From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 5 Dec 2012 11:51:31 +0000 (+0100)
Subject: Allow EAP-Message APVs > 253 octets in EAP-TTLS module
X-Git-Tag: release_3_0_0_beta1~1422^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F143%2Fhead;p=thirdparty%2Ffreeradius-server.git

Allow EAP-Message APVs > 253 octets in EAP-TTLS module

According to RFC 5281, section 11.2.1 tunneled EAP packets that are
larger than 253 octets MUST be contained in a single EAP-Message AVP.

Also fixed the debug statement.
---

diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
index 6c9bd13dc62..3344c53f624 100644
--- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
@@ -201,8 +201,11 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, SSL *ssl,
 			goto next_attr;
 		}
 
-		if (size > 253) {
-			RDEBUG2("WARNING: diameter2vp skipping long attribute %u, attr");
+		/*
+		 * EAP-Message AVPs can be larger than 253 octets.
+		 */
+		if ((size > 253) && !((vendor == 0) && (attr == PW_EAP_MESSAGE))) {
+			RDEBUG2("WARNING: diameter2vp skipping long attribute %u", attr);
 			goto next_attr;
 		}