Tests for Tunnel-Password

And a fix for when it would encode passwords with the
wrong length

diff --git a/src/lib/radius.c b/src/lib/radius.c
index a2c5ec3c4384561decb5b855bb6e79c8fdf7966f..a7de70c5c69a9b38aa6a71105fadfba08474adc3 100644 (file)
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -972,13 +972,15 @@ static ssize_t vp2data_any(RADIUS_PACKET const *packet,
                        make_tunnel_passwd(ptr + lvalue, &len, data, len,
                                           room - lvalue,
                                           secret, original->vector);
+                       len += lvalue;
                        break;
                case PW_CODE_ACCOUNTING_REQUEST:
                case PW_CODE_DISCONNECT_REQUEST:
                case PW_CODE_COA_REQUEST:
                        ptr[0] = TAG_VALID(vp->tag) ? vp->tag : TAG_NONE;
-                       make_tunnel_passwd(ptr + 1, &len, data, len - 1, room,
+                       make_tunnel_passwd(ptr + 1, &len, data, len, room - 1,
                                           secret, packet->vector);
+                       len += lvalue;
                        break;
                }
                break;

diff --git a/src/tests/unit/rfc.txt b/src/tests/unit/rfc.txt
index e8c37b9d3c3e864d6e17ef40f2ee7cf9dadaffa2..d89b1742c45acc6673498bbb285273abd31d1f50 100644 (file)
--- a/src/tests/unit/rfc.txt
+++ b/src/tests/unit/rfc.txt
@@ -135,6 +135,7 @@ data Framed-IPv6-Prefix = 11:22:33:44:55:66:77:88/128
 attribute Framed-IPv6-Prefix = *
 data Framed-IPv6-Prefix = ::/128
 
+$INCLUDE tunnel.txt
 $INCLUDE errors.txt
 $INCLUDE extended.txt
 $INCLUDE lucent.txt

diff --git a/src/tests/unit/tunnel.txt b/src/tests/unit/tunnel.txt
new file mode 100644 (file)
index 0000000..6b8cc25
--- /dev/null
+++ b/src/tests/unit/tunnel.txt
@@ -0,0 +1,71 @@
+#
+#  We can't look at the data here, because the encoded Tunnel-Password has a 2 byte
+#  random salt
+#
+encode Tunnel-Password:0 = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxabc"
+decode -
+data Tunnel-Password:0 = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxabc"
+
+encode Tunnel-Password:0 = "0"
+decode -
+data Tunnel-Password:0 = "0"
+
+encode Tunnel-Password:0 = "01"
+decode -
+data Tunnel-Password:0 = "01"
+
+encode Tunnel-Password:0 = "012"
+decode -
+data Tunnel-Password:0 = "012"
+
+encode Tunnel-Password:0 = "0123"
+decode -
+data Tunnel-Password:0 = "0123"
+
+encode Tunnel-Password:0 = "01234"
+decode -
+data Tunnel-Password:0 = "01234"
+
+encode Tunnel-Password:0 = "012345"
+decode -
+data Tunnel-Password:0 = "012345"
+
+encode Tunnel-Password:0 = "0123456"
+decode -
+data Tunnel-Password:0 = "0123456"
+
+encode Tunnel-Password:0 = "01234567"
+decode -
+data Tunnel-Password:0 = "01234567"
+
+encode Tunnel-Password:0 = "012345678"
+decode -
+data Tunnel-Password:0 = "012345678"
+
+encode Tunnel-Password:0 = "0123456789"
+decode -
+data Tunnel-Password:0 = "0123456789"
+
+encode Tunnel-Password:0 = "0123456789a"
+decode -
+data Tunnel-Password:0 = "0123456789a"
+
+encode Tunnel-Password:0 = "0123456789ab"
+decode -
+data Tunnel-Password:0 = "0123456789ab"
+
+encode Tunnel-Password:0 = "0123456789abc"
+decode -
+data Tunnel-Password:0 = "0123456789abc"
+
+encode Tunnel-Password:0 = "0123456789abcd"
+decode -
+data Tunnel-Password:0 = "0123456789abcd"
+
+encode Tunnel-Password:0 = "0123456789abcde"
+decode -
+data Tunnel-Password:0 = "0123456789abcde"
+
+encode Tunnel-Password:0 = "0123456789abcdef"
+decode -
+data Tunnel-Password:0 = "0123456789abcdef"