pppoe: fix TR-101 attribute filtering for RADIUS access requests

When a sub-tags is skipped while parsing a TR-101 tag, the ptr variable must be updated to point to the next sub-tag, otherwise the next loop iteration erroneously interprets tag information. While here, fix the range of attribute that mustn't be present in RADIUS access requests (RFC 4679, section 4). Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
author: Guillaume Nault <g.nault@alphalink.fr> 2014-01-16 21:24:32 +0100
committer: Dmitry Kozlov <xeb@mail.ru> 2014-01-17 15:35:27 +0400
commit: fe1ad9b7a0e53250c8bf2c7d238a202e81fcbc12 (patch)
tree: 0f02012a62016a66989c9234c99df24e6c244933 /accel-pppd/ctrl/pppoe
parent: cbebd3b97616ea25e7ee197d5412b4baead0399f (diff)
download: accel-ppp-xebd-fe1ad9b7a0e53250c8bf2c7d238a202e81fcbc12.tar.gz
accel-ppp-xebd-fe1ad9b7a0e53250c8bf2c7d238a202e81fcbc12.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/accel-pppd/ctrl/pppoe/tr101.c b/accel-pppd/ctrl/pppoe/tr101.c
index 5a56e7f..5d1c39a 100644
--- a/accel-pppd/ctrl/pppoe/tr101.c
+++ b/accel-pppd/ctrl/pppoe/tr101.c
@@ -32,8 +32,14 @@ static int tr101_send_request(struct pppoe_tag *tr101, struct rad_packet_t *pack
 		len = *ptr++;
 		if (ptr + len > endptr)
 			goto inval;
-		if (type && id > 0x80)
+
+		/* Section 4 of RFC 4679 states that attributes 0x83 to 0x8E
+		 * mustn't be included in RADIUS access requests.
+		 */
+		if (type && id > 0x82 && id < 0x90) {
+			ptr += len;
 			continue;
+		}
 		switch (id) {
 			case OPT_CIRCUIT_ID:
 				if (len > 63)
author	Guillaume Nault <g.nault@alphalink.fr>	2014-01-16 21:24:32 +0100
committer	Dmitry Kozlov <xeb@mail.ru>	2014-01-17 15:35:27 +0400
commit	fe1ad9b7a0e53250c8bf2c7d238a202e81fcbc12 (patch)
tree	0f02012a62016a66989c9234c99df24e6c244933 /accel-pppd/ctrl/pppoe
parent	cbebd3b97616ea25e7ee197d5412b4baead0399f (diff)
download	accel-ppp-xebd-fe1ad9b7a0e53250c8bf2c7d238a202e81fcbc12.tar.gz accel-ppp-xebd-fe1ad9b7a0e53250c8bf2c7d238a202e81fcbc12.zip