From: Alan T. DeKok Date: Wed, 24 Jan 2024 21:11:01 +0000 (-0500) Subject: clean up duplicate APIs X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa98c4e3f61a09be1c0782fd087b11d81ea3af8c;p=thirdparty%2Ffreeradius-server.git clean up duplicate APIs --- diff --git a/src/bin/radclient.c b/src/bin/radclient.c index 8a71f02c24d..838f8738c8e 100644 --- a/src/bin/radclient.c +++ b/src/bin/radclient.c @@ -1184,7 +1184,7 @@ static int recv_coa_packet(fr_time_delta_t wait_time) * Decode the packet */ if (fr_radius_packet_decode(request, &request->request_pairs, - request->packet, NULL, RADIUS_MAX_ATTRIBUTES, false, secret) != 0) { + request->packet, NULL, secret) != 0) { REDEBUG("Failed decoding CoA packet"); return 0; } @@ -1358,7 +1358,7 @@ static int recv_one_packet(fr_time_delta_t wait_time) * If this fails, we're out of memory. */ if (fr_radius_packet_decode(request, &request->reply_pairs, - request->reply, request->packet, RADIUS_MAX_ATTRIBUTES, false, secret) != 0) { + request->reply, request->packet, secret) != 0) { REDEBUG("Reply decode failed"); stats.lost++; goto packet_done; diff --git a/src/bin/radsniff.c b/src/bin/radsniff.c index 0c74793ea8e..fa1d8f3be3b 100644 --- a/src/bin/radsniff.c +++ b/src/bin/radsniff.c @@ -1489,7 +1489,7 @@ static void rs_packet_process(uint64_t count, rs_event_t *event, struct pcap_pkt fr_log_fp = NULL; ret = fr_radius_packet_decode(packet, &decoded, packet, original ? original->expect : NULL, - RADIUS_MAX_ATTRIBUTES, false, conf->radius_secret); + conf->radius_secret); fr_log_fp = log_fp; if (ret != 0) { fr_radius_packet_free(&packet); /* Also frees vps */ @@ -1627,7 +1627,7 @@ static void rs_packet_process(uint64_t count, rs_event_t *event, struct pcap_pkt fr_log_fp = NULL; ret = fr_radius_packet_decode(packet, &decoded, packet, NULL, - RADIUS_MAX_ATTRIBUTES, false, conf->radius_secret); + conf->radius_secret); fr_log_fp = log_fp; if (ret != 0) { diff --git a/src/bin/radsnmp.c b/src/bin/radsnmp.c index 9c35a18e51a..f1822d272c8 100644 --- a/src/bin/radsnmp.c +++ b/src/bin/radsnmp.c @@ -824,7 +824,7 @@ do { \ continue; } if (fr_radius_packet_decode(reply, &reply_vps, reply, packet, - RADIUS_MAX_ATTRIBUTES, false, conf->secret) < 0) { + conf->secret) < 0) { fr_perror("Failed decoding reply"); goto recv_error; } diff --git a/src/protocols/radius/packet.c b/src/protocols/radius/packet.c index d90519c8478..4701ad8a222 100644 --- a/src/protocols/radius/packet.c +++ b/src/protocols/radius/packet.c @@ -105,9 +105,6 @@ ssize_t fr_radius_packet_encode(fr_radius_packet_t *packet, fr_pair_list_t *list * @param[out] out to add pairs to. * @param[in] packet to decode. * @param[in] original packet, if this is a reply. - * @param[in] max_attributes to decode. - * @param[in] tunnel_password_zeros set random elements of the tunnel password - * vectors to zero to aid in testing. * @param[in] secret shared secret used for decoding encrypted * password attributes. * @return @@ -116,7 +113,7 @@ ssize_t fr_radius_packet_encode(fr_radius_packet_t *packet, fr_pair_list_t *list */ int fr_radius_packet_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_radius_packet_t *packet, fr_radius_packet_t *original, - uint32_t max_attributes, bool tunnel_password_zeros, char const *secret) + char const *secret) { int packet_length; uint8_t *ptr; @@ -129,7 +126,6 @@ int fr_radius_packet_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, common_ctx.secret_length = strlen(secret); packet_ctx.common = &common_ctx; - packet_ctx.tunnel_password_zeros = tunnel_password_zeros; #ifndef NDEBUG if (fr_debug_lvl >= L_DBG_LVL_4) fr_radius_packet_log_hex(&default_log, packet); @@ -196,7 +192,6 @@ int fr_radius_packet_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_assert(ptr != NULL); my_len = fr_radius_decode_pair(ctx, &tmp_list, ptr, packet_length, &packet_ctx); if (my_len < 0) { - fail: talloc_free(packet_ctx.tmp_ctx); fr_pair_list_free(&tmp_list); return -1; @@ -207,24 +202,6 @@ int fr_radius_packet_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, */ if (my_len == 0) break; - /* - * VSA's may not have been counted properly in - * fr_radius_packet_ok() above, as it is hard to count - * then without using the dictionary. We - * therefore enforce the limits here, too. - */ - if ((max_attributes > 0) && (fr_pair_list_num_elements(out) > max_attributes)) { - char host_ipaddr[INET6_ADDRSTRLEN]; - - fr_strerror_printf("Possible DoS attack from host %s: Too many attributes in request " - "(received %zu, max %d are allowed)", - inet_ntop(packet->socket.inet.src_ipaddr.af, - &packet->socket.inet.src_ipaddr.addr, - host_ipaddr, sizeof(host_ipaddr)), - fr_pair_list_num_elements(out), max_attributes); - goto fail; - } - ptr += my_len; packet_length -= my_len; talloc_free_children(packet_ctx.tmp_ctx); diff --git a/src/protocols/radius/radius.h b/src/protocols/radius/radius.h index 1e71854ee8b..7ca53040c28 100644 --- a/src/protocols/radius/radius.h +++ b/src/protocols/radius/radius.h @@ -187,8 +187,7 @@ ssize_t fr_radius_packet_encode(fr_radius_packet_t *packet, fr_pair_list_t *lis char const *secret) CC_HINT(nonnull (1,2,4)); int fr_radius_packet_decode(TALLOC_CTX *ctx, fr_pair_list_t *list, fr_radius_packet_t *packet, fr_radius_packet_t *original, - uint32_t max_attributes, bool tunnel_password_zeros, - char const *secret) CC_HINT(nonnull (1,2,3,7)); + char const *secret) CC_HINT(nonnull (1,2,3,5)); bool fr_radius_packet_ok(fr_radius_packet_t *packet, uint32_t max_attributes, bool require_ma, decode_fail_t *reason) CC_HINT(nonnull (1));