* Decode the packet
*/
if (fr_radius_packet_decode(request, &request->request_pairs,
- request->packet, NULL, RADIUS_MAX_ATTRIBUTES, false, secret) != 0) {
+ request->packet, NULL, secret) != 0) {
REDEBUG("Failed decoding CoA packet");
return 0;
}
* If this fails, we're out of memory.
*/
if (fr_radius_packet_decode(request, &request->reply_pairs,
- request->reply, request->packet, RADIUS_MAX_ATTRIBUTES, false, secret) != 0) {
+ request->reply, request->packet, secret) != 0) {
REDEBUG("Reply decode failed");
stats.lost++;
goto packet_done;
fr_log_fp = NULL;
ret = fr_radius_packet_decode(packet, &decoded, packet, original ? original->expect : NULL,
- RADIUS_MAX_ATTRIBUTES, false, conf->radius_secret);
+ conf->radius_secret);
fr_log_fp = log_fp;
if (ret != 0) {
fr_radius_packet_free(&packet); /* Also frees vps */
fr_log_fp = NULL;
ret = fr_radius_packet_decode(packet, &decoded, packet, NULL,
- RADIUS_MAX_ATTRIBUTES, false, conf->radius_secret);
+ conf->radius_secret);
fr_log_fp = log_fp;
if (ret != 0) {
continue;
}
if (fr_radius_packet_decode(reply, &reply_vps, reply, packet,
- RADIUS_MAX_ATTRIBUTES, false, conf->secret) < 0) {
+ conf->secret) < 0) {
fr_perror("Failed decoding reply");
goto recv_error;
}
* @param[out] out to add pairs to.
* @param[in] packet to decode.
* @param[in] original packet, if this is a reply.
- * @param[in] max_attributes to decode.
- * @param[in] tunnel_password_zeros set random elements of the tunnel password
- * vectors to zero to aid in testing.
* @param[in] secret shared secret used for decoding encrypted
* password attributes.
* @return
*/
int fr_radius_packet_decode(TALLOC_CTX *ctx, fr_pair_list_t *out,
fr_radius_packet_t *packet, fr_radius_packet_t *original,
- uint32_t max_attributes, bool tunnel_password_zeros, char const *secret)
+ char const *secret)
{
int packet_length;
uint8_t *ptr;
common_ctx.secret_length = strlen(secret);
packet_ctx.common = &common_ctx;
- packet_ctx.tunnel_password_zeros = tunnel_password_zeros;
#ifndef NDEBUG
if (fr_debug_lvl >= L_DBG_LVL_4) fr_radius_packet_log_hex(&default_log, packet);
fr_assert(ptr != NULL);
my_len = fr_radius_decode_pair(ctx, &tmp_list, ptr, packet_length, &packet_ctx);
if (my_len < 0) {
- fail:
talloc_free(packet_ctx.tmp_ctx);
fr_pair_list_free(&tmp_list);
return -1;
*/
if (my_len == 0) break;
- /*
- * VSA's may not have been counted properly in
- * fr_radius_packet_ok() above, as it is hard to count
- * then without using the dictionary. We
- * therefore enforce the limits here, too.
- */
- if ((max_attributes > 0) && (fr_pair_list_num_elements(out) > max_attributes)) {
- char host_ipaddr[INET6_ADDRSTRLEN];
-
- fr_strerror_printf("Possible DoS attack from host %s: Too many attributes in request "
- "(received %zu, max %d are allowed)",
- inet_ntop(packet->socket.inet.src_ipaddr.af,
- &packet->socket.inet.src_ipaddr.addr,
- host_ipaddr, sizeof(host_ipaddr)),
- fr_pair_list_num_elements(out), max_attributes);
- goto fail;
- }
-
ptr += my_len;
packet_length -= my_len;
talloc_free_children(packet_ctx.tmp_ctx);
char const *secret) CC_HINT(nonnull (1,2,4));
int fr_radius_packet_decode(TALLOC_CTX *ctx, fr_pair_list_t *list,
fr_radius_packet_t *packet, fr_radius_packet_t *original,
- uint32_t max_attributes, bool tunnel_password_zeros,
- char const *secret) CC_HINT(nonnull (1,2,3,7));
+ char const *secret) CC_HINT(nonnull (1,2,3,5));
bool fr_radius_packet_ok(fr_radius_packet_t *packet, uint32_t max_attributes, bool require_ma,
decode_fail_t *reason) CC_HINT(nonnull (1));
projects / thirdparty / freeradius-server.git / commitdiff
