Question: Based on the above analysis it was felt that the constant should be 253. Should the constant be changed to 253 or is there any other reason for keeping it at 254? Have a nice day everyone. Cheers, Makarand. -- ___________________________________________________________________________ NOTICE OF CONFIDENTIALITY: This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this e-mail and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. _____________________________________________________________________
Makarand Pradhan wrote:
As the constant MAX_STRING_LEN is being used in our code to split a big EAP message into multiple segments, we tend to loose one byte in every segment causing authentication failure (malformed packet received).
Your code is wrong... it should be splitting EAP messages every 253 octets.
Question: Based on the above analysis it was felt that the constant should be 253. Should the constant be changed to 253 or is there any other reason for keeping it at 254?
The constant is 254 for reasons internal to FreeRADIUS. Alan DeKok.
Appreciate your prompt response Alan. I do understand that I have to split the EAP message every 253 bytes. I can define it as a constant in my code, but I would prefer to use a constant defined by the freeradius package. MAX_STRING_LEN appeared to be the obvious choice. I'm using (MAX_STRING_LEN - 1), but if MAX_STRING_LEN is used for some other internal reasons to FreeRadius, it may change in the future breaking my code. That's my only worry. Thanks for your time. Warm Rgds, Makarand. On 18/08/11 07:18 PM, Alan DeKok wrote:
Makarand Pradhan wrote:
As the constant MAX_STRING_LEN is being used in our code to split a big EAP message into multiple segments, we tend to loose one byte in every segment causing authentication failure (malformed packet received).
Your code is wrong... it should be splitting EAP messages every 253 octets.
Question: Based on the above analysis it was felt that the constant should be 253. Should the constant be changed to 253 or is there any other reason for keeping it at 254?
The constant is 254 for reasons internal to FreeRADIUS.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- ___________________________________________________________________________ NOTICE OF CONFIDENTIALITY: This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this e-mail and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. _____________________________________________________________________
On 19 Aug 2011, at 16:13, Makarand Pradhan wrote:
Appreciate your prompt response Alan.
I do understand that I have to split the EAP message every 253 bytes. I can define it as a constant in my code, but I would prefer to use a constant defined by the freeradius package. MAX_STRING_LEN appeared to be the obvious choice.
Define your own constant, the maximum RADIUS attribute value length will not be changing any time soon, or at least not in ways you'll have to worry about.
I'm using (MAX_STRING_LEN - 1), but if MAX_STRING_LEN is used for some other internal reasons to FreeRadius, it may change in the future breaking my code. That's my only worry.
It may go away entirely at some point and break your code. -Arran
On 18/08/11 07:18 PM, Alan DeKok wrote:
Makarand Pradhan wrote:
As the constant MAX_STRING_LEN is being used in our code to split a big EAP message into multiple segments, we tend to loose one byte in every segment causing authentication failure (malformed packet received).
Your code is wrong... it should be splitting EAP messages every 253 octets.
Question: Based on the above analysis it was felt that the constant should be 253. Should the constant be changed to 253 or is there any other reason for keeping it at 254?
The constant is 254 for reasons internal to FreeRADIUS.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- ___________________________________________________________________________ NOTICE OF CONFIDENTIALITY: This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this e-mail and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. _____________________________________________________________________
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Arran Cudbard-Bell a.cudbardb@freeradius.org RADIUS - Half the complexity of Diameter
Thanks for your response Arran. Warm Rgds, Makarand. On 19/08/11 10:18 AM, Arran Cudbard-Bell wrote:
On 19 Aug 2011, at 16:13, Makarand Pradhan wrote:
Appreciate your prompt response Alan.
I do understand that I have to split the EAP message every 253 bytes. I can define it as a constant in my code, but I would prefer to use a constant defined by the freeradius package. MAX_STRING_LEN appeared to be the obvious choice.
Define your own constant, the maximum RADIUS attribute value length will not be changing any time soon, or at least not in ways you'll have to worry about.
I'm using (MAX_STRING_LEN - 1), but if MAX_STRING_LEN is used for some other internal reasons to FreeRadius, it may change in the future breaking my code. That's my only worry.
It may go away entirely at some point and break your code.
-Arran
On 18/08/11 07:18 PM, Alan DeKok wrote:
Makarand Pradhan wrote:
As the constant MAX_STRING_LEN is being used in our code to split a big EAP message into multiple segments, we tend to loose one byte in every segment causing authentication failure (malformed packet received).
Your code is wrong... it should be splitting EAP messages every 253 octets.
Question: Based on the above analysis it was felt that the constant should be 253. Should the constant be changed to 253 or is there any other reason for keeping it at 254?
The constant is 254 for reasons internal to FreeRADIUS.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- ___________________________________________________________________________ NOTICE OF CONFIDENTIALITY: This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this e-mail and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. _____________________________________________________________________
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Arran Cudbard-Bell a.cudbardb@freeradius.org
RADIUS - Half the complexity of Diameter
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- ___________________________________________________________________________ NOTICE OF CONFIDENTIALITY: This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this e-mail and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. _____________________________________________________________________
participants (3)
-
Alan DeKok -
Arran Cudbard-Bell -
Makarand Pradhan