From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 29 Mar 2023 08:05:11 +0000 (+0900)
Subject: check EAP header byte 0, too, and add debug messages
X-Git-Tag: release_3_2_3~112
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa50dd01510cdc60af037d66523f0720f1554c74;p=thirdparty%2Ffreeradius-server.git

check EAP header byte 0, too, and add debug messages
---

diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c
index 03a3f7d641..9a5ea00955 100644
--- a/src/modules/rlm_eap/rlm_eap.c
+++ b/src/modules/rlm_eap/rlm_eap.c
@@ -571,12 +571,24 @@ static rlm_rcode_t CC_HINT(nonnull) mod_pre_proxy(void *instance, REQUEST *reque
 
 	if (vp->vp_length < 4) return RLM_MODULE_NOOP;
 
+	if ((vp->vp_octets[0] == 0) ||( vp->vp_octets[0] > 6)) {
+		RDEBUG("EAP header byte zero has invalid value");
+		return RLM_MODULE_REJECT;
+	}
+
 	length = (vp->vp_octets[2] << 8) | vp->vp_octets[3];
-	if (length != vp->vp_length) return RLM_MODULE_REJECT;
+	if (length != vp->vp_length) {
+		RDEBUG("EAP length does not match attribute length");
+		return RLM_MODULE_REJECT;
+	}
 
+	if (vp->vp_octets[0] != PW_EAP_REQUEST) return RLM_MODULE_NOOP;
 	if (!inst->max_eap_type) return RLM_MODULE_NOOP;
 
-	if (vp->vp_octets[4] > inst->max_eap_type) return RLM_MODULE_REJECT;
+	if (vp->vp_octets[4] > inst->max_eap_type) {
+		RDEBUG("EAP method %u is too large", vp->vp_octets[0]);
+		return RLM_MODULE_REJECT;
+	}
 
 	return RLM_MODULE_NOOP;
 }