Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

RADIUS/EAP server: Use longer username buffer to avoid truncation

If the peer provides a username with large part of it being non-ASCII
characters, the previously used buffers may not have been long enough to
include the full string in debug logs and database search due to forced
truncation of the string by printf_encode(). Avoid this by increasing
the buffer sizes to fit in the maximum result.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 11 years ago
parent
ee54e4010e
commit
95f6f6a49d
4 changed files with 8 additions and 8 deletions
Split View Show Diff Stats
  1. 2 2
      src/eap_server/eap_server_identity.c
  2. 2 2
      src/eap_server/eap_server_mschapv2.c
  3. 2 2
      src/eap_server/eap_server_ttls.c
  4. 2 2
      src/radius/radius_server.c

+ 2 - 2
src/eap_server/eap_server_identity.c
View File 

@@ -120,9 +120,9 @@ static void eap_identity_process(struct eap_sm *sm, void *priv,
 
 		return; /* Should not happen - frame already validated */
 
 
 	wpa_hexdump_ascii(MSG_DEBUG, "EAP-Identity: Peer identity", pos, len);
 
-	buf = os_malloc(len * 3 + 1);
 
+	buf = os_malloc(len * 4 + 1);
 
 	if (buf) {
 
-		printf_encode(buf, len * 3 + 1, pos, len);
 
+		printf_encode(buf, len * 4 + 1, pos, len);
 
 		eap_log_msg(sm, "EAP-Response/Identity '%s'", buf);
 
 		os_free(buf);
 
 	}

+ 2 - 2
src/eap_server/eap_server_mschapv2.c
View File 

@@ -330,9 +330,9 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
 
 	wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
 
 	wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
 
 
-	buf = os_malloc(name_len * 3 + 1);
 
+	buf = os_malloc(name_len * 4 + 1);
 
 	if (buf) {
 
-		printf_encode(buf, name_len * 3 + 1, name, name_len);
 
+		printf_encode(buf, name_len * 4 + 1, name, name_len);
 
 		eap_log_msg(sm, "EAP-MSCHAPV2 Name '%s'", buf);
 
 		os_free(buf);
 
 	}

+ 2 - 2
src/eap_server/eap_server_ttls.c
View File 

@@ -985,9 +985,9 @@ static void eap_ttls_process_phase2(struct eap_sm *sm,
 
 
 	if (parse.user_name) {
 
 		char *nbuf;
 
-		nbuf = os_malloc(parse.user_name_len * 3 + 1);
 
+		nbuf = os_malloc(parse.user_name_len * 4 + 1);
 
 		if (nbuf) {
 
-			printf_encode(nbuf, parse.user_name_len * 3 + 1,
 
+			printf_encode(nbuf, parse.user_name_len * 4 + 1,
 
 				      parse.user_name,
 
 				      parse.user_name_len);
 
 			eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf);

+ 2 - 2
src/radius/radius_server.c
View File 

@@ -639,12 +639,12 @@ radius_server_get_new_session(struct radius_server_data *data,
 
 	sess->accept_attr = tmp.accept_attr;
 
 	sess->macacl = tmp.macacl;
 
 
-	sess->username = os_malloc(user_len * 2 + 1);
 
+	sess->username = os_malloc(user_len * 4 + 1);
 
 	if (sess->username == NULL) {
 
 		radius_server_session_free(data, sess);
 
 		return NULL;
 
 	}
 
-	printf_encode(sess->username, user_len * 2 + 1, user, user_len);
 
+	printf_encode(sess->username, user_len * 4 + 1, user, user_len);
 
 
 	sess->nas_ip = os_strdup(from_addr);
 
 	if (sess->nas_ip == NULL) {