From: Alan T. DeKok Date: Fri, 4 Mar 2022 20:46:44 +0000 (-0500) Subject: double-check flags for "length=uint16,array" X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0fcaf3b45227c00400560c07213e302699655d41;p=thirdparty%2Ffreeradius-server.git double-check flags for "length=uint16,array" to tighten up the restrictions a bit, and to make the dictionaries more explicit --- diff --git a/src/lib/util/dict_validate.c b/src/lib/util/dict_validate.c index 628e7929f59..0c48e8e8874 100644 --- a/src/lib/util/dict_validate.c +++ b/src/lib/util/dict_validate.c @@ -199,13 +199,24 @@ bool dict_attr_flags_valid(fr_dict_t *dict, fr_dict_attr_t const *parent, FALL_THROUGH; case FR_TYPE_STRING: - if (flags->subtype != FLAG_LENGTH_UINT16) { + /* + * We can do arrays of variable-length types, so long as they have a "length=" + * modifier. + * + * But any other modifier is foridden, including the use of "length=" outside of + * the context of arrays. + */ + if (flags->array) { + ALLOW_FLAG(array); + + if (flags->subtype != FLAG_LENGTH_UINT16) goto invalid_extra; + } else if (flags->subtype) { + invalid_extra: fr_strerror_const("Invalid type for extra flag."); return false; } ALLOW_FLAG(extra); - ALLOW_FLAG(array); ALLOW_FLAG(subtype); break;