vb = fr_value_box_list_head(list);
if (!vb) return 0;
- /*
- * Convert directly to concatenated octets
- * don't go through a string representation
- * first.
- */
- if (fr_type_is_octets((cast))) {
- return fr_value_box_list_concat_in_place(vb, vb, list, FR_TYPE_OCTETS,
- FR_VALUE_BOX_LIST_FREE_BOX, true, SIZE_MAX);
- }
-
slen = fr_value_box_list_concat_in_place(vb, vb, list, FR_TYPE_STRING,
FR_VALUE_BOX_LIST_FREE_BOX, true, SIZE_MAX);
if (slen < 0) return -1;
(void) fr_value_box_list_pop_head(args);
talloc_free(name);
- FR_SBUFF_TALLOC_THREAD_LOCAL(&agg, 256, 8192);
+ FR_SBUFF_TALLOC_THREAD_LOCAL(&agg, 256, SIZE_MAX);
MEM(dst = fr_value_box_alloc_null(ctx));
- if (fr_value_box_list_concat_as_string(NULL, agg, args, NULL, 0, &fr_value_escape_double,
- FR_VALUE_BOX_LIST_FREE_BOX, true, true) < 0) {
+ if (fr_value_box_list_concat_as_string(NULL, agg, args, NULL, 0, NULL,
+ FR_VALUE_BOX_LIST_FREE_BOX, true) < 0) {
RPEDEBUG("Failed concatenating string");
return XLAT_ACTION_FAIL;
}
* Concatenate everything, and escape untrusted inputs.
*/
if (fr_value_box_list_concat_as_string(NULL, agg, &list, NULL, 0, ®ex_escape_rules,
- FR_VALUE_BOX_LIST_FREE_BOX, true, false) < 0) {
+ FR_VALUE_BOX_LIST_FREE_BOX, true) < 0) {
RPEDEBUG("Failed concatenating regular expression string");
talloc_free(regmatch);
return XLAT_ACTION_FAIL;
* concatenate it here. We escape the various untrusted inputs.
*/
if (fr_value_box_list_concat_as_string(NULL, agg, &rctx->list, NULL, 0, ®ex_escape_rules,
- FR_VALUE_BOX_LIST_FREE_BOX, true, false) < 0) {
+ FR_VALUE_BOX_LIST_FREE_BOX, true) < 0) {
RPEDEBUG("Failed concatenating regular expression string");
return XLAT_ACTION_FAIL;
}
* concatenate it here. We escape the various untrusted inputs.
*/
if (fr_value_box_list_concat_as_string(NULL, agg, &rctx->list, NULL, 0, NULL,
- FR_VALUE_BOX_LIST_FREE_BOX, true, true) < 0) {
+ FR_VALUE_BOX_LIST_FREE_BOX, true) < 0) {
RPEDEBUG("Failed concatenating attribute name string");
return XLAT_ACTION_FAIL;
}
FR_SBUFF_RETURN(fr_value_box_list_concat_as_string,
NULL, &our_out, UNCONST(fr_value_box_list_t *, &data->vb_group),
", ", (sizeof(", ") - 1), e_rules,
- 0, false, true);
+ 0, false);
FR_SBUFF_IN_CHAR_RETURN(&our_out, '}');
break;
* @param[in] flatten If true and we encounter a #FR_TYPE_GROUP,
* we concat the contents of its children together.
* If false, the contents will be cast to #FR_TYPE_STRING.
- * @param[in] printable Convert 'octets' to printable strings.
* @return
* - >=0 the number of bytes written to the sbuff.
* - <0 how many additional bytes we would have needed to
*/
ssize_t fr_value_box_list_concat_as_string(bool *tainted, fr_sbuff_t *sbuff, fr_value_box_list_t *list,
char const *sep, size_t sep_len, fr_sbuff_escape_rules_t const *e_rules,
- fr_value_box_list_action_t proc_action, bool flatten, bool printable)
+ fr_value_box_list_action_t proc_action, bool flatten)
{
fr_sbuff_t our_sbuff = FR_SBUFF(sbuff);
ssize_t slen;
if (!flatten) goto print;
slen = fr_value_box_list_concat_as_string(tainted, &our_sbuff, &vb->vb_group,
sep, sep_len, e_rules,
- proc_action, flatten, printable);
+ proc_action, flatten);
break;
case FR_TYPE_OCTETS:
- if (printable) goto print; /* even if !tainted */
/*
* Copy the raw string over, if necessary with escaping.
*/
if (fr_value_box_list_concat_as_string(&tainted, &sbuff, list,
NULL, 0, NULL,
- FR_VALUE_BOX_LIST_REMOVE, flatten, false) < 0) {
+ FR_VALUE_BOX_LIST_REMOVE, flatten) < 0) {
fr_strerror_printf("Concatenation exceeded max_size (%zu)", max_size);
error:
switch (type) {
*/
if (fr_value_box_list_concat_as_string(&tainted, &sbuff, list,
NULL, 0, NULL,
- proc_action, flatten, true) < 0) {
+ proc_action, flatten) < 0) {
fr_value_box_list_insert_head(list, head_vb);
goto error;
}
case FR_TYPE_STRING:
if (fr_value_box_list_concat_as_string(&tainted, &sbuff, list,
NULL, 0, NULL,
- proc_action, flatten, true) < 0) goto error;
+ proc_action, flatten) < 0) goto error;
(void)fr_sbuff_trim_talloc(&sbuff, SIZE_MAX);
entry = out->entry;
*/
ssize_t fr_value_box_list_concat_as_string(bool *tainted, fr_sbuff_t *sbuff, fr_value_box_list_t *list,
char const *sep, size_t sep_len, fr_sbuff_escape_rules_t const *e_rules,
- fr_value_box_list_action_t proc_action, bool flatten, bool printable)
+ fr_value_box_list_action_t proc_action, bool flatten)
CC_HINT(nonnull(2,3));
ssize_t fr_value_box_list_concat_as_octets(bool *tainted, fr_dbuff_t *dbuff, fr_value_box_list_t *list,
}
# Octets are expanded to 8168 hexits
-if !("%{Tmp-Octets-0}" =~ /^0x([0-9a-f]+)$/) {
+if !("0x%{hex:%{Tmp-Octets-0}}" =~ /^0x([0-9a-f]+)$/) {
test_fail
}
# Octets - network order representation of a 4 byte octet string
&Tmp-Integer-1 := "%(integer:%{Tmp-Octets-0})"
-if (!("%{Tmp-Octets-0}" == "0x%{hex:%{Tmp-Integer-1}}")) {
+if (!(%{Tmp-Octets-0} == <octets>%{Tmp-Integer-1})) {
test_fail
}
# Octets - network order representation of a 8 byte octet string
&Tmp-uint64-0 := "%(integer:%{Tmp-Octets-1})"
-#
-# Handle octets as strings for now.
-#
-if (!("%{Tmp-Octets-1}" == "0x%{hex:%{Tmp-uint64-0}}")) {
+if (!(%{Tmp-Octets-1} == <octets>%{Tmp-uint64-0})) {
test_fail
}
test_fail
}
-if (!("%{Tmp-Octets-0[*]}" == '0x00010203040506070x0706050403020100')) {
+if (!("%{Tmp-Octets-0[*]}" == 0x00010203040506070706050403020100)) {
test_fail
}
# Response hasn't been set yet, but reply.Packet-Type
# is virtual, and always exists.
-if (!("%{Packet-Authentication-Vector}" == '0x00000000000000000000000000000000')) {
+if (!("%{Packet-Authentication-Vector}" == 0x00000000000000000000000000000000)) {
test_fail
}
xlat_purify <ipaddr>127.0.0.1 == "127.0.0.1"
match true
-# LHS is IPaddr, RHS is string.
+# LHS is IPaddr, RHS is string (malformed IP address).
+# Condition code attempts to cast md4 hash to IP address resulting in an invalid comparison
xlat_purify <ipaddr>127.0.0.1 == "%{md4: 127.0.0.1}"
-match false
+match NULL
#
# Bare %{...} is allowed.
xlat_purify (&User-Name == %{md4: blah})
match (&User-Name == 0x544924d05ec4481925ba3749a096a0a7)
-xlat_purify (&User-Name == (string) %{md4: blah})
-match (&User-Name == "0x544924d05ec4481925ba3749a096a0a7")
-
-xlat_purify (&User-Name == "%{md4: blah}")
-match (&User-Name == "0x544924d05ec4481925ba3749a096a0a7")
-
# and without the double quotes.
xlat_purify (&User-Name == %{md4: blah})
match (&User-Name == 0x544924d05ec4481925ba3749a096a0a7)
match true
count
-match 334
+match 330
+# this is "foo" + PRINTABLE version of &Packet-Authentication-Vector
+xlat_expr "foo%{Packet-Authentication-Vector}"
+match foo\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000
+
xlat_expr 1 && 2
match 2
# any escaping.
#
xlat_expr "foo" + (string)&Packet-Authentication-Vector
-match foo0x00000000000000000000000000000000
+match foo\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000
# string + octets gets promoted to octets
xlat_expr "foo" + &Packet-Authentication-Vector
match 0x666f6f00000000000000000000000000000000
-# this is "foo" + PRINTABLE version of &Packet-Authentication-Vector
-xlat_expr "foo%{Packet-Authentication-Vector}"
-match foo0x00000000000000000000000000000000
-
# no escaping!
xlat_expr 'foo%{Packet-Authentication-Vector}'
match foo%{Packet-Authentication-Vector}
projects / thirdparty / freeradius-server.git / commitdiff
