mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
RADIUS/EAP server: Use longer username buffer to avoid truncation
If the peer provides a username with large part of it being non-ASCII characters, the previously used buffers may not have been long enough to include the full string in debug logs and database search due to forced truncation of the string by printf_encode(). Avoid this by increasing the buffer sizes to fit in the maximum result. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
ee54e4010e
commit
95f6f6a49d
@ -120,9 +120,9 @@ static void eap_identity_process(struct eap_sm *sm, void *priv,
|
||||
return; /* Should not happen - frame already validated */
|
||||
|
||||
wpa_hexdump_ascii(MSG_DEBUG, "EAP-Identity: Peer identity", pos, len);
|
||||
buf = os_malloc(len * 3 + 1);
|
||||
buf = os_malloc(len * 4 + 1);
|
||||
if (buf) {
|
||||
printf_encode(buf, len * 3 + 1, pos, len);
|
||||
printf_encode(buf, len * 4 + 1, pos, len);
|
||||
eap_log_msg(sm, "EAP-Response/Identity '%s'", buf);
|
||||
os_free(buf);
|
||||
}
|
||||
|
@ -330,9 +330,9 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
|
||||
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
|
||||
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
|
||||
|
||||
buf = os_malloc(name_len * 3 + 1);
|
||||
buf = os_malloc(name_len * 4 + 1);
|
||||
if (buf) {
|
||||
printf_encode(buf, name_len * 3 + 1, name, name_len);
|
||||
printf_encode(buf, name_len * 4 + 1, name, name_len);
|
||||
eap_log_msg(sm, "EAP-MSCHAPV2 Name '%s'", buf);
|
||||
os_free(buf);
|
||||
}
|
||||
|
@ -985,9 +985,9 @@ static void eap_ttls_process_phase2(struct eap_sm *sm,
|
||||
|
||||
if (parse.user_name) {
|
||||
char *nbuf;
|
||||
nbuf = os_malloc(parse.user_name_len * 3 + 1);
|
||||
nbuf = os_malloc(parse.user_name_len * 4 + 1);
|
||||
if (nbuf) {
|
||||
printf_encode(nbuf, parse.user_name_len * 3 + 1,
|
||||
printf_encode(nbuf, parse.user_name_len * 4 + 1,
|
||||
parse.user_name,
|
||||
parse.user_name_len);
|
||||
eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf);
|
||||
|
@ -639,12 +639,12 @@ radius_server_get_new_session(struct radius_server_data *data,
|
||||
sess->accept_attr = tmp.accept_attr;
|
||||
sess->macacl = tmp.macacl;
|
||||
|
||||
sess->username = os_malloc(user_len * 2 + 1);
|
||||
sess->username = os_malloc(user_len * 4 + 1);
|
||||
if (sess->username == NULL) {
|
||||
radius_server_session_free(data, sess);
|
||||
return NULL;
|
||||
}
|
||||
printf_encode(sess->username, user_len * 2 + 1, user, user_len);
|
||||
printf_encode(sess->username, user_len * 4 + 1, user, user_len);
|
||||
|
||||
sess->nas_ip = os_strdup(from_addr);
|
||||
if (sess->nas_ip == NULL) {
|
||||
|
Loading…
Reference in New Issue
Block a user