rpms / krb5

Clone
Source Code
GIT

Blame SOURCES/krb5-krad-larger-attrs.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   5919e0ea0010dda6c4237083633aff1090463d0e
  2.   SOURCES
  3.   krb5-krad-larger-attrs.patch
Blob History Raw
5919e0 
From b2b7729d71e7ab2cde9c73b40b8e972c82a875a2 Mon Sep 17 00:00:00 2001
5919e0 
From: Sumit Bose <sbose@redhat.com>
5919e0 
Date: Mon, 8 Nov 2021 17:48:50 +0100
5919e0 
Subject: [PATCH] Support larger RADIUS attributes in libkrad
5919e0
5919e0 
In kr_attrset_decode(), explicitly treat the length byte as unsigned.
5919e0 
Otherwise attributes longer than 125 characters will be rejected with
5919e0 
EBADMSG.
5919e0
5919e0 
Add a 253-character-long NAS-Identifier attribute to the tests to make
5919e0 
sure that attributes with the maximal number of characters are working
5919e0 
as expected.
5919e0
5919e0 
[ghudson@mit.edu: used uint8_t cast per current practices; edited
5919e0 
commit message]
5919e0
5919e0 
ticket: 9036 (new)
5919e0 
---
5919e0 
 src/lib/krad/attrset.c  |  2 +-
5919e0 
 src/lib/krad/t_packet.c | 13 +++++++++++++
5919e0 
 2 files changed, 14 insertions(+), 1 deletion(-)
5919e0
5919e0 
diff --git a/src/lib/krad/attrset.c b/src/lib/krad/attrset.c
5919e0 
index d89982a13..6ec031e32 100644
5919e0 
--- a/src/lib/krad/attrset.c
5919e0 
+++ b/src/lib/krad/attrset.c
5919e0 
@@ -218,7 +218,7 @@ kr_attrset_decode(krb5_context ctx, const krb5_data *in, const char *secret,
5919e0
5919e0 
     for (i = 0; i + 2 < in->length; ) {
5919e0 
         type = in->data[i++];
5919e0 
-        tmp = make_data(&in->data[i + 1], in->data[i] - 2);
5919e0 
+        tmp = make_data(&in->data[i + 1], (uint8_t)in->data[i] - 2);
5919e0 
         i += tmp.length + 1;
5919e0
5919e0 
         retval = (in->length < i) ? EBADMSG : 0;
5919e0 
diff --git a/src/lib/krad/t_packet.c b/src/lib/krad/t_packet.c
5919e0 
index 0a92e9cc2..c22489144 100644
5919e0 
--- a/src/lib/krad/t_packet.c
5919e0 
+++ b/src/lib/krad/t_packet.c
5919e0 
@@ -57,6 +57,14 @@ make_packet(krb5_context ctx, const krb5_data *username,
5919e0 
     krb5_error_code retval;
5919e0 
     const krb5_data *data;
5919e0 
     int i = 0;
5919e0 
+    krb5_data nas_id;
5919e0 
+
5919e0 
+    nas_id = string2data("12345678901234567890123456789012345678901234567890"
5919e0 
+                         "12345678901234567890123456789012345678901234567890"
5919e0 
+                         "12345678901234567890123456789012345678901234567890"
5919e0 
+                         "12345678901234567890123456789012345678901234567890"
5919e0 
+                         "12345678901234567890123456789012345678901234567890"
5919e0 
+                         "123");
5919e0
5919e0 
     retval = krad_attrset_new(ctx, &set);
5919e0 
     if (retval != 0)
5919e0 
@@ -71,6 +79,11 @@ make_packet(krb5_context ctx, const krb5_data *username,
5919e0 
     if (retval != 0)
5919e0 
         goto out;
5919e0
5919e0 
+    retval = krad_attrset_add(set, krad_attr_name2num("NAS-Identifier"),
5919e0 
+                              &nas_id);
5919e0 
+    if (retval != 0)
5919e0 
+        goto out;
5919e0 
+
5919e0 
     retval = krad_packet_new_request(ctx, "foo",
5919e0 
                                      krad_code_name2num("Access-Request"),
5919e0 
                                      set, iterator, &i, &tmp);
5919e0 
--
5919e0 
2.35.3
5919e0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation