From: Alan T. DeKok <aland@freeradius.org>
Date: Tue, 8 Sep 2015 14:15:34 +0000 (-0400)
Subject: Parse hex Ascend-Data-Filter correctly
X-Git-Tag: release_3_0_10~156
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b96e7b773d5e9e4f45ff0000a6ab1d1c582cb64f;p=thirdparty%2Ffreeradius-server.git

Parse hex Ascend-Data-Filter correctly
---

diff --git a/src/lib/value.c b/src/lib/value.c
index 8b4bb17a884..5f2ad75ef78 100644
--- a/src/lib/value.c
+++ b/src/lib/value.c
@@ -600,7 +600,6 @@ ssize_t value_data_from_str(TALLOC_CTX *ctx, value_data_t *dst,
 			goto finish;
 		}
 
-	do_octets:
 		len -= 2;
 
 		/*
@@ -625,12 +624,25 @@ ssize_t value_data_from_str(TALLOC_CTX *ctx, value_data_t *dst,
 
 	case PW_TYPE_ABINARY:
 #ifdef WITH_ASCEND_BINARY
-		if ((len > 1) && (strncasecmp(src, "0x", 2) == 0)) goto do_octets;
+		if ((len > 1) && (strncasecmp(src, "0x", 2) == 0)) {
+			ssize_t bin;
 
-		if (ascend_parse_filter(dst, src, len) < 0 ) {
-			/* Allow ascend_parse_filter's strerror to bubble up */
-			return -1;
+			if (len > ((sizeof(dst->filter) + 1) * 2)) {
+				fr_strerror_printf("Hex data is too large for ascend filter");
+				return -1;
+			}
+
+			bin = fr_hex2bin((uint8_t *) &dst->filter, ret, src + 2, len);
+			if (bin < ret) {
+				memset(((uint8_t *) &dst->filter) + bin, 0, ret - bin);
+			}
+		} else {
+			if (ascend_parse_filter(dst, src, len) < 0 ) {
+				/* Allow ascend_parse_filter's strerror to bubble up */
+				return -1;
+			}
 		}
+
 		ret = sizeof(dst->filter);
 		goto finish;
 #else
diff --git a/src/tests/unit/vendor.txt b/src/tests/unit/vendor.txt
index 42b77d61745..4f05c52fe73 100644
--- a/src/tests/unit/vendor.txt
+++ b/src/tests/unit/vendor.txt
@@ -27,3 +27,12 @@ data 1a 09 00 00 00 09 ab cd ef
 
 attribute Attr-26 = 0x00000009abcdef
 data Attr-26 = 0x00000009abcdef
+attribute Ascend-Data-Filter = 0x01010100010203040a0b0c0d05200600000504d2020200000000000000000000
+data Ascend-Data-Filter = "ip in forward srcip 1.2.3.4/5 dstip 10.11.12.13/32 tcp srcport = 5 dstport = 1234"
+
+encode -
+data 1a 28 00 00 02 11 f2 22 01 01 01 00 01 02 03 04 0a 0b 0c 0d 05 20 06 00 00 05 04 d2 02 02 00 00 00 00 00 00 00 00 00 00
+
+decode 1a2800000211f22201010100010203040a0b0c0d05200600000504d2020200000000000000000000
+data Ascend-Data-Filter = "ip in forward srcip 1.2.3.4/5 dstip 10.11.12.13/32 tcp srcport = 5 dstport = 1234"
+