From 4fdb8152223e3c5292ffaff32de6f9c840ad9da4 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 5 Dec 2012 12:51:31 +0100 Subject: [PATCH] Allow EAP-Message APVs > 253 octets in EAP-TTLS module According to RFC 5281, section 11.2.1 tunneled EAP packets that are larger than 253 octets MUST be contained in a single EAP-Message AVP. Also fixed the debug statement. --- src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c index 6c9bd13dc62..3344c53f624 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c @@ -201,8 +201,11 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, SSL *ssl, goto next_attr; } - if (size > 253) { - RDEBUG2("WARNING: diameter2vp skipping long attribute %u, attr"); + /* + * EAP-Message AVPs can be larger than 253 octets. + */ + if ((size > 253) && !((vendor == 0) && (attr == PW_EAP_MESSAGE))) { + RDEBUG2("WARNING: diameter2vp skipping long attribute %u", attr); goto next_attr; } -- 2.47.3