From fe1ad9b7a0e53250c8bf2c7d238a202e81fcbc12 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Thu, 16 Jan 2014 21:24:32 +0100 Subject: pppoe: fix TR-101 attribute filtering for RADIUS access requests When a sub-tags is skipped while parsing a TR-101 tag, the ptr variable must be updated to point to the next sub-tag, otherwise the next loop iteration erroneously interprets tag information. While here, fix the range of attribute that mustn't be present in RADIUS access requests (RFC 4679, section 4). Signed-off-by: Guillaume Nault --- accel-pppd/ctrl/pppoe/tr101.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/accel-pppd/ctrl/pppoe/tr101.c b/accel-pppd/ctrl/pppoe/tr101.c index 5a56e7f..5d1c39a 100644 --- a/accel-pppd/ctrl/pppoe/tr101.c +++ b/accel-pppd/ctrl/pppoe/tr101.c @@ -32,8 +32,14 @@ static int tr101_send_request(struct pppoe_tag *tr101, struct rad_packet_t *pack len = *ptr++; if (ptr + len > endptr) goto inval; - if (type && id > 0x80) + + /* Section 4 of RFC 4679 states that attributes 0x83 to 0x8E + * mustn't be included in RADIUS access requests. + */ + if (type && id > 0x82 && id < 0x90) { + ptr += len; continue; + } switch (id) { case OPT_CIRCUIT_ID: if (len > 63) -- cgit v1.2.3