From patchwork Wed Feb 17 22:32:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anusha Datar X-Patchwork-Id: 1441422 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=O6kKhCcV; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=meter.com header.i=@meter.com header.a=rsa-sha256 header.s=google header.b=ZDA/GP2A; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Dgt1g32rWz9sVS for ; Thu, 18 Feb 2021 09:34:27 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=omX+Ae4QI8stoAasyANIXYJ0BjuNeo5tb3JwlWGM+iU=; b=O6kKhCcVgBUrOcVc/ENi32NP6 dUHffunQK4xx1tH/r6zAhU/EfMn+0bLngeP+6iDpZ/xOKiYKs5W4Q5BQpjcOHiYEhP2PeWMaoTHz1 UQ7oeHirRrT1qKkp41GJJzYOz4rf5zqws0wlWZz9k2MvVSX7hPFCQLMOA4Wu8sZyhLnDv3FJA7Nxx K+Tg4mCY24LxK9lXwPfNB1lJ3doIpjj6nXlL76iUFM8KTQA7s2RndKsNJbth9ccDr46R86qp3k0j+ Sict89kLa83s3d9U1UstRXkhP6wBw+k43TmfODvS/Bx54tSs1GMbIFRjjKlGsZT0Tq2yW/jrA8Q4I iMfN6EU5Q==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1lCVO2-0003S4-6l; Wed, 17 Feb 2021 22:33:34 +0000 Received: from mail-qt1-x832.google.com ([2607:f8b0:4864:20::832]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1lCVNz-0003R8-7X for hostap@lists.infradead.org; Wed, 17 Feb 2021 22:33:32 +0000 Received: by mail-qt1-x832.google.com with SMTP id f17so2903qth.7 for ; Wed, 17 Feb 2021 14:33:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meter.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=sTvqTzWwcim9GhEQZq+3n/59yT6FuBK/xZpCQiJVh8Q=; b=ZDA/GP2A1HiCdznYp8FiTMJG5zagnjvnc2ukV68Vx7tMEwPCDVAHOzekEaPlVSBTXm r4mZ+RDILSCQxvobwp4E/AWUXSVpbvL+VmeMRxzZ4qKEM9aUq+grzcp4ndgPGHJowTyP XjdYEpUDWXSugfojQKBh9sAqwDsin9TH3Xq+8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=sTvqTzWwcim9GhEQZq+3n/59yT6FuBK/xZpCQiJVh8Q=; b=ZQFhTFaDejJzO1X1u2o3w1IP2nnZjPyYLYnFrFzTYZ5FFo697gas3xKK5YvmqpOkZ5 vYDkOdPMz0fWH3VDpaMIlU+Px+OEgMSThoTMFVGp1GULTmkvF2RMJZcKYpzuaW3XkEmW 9jcFuQw+VmE0VpCP9FCxhKz5RE0DYyU3BLH8DNqU15lhRuuaLB5d4gf3vr67WsmSDUQU NihxqqzGACJyEHdrtwQmyzJpfS/Rulko54nlK+YTDcCVjeLdfQSWOfhFyyMwdcQsmXAp lUonmojnm5rhCTiVdhfrJ8HG5axzTSAXWN2615V+4RF3Mb9Iqoq4jBuEhsxObVuprQTD Tx6w== X-Gm-Message-State: AOAM531ceitRwh+y4qbe3FAZr27pc5pYy+Bw9SuNdB9KUhAbUjY820LY F8/Y/TsrLBIqW0l2VA8kQWShU5Sm8cwvVhlx X-Google-Smtp-Source: ABdhPJy/FKyEeJsHzAhWRXLcnCTJsJkRbCR0NHIe3Up8iBOcFXFA6InzFwy6F+icPq6Wa1uqCADNQg== X-Received: by 2002:a05:622a:4d1:: with SMTP id q17mr1566928qtx.272.1613601208913; Wed, 17 Feb 2021 14:33:28 -0800 (PST) Received: from anusha-virtual-machine.olin.edu ([208.91.55.130]) by smtp.gmail.com with ESMTPSA id v75sm2601094qkb.14.2021.02.17.14.33.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Feb 2021 14:33:28 -0800 (PST) From: Anusha Datar To: hostap@lists.infradead.org Subject: [PATCH 1/3] Create RADIUS_MAX_MSG_LEN param in radius header Date: Wed, 17 Feb 2021 17:32:56 -0500 Message-Id: <20210217223258.10801-2-anusha@meter.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210217223258.10801-1-anusha@meter.com> References: <20210217223258.10801-1-anusha@meter.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210217_173331_979363_96C3A934 X-CRM114-Status: GOOD ( 14.79 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:832 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Julian Squires , Steve deRosier , Anusha Datar Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org The radius client currently uses a hardcoded value of 3000 for the maximum length of a radius message, and the radius server currently defines a constant value for the maximum length of the radius message within its source. The client and the server should use the same maximum length value, so this change creates a shared parameter RADIUS_MAX_MSG_LEN within the header file radius.h and modifies both the client and the server to use that parameter instead of a locally set value. Signed-off-by: Anusha Datar Reviewed-by: Steve deRosier Reviewed-by: Julian Squires --- src/radius/radius.h | 2 ++ src/radius/radius_client.c | 2 +- src/radius/radius_server.c | 5 ----- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/src/radius/radius.h b/src/radius/radius.h index 630c0f9d0..e22868817 100644 --- a/src/radius/radius.h +++ b/src/radius/radius.h @@ -225,6 +225,8 @@ struct radius_msg; /* Default size to be allocated for attribute array */ #define RADIUS_DEFAULT_ATTR_COUNT 16 +/* Maximum message length for incoming RADIUS messages */ +#define RADIUS_MAX_MSG_LEN 3000 /* MAC address ASCII format for IEEE 802.1X use * (draft-congdon-radius-8021x-20.txt) */ diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c index 2b7a604ed..7484d61b8 100644 --- a/src/radius/radius_client.c +++ b/src/radius/radius_client.c @@ -816,7 +816,7 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) struct hostapd_radius_servers *conf = radius->conf; RadiusType msg_type = (RadiusType) sock_ctx; int len, roundtrip; - unsigned char buf[3000]; + unsigned char buf[RADIUS_MAX_MSG_LEN + 1]; struct radius_msg *msg; struct radius_hdr *hdr; struct radius_rx_handler *handlers; diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c index 971fe91b1..e02c21540 100644 --- a/src/radius/radius_server.c +++ b/src/radius/radius_server.c @@ -35,11 +35,6 @@ */ #define RADIUS_MAX_SESSION 1000 -/** - * RADIUS_MAX_MSG_LEN - Maximum message length for incoming RADIUS messages - */ -#define RADIUS_MAX_MSG_LEN 3000 - static const struct eapol_callbacks radius_server_eapol_cb; struct radius_client; From patchwork Wed Feb 17 22:32:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anusha Datar X-Patchwork-Id: 1441421 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=dZ+Ru9Iy; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=meter.com header.i=@meter.com header.a=rsa-sha256 header.s=google header.b=NHW+qP/h; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Dgt1d5Vc2z9sVJ for ; Thu, 18 Feb 2021 09:34:27 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=vZJIc536TF7j6ovVOVfd7SqGS7SfQAsvOepH7oMAUN0=; b=dZ+Ru9Iyq841yf05emDvKCyo8 VsYQD2ukVZsPaqCh8TN4qIGIMBFTt5rr0cv14vtLzedNBlVpJKLjfajxHtKnqSjh5BouL+cqqgbaQ RJxukC8zgwuYNY1VEAcIq4/5e2Cv0ggn501VSv3enamC7D8lfq6CZ1zcI8eQX1RljWmEgeCUrJ4ZQ TLmYl0JtT2J1GEY+AB0lLGbZUNpGKL/8sOgbCcXjw3HToxrQNva7m/ZnzsYMNniBwTO4KUBc1cwa8 ysq2iWGZfuBRosP7XeQor8RJL7dExMPlI3SyfddBuAemIhSeJ5MQqckmlvA2r6oT3yied2SaYk8xT UtBbeWxSA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1lCVO3-0003SY-Jp; Wed, 17 Feb 2021 22:33:35 +0000 Received: from mail-qt1-x829.google.com ([2607:f8b0:4864:20::829]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1lCVO0-0003RL-K6 for hostap@lists.infradead.org; Wed, 17 Feb 2021 22:33:33 +0000 Received: by mail-qt1-x829.google.com with SMTP id v3so16805qtw.4 for ; Wed, 17 Feb 2021 14:33:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meter.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=H2PWX1CzeqiooRzKexIZjN4TKREaDhyKit4oPiE8h1w=; b=NHW+qP/hFZDORAOLfcNDY0LBMUNHbrs4vBPyrupHW/jGrWmZVXRvu7HQVs5/6cMApi RwfIqvrHEwPABfQ8LsPSTrkxD1yTPhyucbH1D5eK1XvA91TPvKY1Us6O8a7Otyq67Mjv fYL1+YSgo0AtAjGQ0b1gUbHjc2s7s8ZPo78cU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=H2PWX1CzeqiooRzKexIZjN4TKREaDhyKit4oPiE8h1w=; b=KkSHDRQ6UYaCP8EkA32+PtpcFHdkQVE9lYqA6JfzsEqPY59P3ah5fLLjR1X//iQN3d wIXTUXBckhEVlZOwMZZXIccIFObn0ek2PebkRvYlGqWDjWL54fvSllfYzh0i21T40AmX TafijtF3uMVT7ArBnKCaEO4eNyChSVIvLSH4elJlTuDYSMpQkQ9KPBAhhhh2h/Txg1R/ Dvg7VPyFmGTiwrrs3rJzmCwepdqv2a28FK/gdkT/sdF64GfCXg+PTCX9DYZZKNlJKGLW OWkWDj2Yhe1+9szqySCREVIuUBfrAgIrlDotweuU3NUMBtoE/JRESfYgeZMk4Ym/e1ky jWiA== X-Gm-Message-State: AOAM530jM1K3LvWsbGk/vjTTbvKIVTG9dtqD49RU6zt8d0qKAJtcyI8q SJvpffjn2LuvK+ZqnRiux+sy8lQD/OaevLGz X-Google-Smtp-Source: ABdhPJwBr+vWi0JX7KVlKVmChZ4+2fFIecTzTSxaM/XRGrMMTt4qoOu7NLjCCW4urnCSJ5PE0evfLA== X-Received: by 2002:ac8:6f35:: with SMTP id i21mr1475463qtv.271.1613601210438; Wed, 17 Feb 2021 14:33:30 -0800 (PST) Received: from anusha-virtual-machine.olin.edu ([208.91.55.130]) by smtp.gmail.com with ESMTPSA id v75sm2601094qkb.14.2021.02.17.14.33.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Feb 2021 14:33:30 -0800 (PST) From: Anusha Datar To: hostap@lists.infradead.org Subject: [PATCH 2/3] Set RADIUS message length to reflect RFC2865 Date: Wed, 17 Feb 2021 17:32:57 -0500 Message-Id: <20210217223258.10801-3-anusha@meter.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210217223258.10801-1-anusha@meter.com> References: <20210217223258.10801-1-anusha@meter.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210217_173332_702512_5F6A4FBB X-CRM114-Status: GOOD ( 12.28 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:829 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Julian Squires , Steve deRosier , Anusha Datar Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org The current RADIUS server message maximum length limits the length of each RADIUS message to 3000 bytes. As specified in RFC 2865 section 3 ("Packet Format"), the RADIUS standard's maximum message size is 4096 bytes, so this change increases the RADIUS server's maximum message size from 3000 to 4096 to match the standard. Signed-off-by: Anusha Datar Reviewed-by: Steve deRosier Reviewed-by: Julian Squires --- src/radius/radius.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/radius/radius.h b/src/radius/radius.h index e22868817..59a12d029 100644 --- a/src/radius/radius.h +++ b/src/radius/radius.h @@ -225,8 +225,9 @@ struct radius_msg; /* Default size to be allocated for attribute array */ #define RADIUS_DEFAULT_ATTR_COUNT 16 -/* Maximum message length for incoming RADIUS messages */ -#define RADIUS_MAX_MSG_LEN 3000 +/* Maximum message length for incoming RADIUS messages, as stated in RFC 2865 + * Section 3 ("Packet Format").*/ +#define RADIUS_MAX_MSG_LEN 4096 /* MAC address ASCII format for IEEE 802.1X use * (draft-congdon-radius-8021x-20.txt) */ From patchwork Wed Feb 17 22:32:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anusha Datar X-Patchwork-Id: 1441424 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=WPYDa0/S; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=meter.com header.i=@meter.com header.a=rsa-sha256 header.s=google header.b=EqAf+f8V; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Dgt1h4VRQz9sVb for ; Thu, 18 Feb 2021 09:34:32 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=37gNnHho8USAcgQbuufoHN7pUGBC2oYrslLTPsYP3Q4=; b=WPYDa0/SkoCT7+WX2O+YdarlF EgktOpiIY5pw5Fg4/KI5wuHxolkNyK6JsC3Vj8AvMl1ZiNIi+WgxAalz3LUywytSDOkKcuopyiULY AMQbKZU1H9ZaW98lUAcbzYOcgSvgtt/OQ0VxEM/XOVadQPFPb+NL/5m1aXPJ4Y+lPl2Eiiz6YrGR5 JuziGbYdI7dnixuxpxE5g/hENkGWjpNFOShy8kkiZCjV43K+b06Z7vW6wVwzQ0epyCjsSyKX/5F+y Y6JFRzPAM93GYKpJ+fYYtI91iHnZnntiVq0xjFGE8VQ32IECb247JW7R9jbmYaUOgTh1NPIMOda3F wDdIf/z1g==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1lCVO4-0003Sr-NU; Wed, 17 Feb 2021 22:33:36 +0000 Received: from mail-qt1-x835.google.com ([2607:f8b0:4864:20::835]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1lCVO2-0003Rb-4v for hostap@lists.infradead.org; Wed, 17 Feb 2021 22:33:35 +0000 Received: by mail-qt1-x835.google.com with SMTP id c1so31021qtc.1 for ; Wed, 17 Feb 2021 14:33:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meter.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ARA2wWk5KB0d2lDTEyaUwheZ/BRyXnWn37E+/2ZX5V8=; b=EqAf+f8Vh8Y2Zf/KI4cjwZJLPF4YS6oYKYqYrkpYZw7fpEglelh0UThChdVoAt46iu qEyukHBVvEJSeAwYRgIaQJePaIFJkiLMg65ziZ4vI+1oZnPdOuP6LI+xmyRMhxsOiWyy mDLSwD5T8mcUskZIpVBMEWJQzcQCzMFWNyL6I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ARA2wWk5KB0d2lDTEyaUwheZ/BRyXnWn37E+/2ZX5V8=; b=Rc0KXH4UHPvkJwwBIHpPAVQ5pPaab/L73cj87vuLnuxTquSuE+LzadSM/IOTzaLF4P 7yrJGpCs0w2rTv9DQXNIk5GqYnHpLqxGYHeUFJ2OorSrX3DcoxVDBTRj5nUltKQ5ZpCs JTz/8n5i8f030pvV+5NTjw6ULXGFuTlh9kzEkbLNh2TYKeCV1qwWSc/xkt5Afvofkk3B dDfXpep2gbs9wLLqSfflmtNIHJKCxXJCfGh85hBNTOPOPYmTs678a4detmrao9K+D+5a Y0jy8v+SprEIh3ie508ApZO60lTEcZzBCj3Pb5sFFF+BrmZAtglDPA2fDz7rJ8QdyPJx BBbw== X-Gm-Message-State: AOAM533hihwHgscU7wj4vAj39fRVAOmsiZBoXOWQ697tJiECAmVkSl8w R9k7CmgNrU+jQ3j5O/XjtWnZS0cMZrL9DwWp X-Google-Smtp-Source: ABdhPJz6iZelbhcLIBHsJmYN2k7+6BiOZb0Y2gmqNkP0pqGvHgDJc/3cOkE5GOzCOe6UdRAOHxaPGQ== X-Received: by 2002:ac8:358e:: with SMTP id k14mr1469159qtb.319.1613601211728; Wed, 17 Feb 2021 14:33:31 -0800 (PST) Received: from anusha-virtual-machine.olin.edu ([208.91.55.130]) by smtp.gmail.com with ESMTPSA id v75sm2601094qkb.14.2021.02.17.14.33.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Feb 2021 14:33:31 -0800 (PST) From: Anusha Datar To: hostap@lists.infradead.org Subject: [PATCH 3/3] Check for message truncation in radius client Date: Wed, 17 Feb 2021 17:32:58 -0500 Message-Id: <20210217223258.10801-4-anusha@meter.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210217223258.10801-1-anusha@meter.com> References: <20210217223258.10801-1-anusha@meter.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210217_173334_228681_8D4E1B1E X-CRM114-Status: GOOD ( 16.82 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:835 listed in] [list.dnswl.org] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Julian Squires , Steve deRosier , Anusha Datar Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org The radius client currently determines if a radius message is longer than the supported maximum length by checking whether the size of the received buffer and the length of the buffer (as returned by recv()) is equal. This method fails to detect if the buffer has actually been truncated. This change modifies the radius_client to instead use the recvmsg() call and then check the message header flags to determine whether or not the received message has been truncated and drop the message if that is the case. Signed-off-by: Anusha Datar Reviewed-by: Steve deRosier Reviewed-by: Julian Squires --- src/radius/radius_client.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c index 7484d61b8..ad02a998d 100644 --- a/src/radius/radius_client.c +++ b/src/radius/radius_client.c @@ -816,7 +816,9 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) struct hostapd_radius_servers *conf = radius->conf; RadiusType msg_type = (RadiusType) sock_ctx; int len, roundtrip; - unsigned char buf[RADIUS_MAX_MSG_LEN + 1]; + unsigned char buf[RADIUS_MAX_MSG_LEN]; + struct msghdr msghdr = {0}; + struct iovec iov; struct radius_msg *msg; struct radius_hdr *hdr; struct radius_rx_handler *handlers; @@ -836,15 +838,22 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) rconf = conf->auth_server; } - len = recv(sock, buf, sizeof(buf), MSG_DONTWAIT); + iov.iov_base = buf; + iov.iov_len = RADIUS_MAX_MSG_LEN; + msghdr.msg_iov = &iov; + msghdr.msg_iovlen = 1; + msghdr.msg_flags = 0; + len = recvmsg(sock, &msghdr, MSG_DONTWAIT); if (len < 0) { wpa_printf(MSG_INFO, "recv[RADIUS]: %s", strerror(errno)); return; } + hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, HOSTAPD_LEVEL_DEBUG, "Received %d bytes from RADIUS " "server", len); - if (len == sizeof(buf)) { + + if (msghdr.msg_flags & MSG_TRUNC) { wpa_printf(MSG_INFO, "RADIUS: Possibly too long UDP frame for our buffer - dropping it"); return; }