RADIUS/EAP server: Use longer username buffer to avoid truncation

If the peer provides a username with large part of it being non-ASCII
characters, the previously used buffers may not have been long enough to
include the full string in debug logs and database search due to forced
truncation of the string by printf_encode(). Avoid this by increasing
the buffer sizes to fit in the maximum result.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/eap_server/eap_server_identity.c b/src/eap_server/eap_server_identity.c
index b3c20873a00818cf211de965b02198888abe2c1c..45015336b9079e61eda8b419c0bf81fd0b5f48cc 100644 (file)
--- a/src/eap_server/eap_server_identity.c
+++ b/src/eap_server/eap_server_identity.c
@@ -120,9 +120,9 @@ static void eap_identity_process(struct eap_sm *sm, void *priv,
                return; /* Should not happen - frame already validated */
 
        wpa_hexdump_ascii(MSG_DEBUG, "EAP-Identity: Peer identity", pos, len);
-       buf = os_malloc(len * 3 + 1);
+       buf = os_malloc(len * 4 + 1);
        if (buf) {
-               printf_encode(buf, len * 3 + 1, pos, len);
+               printf_encode(buf, len * 4 + 1, pos, len);
                eap_log_msg(sm, "EAP-Response/Identity '%s'", buf);
                os_free(buf);
        }

diff --git a/src/eap_server/eap_server_mschapv2.c b/src/eap_server/eap_server_mschapv2.c
index 790c719507762209aabdf95424c21439d3b88409..0eb7908f30f806c7b14b66de6066fa383afadadb 100644 (file)
--- a/src/eap_server/eap_server_mschapv2.c
+++ b/src/eap_server/eap_server_mschapv2.c
@@ -330,9 +330,9 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
        wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
        wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
 
-       buf = os_malloc(name_len * 3 + 1);
+       buf = os_malloc(name_len * 4 + 1);
        if (buf) {
-               printf_encode(buf, name_len * 3 + 1, name, name_len);
+               printf_encode(buf, name_len * 4 + 1, name, name_len);
                eap_log_msg(sm, "EAP-MSCHAPV2 Name '%s'", buf);
                os_free(buf);
        }

diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c
index 24225a45ab9c3d4ec72aa9318162cf7532cc1025..d09a7693386a7b9806f010e30c43ff842dd4036b 100644 (file)
--- a/src/eap_server/eap_server_ttls.c
+++ b/src/eap_server/eap_server_ttls.c
@@ -985,9 +985,9 @@ static void eap_ttls_process_phase2(struct eap_sm *sm,
 
        if (parse.user_name) {
                char *nbuf;
-               nbuf = os_malloc(parse.user_name_len * 3 + 1);
+               nbuf = os_malloc(parse.user_name_len * 4 + 1);
                if (nbuf) {
-                       printf_encode(nbuf, parse.user_name_len * 3 + 1,
+                       printf_encode(nbuf, parse.user_name_len * 4 + 1,
                                      parse.user_name,
                                      parse.user_name_len);
                        eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf);

diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 78c996146c81f14da6ddd0eb1f73aed48fdcef10..c35ba557a1fc3158b58b148d7ad86906b0bf188d 100644 (file)
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -639,12 +639,12 @@ radius_server_get_new_session(struct radius_server_data *data,
        sess->accept_attr = tmp.accept_attr;
        sess->macacl = tmp.macacl;
 
-       sess->username = os_malloc(user_len * 2 + 1);
+       sess->username = os_malloc(user_len * 4 + 1);
        if (sess->username == NULL) {
                radius_server_session_free(data, sess);
                return NULL;
        }
-       printf_encode(sess->username, user_len * 2 + 1, user, user_len);
+       printf_encode(sess->username, user_len * 4 + 1, user, user_len);
 
        sess->nas_ip = os_strdup(from_addr);
        if (sess->nas_ip == NULL) {