{
ssize_t slen;
size_t total;
- uint8_t *ptr, *end;
+ uint8_t *ptr, *start, *end;
fr_pair_t const *vp;
fr_dcursor_t cursor;
* No attributes: just send a 1-byte response code.
*/
if (!total) {
- ptr = talloc_zero_array(chbind, uint8_t, 1);
+ ptr = start = talloc_zero_array(chbind, uint8_t, 1);
} else {
- ptr = talloc_zero_array(chbind, uint8_t, total + 4);
+ ptr = start = talloc_zero_array(chbind, uint8_t, total + 4);
}
if (!ptr) return false;
chbind->response = (chbind_packet_t *) ptr;
while ((vp = fr_dcursor_current(&cursor)) && (ptr < end)) {
/*
* Skip things which shouldn't be in channel bindings.
- * i.e. tagged, encrypted, or extended attributes
*/
- if (vp->da->flags.subtype) {
+ if (vp->da->flags.internal || (!vp->da->flags.extra && vp->da->flags.subtype) ||
+ (vp->da == attr_message_authenticator)) {
next:
fr_dcursor_next(&cursor);
continue;
}
+
if (vp->da == attr_message_authenticator) goto next;
slen = fr_radius_encode_pair(&FR_DBUFF_TMP(ptr, end), &cursor, NULL);
if (slen < 0) {
RPERROR("Failed encoding chbind response");
-
- talloc_free(ptr);
+ chbind->response = NULL;
+ talloc_free(start);
return false;
}
+
ptr += slen;
}
/* Add the username to the fake request */
if (chbind->username) {
- vp = fr_pair_copy(fake->request_ctx, chbind->username);
+ MEM(vp = fr_pair_copy(fake->request_ctx, chbind->username));
fr_pair_append(&fake->request_pairs, vp);
}
projects / thirdparty / freeradius-server.git / commitdiff
