rlm_eap_peap issue
양승용
joshua.yang at samsung.com
Fri Dec 23 02:37:14 CET 2005
I think that eap2vp, vp2eap function in peap.c should be modified as follows
=====================================================================================================
static VALUE_PAIR *eap2vp(EAP_DS *eap_ds,
const uint8_t *data, unsigned int data_len)
{
uint16_t eap_len, len, total;
VALUE_PAIR *vp = NULL;
VALUE_PAIR *eap_msg = NULL;
const unsigned char *ptr = NULL;
int first = 1;
/*
* Sanity check this...
*/
if (data_len + EAP_HEADER_LEN > 65534) {
radlog(L_ERR, "rlm_eap_peap: EAP Response packet is too large.");
return NULL;
}
len = eap_len = total = EAP_HEADER_LEN + data_len;
do {
if (eap_len > 253) {
len = 253;
eap_len -= 253;
} else {
len = eap_len;
eap_len = 0;
}
/*
* create a value pair & append it to the packet list
* This memory gets freed up when packet is freed up
*/
eap_msg = paircreate(PW_EAP_MESSAGE, PW_TYPE_OCTETS);
if (first) {
eap_msg->strvalue[0] = PW_EAP_RESPONSE;
eap_msg->strvalue[1] = eap_ds->response->id;
total = htons (total);
memcpy(&eap_msg->strvalue[2], &total, sizeof(uint16_t));
ptr = data;
memcpy(&eap_msg->strvalue[4], ptr, len - 4);
ptr = ptr + len - 4;
first = 0;
}
else {
memcpy(eap_msg->strvalue, ptr, len);
eap_msg->length = len;
ptr += len;
}
pairadd(&vp, eap_msg);
eap_msg = NULL;
} while (eap_len);
return vp;
}
static int vp2eap(tls_session_t *tls_session, VALUE_PAIR *vp)
{
VALUE_PAIR *first, *vps;
uint16_t len;
int total_len;
/*
* Get only EAP-Message attribute list
*/
first = pairfind(vp, PW_EAP_MESSAGE);
if (first == NULL) {
radlog(L_ERR, "vp2eap: EAP-Message not found");
return 0;
}
/*
* Sanity check the length before doing anything.
*/
if (first->length < 4) {
radlog(L_ERR, "vp2eap: EAP packet is too short.");
return 0;
}
/*
* Get the Actual length from the EAP packet
* First EAP-Message contains the EAP packet header
*/
memcpy(&len, first->strvalue + 2, sizeof(len));
len = ntohs(len);
/*
* Take out even more weird things.
*/
if (len < 4) {
radlog(L_ERR, "vp2eap: EAP packet has invalid length.");
return 0;
}
/*
* Sanity check the length, BEFORE malloc'ing memory.
*/
total_len = 0;
for (vps = first; vps; vps = pairfind(vps->next, PW_EAP_MESSAGE)) {
total_len += vps->length;
if (total_len > len) {
radlog(L_ERR, "vp2eap: Malformed EAP packet."
" Length in packet header does not match actual length");
return 0;
}
}
/*
* If the length is SMALLER, die, too.
*/
if (total_len < len) {
radlog(L_ERR, "vp2eap: Malformed EAP packet. "
" Length in packet header does not match actual length");
return 0;
}
/* RADIUS ensures order of attrs, so just concatenate all */
for (vps = first; vps; vps = pairfind(vps->next, PW_EAP_MESSAGE)) {
if (vps == first)
record_plus(&tls_session->clean_in, vps->strvalue + EAP_HEADER_LEN,
vps->length - EAP_HEADER_LEN);
else
record_plus(&tls_session->clean_in, vps->strvalue, vps->length);
}
tls_handshake_send(tls_session);
record_init(&tls_session->clean_in);
return 1;
}
=====================================================
시큐아이닷컴(주)
서울시 서초구 양재동 261-8 우제빌딩 5층 유넷사업부
애니클릭팀 IA 파트장 양 승 용
Tel. 02-390-8077 Fax. 02)390-8099
Hp. 016-383-6558 Email. joshua.yang at samsung.com
=====================================================
More information about the Freeradius-Devel
mailing list