tcpdump mailing list archives

Re: CVS radius code seems flawed

From: Guy Harris <guy () alum mit edu>
Date: Fri, 23 Jan 2004 01:37:42 -0800

On Thu, Jan 22, 2004 at 11:21:33PM +0100, Jonathan Heusser wrote:

Function print_vendor_attr():

    * At print-radius.c:509, the while() loop does not check the data 
pointer for termination.

...

            tok2str(oui_values,"Unknown",vendor_id),
            vendor_id);
 
-    while (length >= 2) {
+    while (length >= 2 && *data) {
         vendor_type = *(data);
         vendor_length = *(data+1);
         data+=2;


"Termination" in what sense?  RFC 2865 says

   String

      The String field is one or more octets.  The actual format of the
      information is site or application specific, and a robust
      implementation SHOULD support the field as undistinguished octets.

      The codification of the range of allowed usage of this field is
      outside the scope of this specification.

      It SHOULD be encoded as a sequence of vendor type / vendor length
      / value fields, as follows.  The Attribute-Specific field is
      dependent on the vendor's definition of that attribute.  An
      example encoding of the Vendor-Specific attribute using this
      method follows:

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |  Length       |            Vendor-Id
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
           Vendor-Id (cont)           | Vendor type   | Vendor length |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |    Attribute-Specific...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

      Multiple subattributes MAY be encoded within a single Vendor-
      Specific attribute, although they do not have to be.

Is there something that indicates that a vendor type value of 0
terminates the sequence?
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

CVS radius code seems flawed Jonathan Heusser (Jan 22)
- Re: CVS radius code seems flawed Guy Harris (Jan 23)
  - Re: CVS radius code seems flawed Jonathan Heusser (Jan 23)
    - Message not available
    - Message not available
    - Re: CVS radius code seems flawed Hannes Gredler (Jan 25)
    - Re: CVS radius code seems flawed Jonathan Heusser (Jan 25)