summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorvenaas <venaas>2008-09-09 07:57:57 +0000
committervenaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf>2008-09-09 07:57:57 +0000
commita98c9b737c943e062efa1a4fc7b31d539e1a2f11 (patch)
treeb2d2cf70d5af66fea8eacbe848cece15b1c4dbb3
parentf022b8a4eabac961682949b15cc654a7f403177b (diff)
fixed problem when rewritten username not in response and cleaned up code
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@371 e88ac4ed-0b26-0410-9574-a7f39faa03bf
-rw-r--r--radsecproxy.c53
1 files changed, 10 insertions, 43 deletions
diff --git a/radsecproxy.c b/radsecproxy.c
index bbd2635..48543ef 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -1552,7 +1552,7 @@ int dorewriteadd(uint8_t **buf, struct list *addattrs) {
}
/* returns a pointer to the resized attribute value */
-uint8_t *resizeattr2(uint8_t **buf, uint8_t **attr, uint8_t newvallen) {
+uint8_t *resizeattr(uint8_t **buf, uint8_t **attr, uint8_t newvallen) {
uint8_t vallen;
uint16_t len;
unsigned char *new;
@@ -1566,7 +1566,7 @@ uint8_t *resizeattr2(uint8_t **buf, uint8_t **attr, uint8_t newvallen) {
if (newvallen > vallen) {
new = realloc(*buf, len);
if (!new) {
- debug(DBG_ERR, "resizeattr2: malloc failed");
+ debug(DBG_ERR, "resizeattr: malloc failed");
return NULL;
}
if (new != *buf) {
@@ -1609,8 +1609,12 @@ int dorewritemodattr(uint8_t **buf, uint8_t **attr, struct modattr *modattr) {
}
}
reslen += i - start;
-
- result = resizeattr2(buf, attr, reslen);
+ if (reslen > 253) {
+ debug(DBG_WARN, "rewritten attribute length would be %d, max possible is 253, discarding message", reslen);
+ free(in);
+ return 0;
+ }
+ result = resizeattr(buf, attr, reslen);
if (!result) {
free(in);
return 0;
@@ -1665,42 +1669,6 @@ int dorewrite(uint8_t **buf, struct rewrite *rewrite) {
return 1;
}
-/* returns a pointer to the resized attribute value */
-uint8_t *resizeattr(uint8_t **buf, uint8_t newvallen, uint8_t type) {
- uint8_t *attrs, *attr, vallen;
- uint16_t len;
- unsigned char *new;
-
- len = RADLEN(*buf) - 20;
- attrs = *buf + 20;
-
- attr = attrget(attrs, len, type);
- if (!attr)
- return NULL;
-
- vallen = ATTRVALLEN(attr);
- if (vallen == newvallen)
- return attr + 2;
-
- len += newvallen - vallen;
- if (newvallen > vallen) {
- new = realloc(*buf, len + 20);
- if (!new) {
- debug(DBG_ERR, "resizeattr: malloc failed");
- return NULL;
- }
- if (new != *buf) {
- attr += new - *buf;
- attrs = new + 20;
- *buf = new;
- }
- }
- memmove(attr + 2 + newvallen, attr + 2 + vallen, len - (attr - attrs + newvallen));
- attr[1] = newvallen + 2;
- ((uint16_t *)*buf)[1] = htons(len + 20);
- return attr + 2;
-}
-
int rewriteusername(struct request *rq, uint8_t *attr, char *in) {
if (!dorewritemodattr(&rq->buf, &attr, rq->from->conf->rewriteusername))
return 0;
@@ -2168,8 +2136,8 @@ int replyh(struct server *server, unsigned char *buf) {
printfchars(NULL, "origauth/buf+4", "%02x ", buf + 4, 16);
#endif
- if (rq->origusername) {
- username = resizeattr(&buf, strlen(rq->origusername), RAD_Attr_User_Name);
+ if (rq->origusername && (attr = attrget(buf + 20, RADLEN(buf) - 20, RAD_Attr_User_Name))) {
+ username = resizeattr(&buf, &attr, strlen(rq->origusername));
if (!username) {
pthread_mutex_unlock(&server->newrq_mutex);
debug(DBG_WARN, "replyh: malloc failed, ignoring reply");
@@ -2973,7 +2941,6 @@ struct attribute *extractattr(char *nameval) {
}
/* should accept both names and numeric values, only numeric right now */
-/* this should be used instead of addrewriteattr */
struct modattr *extractmodattr(char *nameval) {
int name = 0;
char *s, *t;