Patch AVP parsing in EAP-TTLS module in FreeRADIUS

2 files changed, 19 insertions, 0 deletions

diff --git a/testing/scripts/recipes/freeradius.mk b/testing/scripts/recipes/freeradius.mk
index ec530a862..7b7a5fe82 100644
--- a/testing/scripts/recipes/freeradius.mk
+++ b/testing/scripts/recipes/freeradius.mk
@@ -16,6 +16,7 @@ CONFIG_OPTS = \
 
 PATCHES = \
 	freeradius-eap-sim-identity \
+	freeradius-avp-size \
 	freeradius-tnc-fhh
 
 all: install
diff --git a/testing/scripts/recipes/patches/freeradius-avp-size b/testing/scripts/recipes/patches/freeradius-avp-size
new file mode 100644
index 000000000..e7e1f635b
--- /dev/null
+++ b/testing/scripts/recipes/patches/freeradius-avp-size
@@ -0,0 +1,18 @@
+diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
+index 6c9bd13..3344c53 100644
+--- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
++++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
+@@ -201,8 +201,11 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, SSL *ssl,
+ 			goto next_attr;
+ 		}
+ 
+-		if (size > 253) {
+-			RDEBUG2("WARNING: diameter2vp skipping long attribute %u, attr");
++		/*
++		 * EAP-Message AVPs can be larger than 253 octets.
++		 */
++		if ((size > 253) && !((VENDOR(attr) == 0) && (attr == PW_EAP_MESSAGE))) {
++			RDEBUG2("WARNING: diameter2vp skipping long attribute %u", attr);
+ 			goto next_attr;
+ 		}
+