From fa6135929bf9a3e9c2ca7578969483744db8c81b Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Fri, 9 Apr 2021 08:21:16 -0400 Subject: [PATCH] allow "concat" for TLV types in RADIUS. and ensure that setting the flag doesn't change the behavior for attributes of type "octets" --- share/dictionary/radius/dictionary.iana | 2 +- src/protocols/radius/base.c | 4 ++-- src/protocols/radius/decode.c | 4 +++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/share/dictionary/radius/dictionary.iana b/share/dictionary/radius/dictionary.iana index 4b20fdf395..4d485607d7 100644 --- a/share/dictionary/radius/dictionary.iana +++ b/share/dictionary/radius/dictionary.iana @@ -14,7 +14,7 @@ # This is bad... at some point the IETF will allocate these. # ATTRIBUTE Digest-Response 206 string -ATTRIBUTE Digest-Attributes 207 tlv +ATTRIBUTE Digest-Attributes 207 tlv concat ATTRIBUTE Realm .1 string ATTRIBUTE Nonce .2 string ATTRIBUTE Method .3 string diff --git a/src/protocols/radius/base.c b/src/protocols/radius/base.c index 41e8079f05..41185c6244 100644 --- a/src/protocols/radius/base.c +++ b/src/protocols/radius/base.c @@ -1178,8 +1178,8 @@ static bool attr_valid(UNUSED fr_dict_t *dict, fr_dict_attr_t const *parent, return false; } - if (type != FR_TYPE_OCTETS) { - fr_strerror_const("Attributes with the 'concat' flag MUST be of data type 'octets'"); + if ((type != FR_TYPE_OCTETS) && (type != FR_TYPE_TLV)) { + fr_strerror_const("Attributes with the 'concat' flag MUST be of data type 'octets' or 'tlv'"); return false; } diff --git a/src/protocols/radius/decode.c b/src/protocols/radius/decode.c index 3635ed3b67..1c18dfc9b1 100644 --- a/src/protocols/radius/decode.c +++ b/src/protocols/radius/decode.c @@ -356,6 +356,8 @@ static ssize_t decode_concat(TALLOC_CTX *ctx, fr_dcursor_t *cursor, uint8_t *p; fr_pair_t *vp; + fr_assert(parent->type == FR_TYPE_OCTETS); + total = 0; attr = ptr[0]; @@ -1631,7 +1633,7 @@ ssize_t fr_radius_decode_pair(TALLOC_CTX *ctx, fr_dcursor_t *cursor, fr_dict_t c /* * Pass the entire thing to the decoding function */ - if (flag_concat(&da->flags)) { + if ((da->type == FR_TYPE_OCTETS && flag_concat(&da->flags))) { FR_PROTO_TRACE("Concat attribute"); return decode_concat(ctx, cursor, da, data, data_len); } -- 2.47.2