From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 5 Dec 2012 11:51:31 +0000 (+0100)
Subject: Allow EAP-Message APVs > 253 octets in EAP-TTLS module
X-Git-Tag: release_2_2_1~207
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7cc9f7a0cfdb0e9d98c8a104c1c19690557e574;p=thirdparty%2Ffreeradius-server.git

Allow EAP-Message APVs > 253 octets in EAP-TTLS module

According to RFC 5281, section 11.2.1 tunneled EAP packets that are
larger than 253 octets MUST be contained in a single EAP-Message AVP.

Also fixed the debug statement.
---

diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
index 9ad62647cef..caaa62edb89 100644
--- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
@@ -201,8 +201,11 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, SSL *ssl,
 			goto next_attr;
 		}
 
-		if (size > 253) {
-			RDEBUG2("WARNING: diameter2vp skipping long attribute %u, attr");
+		/*
+		 * EAP-Message AVPs can be larger than 253 octets.
+		 */
+		if ((size > 253) && !((VENDOR(attr) == 0) && (attr == PW_EAP_MESSAGE))) {
+			RDEBUG2("WARNING: diameter2vp skipping long attribute %u", attr);
 			goto next_attr;
 		}