From: Alan T. DeKok Date: Thu, 25 Jan 2024 01:33:59 +0000 (-0500) Subject: use length from struct instead of talloc_array_length X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e8f4d86bed77eb8258d2fd96e03d0960da232972;p=thirdparty%2Ffreeradius-server.git use length from struct instead of talloc_array_length --- diff --git a/src/protocols/radius/decode.c b/src/protocols/radius/decode.c index 60b61fd58c7..81de3414309 100644 --- a/src/protocols/radius/decode.c +++ b/src/protocols/radius/decode.c @@ -68,12 +68,10 @@ static void memcpy_bounded(void * restrict dst, const void * restrict src, size_ * initial intermediate value, to differentiate it from the * above. */ -ssize_t fr_radius_decode_tunnel_password(uint8_t *passwd, size_t *pwlen, - char const *secret, uint8_t const *vector, bool tunnel_password_zeros) +static ssize_t fr_radius_decode_tunnel_password(uint8_t *passwd, size_t *pwlen, fr_radius_decode_ctx_t *packet_ctx) { fr_md5_ctx_t *md5_ctx, *md5_ctx_old; uint8_t digest[RADIUS_AUTH_VECTOR_LENGTH]; - int secretlen; size_t i, n, encrypted_len, embedded_len; encrypted_len = *pwlen; @@ -104,15 +102,10 @@ ssize_t fr_radius_decode_tunnel_password(uint8_t *passwd, size_t *pwlen, encrypted_len -= 2; /* discount the salt */ - /* - * Use the secret to setup the decryption digest - */ - secretlen = talloc_array_length(secret) - 1; - md5_ctx = fr_md5_ctx_alloc_from_list(); md5_ctx_old = fr_md5_ctx_alloc_from_list(); - fr_md5_update(md5_ctx, (uint8_t const *) secret, secretlen); + fr_md5_update(md5_ctx, (uint8_t const *) packet_ctx->common->secret, packet_ctx->common->secret_length); fr_md5_ctx_copy(md5_ctx_old, md5_ctx); /* save intermediate work */ /* @@ -120,7 +113,7 @@ ssize_t fr_radius_decode_tunnel_password(uint8_t *passwd, size_t *pwlen, * * b(1) = MD5(secret + vector + salt) */ - fr_md5_update(md5_ctx, vector, RADIUS_AUTH_VECTOR_LENGTH); + fr_md5_update(md5_ctx, packet_ctx->request_authenticator, RADIUS_AUTH_VECTOR_LENGTH); fr_md5_update(md5_ctx, passwd, 2); embedded_len = 0; @@ -177,7 +170,7 @@ ssize_t fr_radius_decode_tunnel_password(uint8_t *passwd, size_t *pwlen, /* * Check trailing bytes */ - if (tunnel_password_zeros) for (i = embedded_len; i < (encrypted_len - 1); i++) { /* -1 for length field */ + if (packet_ctx->tunnel_password_zeros) for (i = embedded_len; i < (encrypted_len - 1); i++) { /* -1 for length field */ if (passwd[i] != 0) { fr_strerror_printf("Trailing garbage in Tunnel Password " "(shared secret is probably incorrect!)"); @@ -196,12 +189,12 @@ ssize_t fr_radius_decode_tunnel_password(uint8_t *passwd, size_t *pwlen, /** Decode password * */ -ssize_t fr_radius_decode_password(char *passwd, size_t pwlen, char const *secret, uint8_t const *vector) +static ssize_t fr_radius_decode_password(char *passwd, size_t pwlen, fr_radius_decode_ctx_t *packet_ctx) { fr_md5_ctx_t *md5_ctx, *md5_ctx_old; uint8_t digest[RADIUS_AUTH_VECTOR_LENGTH]; int i; - size_t n, secretlen; + size_t n; /* * The RFC's say that the maximum is 128, but where we @@ -214,15 +207,10 @@ ssize_t fr_radius_decode_password(char *passwd, size_t pwlen, char const *secret */ if (pwlen == 0) goto done; - /* - * Use the secret to setup the decryption digest - */ - secretlen = talloc_array_length(secret) - 1; - md5_ctx = fr_md5_ctx_alloc_from_list(); md5_ctx_old = fr_md5_ctx_alloc_from_list(); - fr_md5_update(md5_ctx, (uint8_t const *) secret, secretlen); + fr_md5_update(md5_ctx, (uint8_t const *) packet_ctx->common->secret, packet_ctx->common->secret_length); fr_md5_ctx_copy(md5_ctx_old, md5_ctx); /* save intermediate work */ /* @@ -230,7 +218,7 @@ ssize_t fr_radius_decode_password(char *passwd, size_t pwlen, char const *secret */ for (n = 0; n < pwlen; n += AUTH_PASS_LEN) { if (n == 0) { - fr_md5_update(md5_ctx, vector, RADIUS_AUTH_VECTOR_LENGTH); + fr_md5_update(md5_ctx, packet_ctx->request_authenticator, RADIUS_AUTH_VECTOR_LENGTH); fr_md5_final(digest, md5_ctx); fr_md5_ctx_copy(md5_ctx, md5_ctx_old); @@ -1626,8 +1614,7 @@ ssize_t fr_radius_decode_pair_value(TALLOC_CTX *ctx, fr_pair_list_t *out, case FLAG_ENCRYPT_USER_PASSWORD: if (!packet_ctx->request_authenticator) goto raw; - fr_radius_decode_password((char *)buffer, attr_len, - packet_ctx->common->secret, packet_ctx->request_authenticator); + fr_radius_decode_password((char *)buffer, attr_len, packet_ctx); buffer[253] = '\0'; /* @@ -1663,9 +1650,7 @@ ssize_t fr_radius_decode_pair_value(TALLOC_CTX *ctx, fr_pair_list_t *out, case FLAG_ENCRYPT_TUNNEL_PASSWORD: if (!packet_ctx->request_authenticator) goto raw; - if (fr_radius_decode_tunnel_password(buffer, &data_len, - packet_ctx->common->secret, packet_ctx->request_authenticator, - packet_ctx->tunnel_password_zeros) < 0) { + if (fr_radius_decode_tunnel_password(buffer, &data_len, packet_ctx) < 0) { goto raw; } break; @@ -2083,7 +2068,7 @@ static int decode_test_ctx(void **out, TALLOC_CTX *ctx) test_ctx->common = talloc_zero(test_ctx, fr_radius_ctx_t); test_ctx->common->secret = talloc_strdup(test_ctx->common, "testing123"); - test_ctx->common->secret_length = talloc_array_length(test_ctx->common->secret); + test_ctx->common->secret_length = talloc_array_length(test_ctx->common->secret) - 1; test_ctx->request_authenticator = vector; test_ctx->tmp_ctx = talloc_zero(test_ctx, uint8_t); diff --git a/src/protocols/radius/encode.c b/src/protocols/radius/encode.c index b7a1bdd5f80..e43c53bdb19 100644 --- a/src/protocols/radius/encode.c +++ b/src/protocols/radius/encode.c @@ -45,8 +45,7 @@ static ssize_t encode_child(fr_dbuff_t *dbuff, * * Input and output buffers can be identical if in-place encryption is needed. */ -static ssize_t encode_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *input, size_t inlen, - char const *secret, uint8_t const *vector) +static ssize_t encode_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *input, size_t inlen, fr_radius_encode_ctx_t *packet_ctx) { fr_md5_ctx_t *md5_ctx, *md5_ctx_old; uint8_t digest[RADIUS_AUTH_VECTOR_LENGTH]; @@ -73,13 +72,13 @@ static ssize_t encode_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *input, size md5_ctx = fr_md5_ctx_alloc_from_list(); md5_ctx_old = fr_md5_ctx_alloc_from_list(); - fr_md5_update(md5_ctx, (uint8_t const *) secret, talloc_array_length(secret) - 1); + fr_md5_update(md5_ctx, (uint8_t const *) packet_ctx->common->secret, packet_ctx->common->secret_length); fr_md5_ctx_copy(md5_ctx_old, md5_ctx); /* * Do first pass. */ - fr_md5_update(md5_ctx, vector, AUTH_PASS_LEN); + fr_md5_update(md5_ctx, packet_ctx->request_authenticator, AUTH_PASS_LEN); for (n = 0; n < len; n += AUTH_PASS_LEN) { if (n > 0) { @@ -98,13 +97,12 @@ static ssize_t encode_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *input, size } -static ssize_t encode_tunnel_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *in, size_t inlen, void *encode_ctx) +static ssize_t encode_tunnel_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *in, size_t inlen, fr_radius_encode_ctx_t *packet_ctx) { fr_md5_ctx_t *md5_ctx, *md5_ctx_old; uint8_t digest[RADIUS_AUTH_VECTOR_LENGTH]; uint8_t tpasswd[RADIUS_MAX_STRING_LENGTH]; size_t i, n; - fr_radius_encode_ctx_t *packet_ctx = encode_ctx; uint32_t r; size_t output_len, encrypted_len, padding; ssize_t slen; @@ -187,7 +185,7 @@ static ssize_t encode_tunnel_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *in, md5_ctx = fr_md5_ctx_alloc_from_list(); md5_ctx_old = fr_md5_ctx_alloc_from_list(); - fr_md5_update(md5_ctx, (uint8_t const *) packet_ctx->common->secret, talloc_array_length(packet_ctx->common->secret) - 1); + fr_md5_update(md5_ctx, (uint8_t const *) packet_ctx->common->secret, packet_ctx->common->secret_length); fr_md5_ctx_copy(md5_ctx_old, md5_ctx); fr_md5_update(md5_ctx, packet_ctx->request_authenticator, RADIUS_AUTH_VECTOR_LENGTH); @@ -505,8 +503,7 @@ static ssize_t encode_value(fr_dbuff_t *dbuff, /* * Encode the password in place */ - slen = encode_password(&work_dbuff, &value_start, fr_dbuff_used(&value_dbuff), - packet_ctx->common->secret, packet_ctx->request_authenticator); + slen = encode_password(&work_dbuff, &value_start, fr_dbuff_used(&value_dbuff), packet_ctx); if (slen < 0) return slen; encrypted = true; break; @@ -1678,7 +1675,7 @@ static int encode_test_ctx(void **out, TALLOC_CTX *ctx) test_ctx->common = talloc_zero(test_ctx, fr_radius_ctx_t); test_ctx->common->secret = talloc_strdup(test_ctx->common, "testing123"); - test_ctx->common->secret_length = talloc_array_length(test_ctx->common->secret); + test_ctx->common->secret_length = talloc_array_length(test_ctx->common->secret) - 1; test_ctx->request_authenticator = vector; test_ctx->rand_ctx.a = 6809; diff --git a/src/protocols/radius/radius.h b/src/protocols/radius/radius.h index 7a3df8aeec9..64ae4a0dc9a 100644 --- a/src/protocols/radius/radius.h +++ b/src/protocols/radius/radius.h @@ -227,12 +227,6 @@ ssize_t fr_radius_encode_pair(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, void *en */ int fr_radius_decode_tlv_ok(uint8_t const *data, size_t length, size_t dv_type, size_t dv_length); -ssize_t fr_radius_decode_password(char *encpw, size_t len, char const *secret, uint8_t const *vector); - - -ssize_t fr_radius_decode_tunnel_password(uint8_t *encpw, size_t *len, char const *secret, - uint8_t const *vector, bool tunnel_password_zeros); - ssize_t fr_radius_decode_pair_value(TALLOC_CTX *ctx, fr_pair_list_t *list, fr_dict_attr_t const *parent, uint8_t const *data, size_t const attr_len,