ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

support of error_offset in PA-TNC INVALID PARAMETER error messages

This commit is contained in:
Andreas Steffen 2011-07-13 22:18:32 +02:00
parent a96d9abf3e
commit 47f2da4ef9
10 changed files with 161 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
src/libimcv/ietf/ietf_attr_pa_tnc_error.c
View File

@ -32,7 +32,7 @@ typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t
/**
* PA-TNC Error Attribute Type (see section 4.2.8 of RFC 5792)
*
* 1 2 3
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
*
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@ -50,7 +50,7 @@ typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t
/**
* All Error Types return the first 8 bytes of the erroneous PA-TNC message
*
* 1 2 3
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Version | Copy of Reserved |
@ -61,10 +61,19 @@ typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t
#define PA_ERROR_MSG_INFO_SIZE 8
/**
* "Invalid Parameter" Error Code
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Offset |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
/**
* "Version Not Supported" Error Code
*
* 1 2 3
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Max Version | Min Version | Reserved |
@ -137,6 +146,11 @@ struct private_ietf_attr_pa_tnc_error_t {
*/
chunk_t attr_info;
/**
* PA-TNC error offset
*/
u_int32_t error_offset;
/**
* Reference count
*/
@ -187,6 +201,7 @@ METHOD(pa_tnc_attr_t, build, void,
switch (this->error_code)
{
case PA_ERROR_INVALID_PARAMETER:
writer->write_uint32(writer, this->error_offset);
break;
case PA_ERROR_VERSION_NOT_SUPPORTED:
writer->write_uint8 (writer, PA_TNC_VERSION);
@ -205,13 +220,16 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
private_ietf_attr_pa_tnc_error_t *this)
private_ietf_attr_pa_tnc_error_t *this, u_int32_t *offset)
{
bio_reader_t *reader;
u_int8_t reserved;
if (this->value.len < PA_ERROR_HEADER_SIZE + PA_ERROR_MSG_INFO_SIZE)
{
DBG1(DBG_TNC, "insufficient data for PA-TNC error header and "
"error information");
*offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@ -223,6 +241,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
switch (this->error_code)
{
case PA_ERROR_INVALID_PARAMETER:
if (!reader->read_uint32(reader, &this->error_offset))
{
reader->destroy(reader);
DBG1(DBG_TNC, "insufficient data for error offset field");
*offset = PA_ERROR_HEADER_SIZE + PA_ERROR_MSG_INFO_SIZE;
return FAILED;
}
break;
case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
if (!reader->read_data(reader, PA_ERROR_ATTR_INFO_SIZE,
&this->attr_info))
@ -230,6 +257,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
reader->destroy(reader);
DBG1(DBG_TNC, "insufficient data for unsupported attribute "
"information");
*offset = PA_ERROR_HEADER_SIZE + PA_ERROR_MSG_INFO_SIZE;
return FAILED;
}
this->attr_info = chunk_clone(this->attr_info);
@ -291,6 +319,12 @@ METHOD(ietf_attr_pa_tnc_error_t, set_attr_info, void,
this->attr_info = chunk_clone(attr_info);
}
METHOD(ietf_attr_pa_tnc_error_t, get_offset, u_int32_t,
private_ietf_attr_pa_tnc_error_t *this)
{
return this->error_offset;
}
/**
* Described in header.
*/
@ -321,6 +355,7 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_t vendor_id,
.get_msg_info = _get_msg_info,
.get_attr_info = _get_attr_info,
.set_attr_info = _set_attr_info,
.get_offset = _get_offset,
},
.vendor_id = PEN_IETF,
.type = IETF_ATTR_PA_TNC_ERROR,
@ -333,6 +368,51 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_t vendor_id,
return &this->public.pa_tnc_attribute;
}
/**
* Described in header.
*/
pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_with_offset(pen_t vendor_id,
u_int32_t error_code,
chunk_t msg_info,
u_int32_t error_offset)
{
private_ietf_attr_pa_tnc_error_t *this;
/* the first 8 bytes of the erroneous PA-TNC message are sent back */
msg_info.len = PA_ERROR_MSG_INFO_SIZE;
INIT(this,
.public = {
.pa_tnc_attribute = {
.get_vendor_id = _get_vendor_id,
.get_type = _get_type,
.get_value = _get_value,
.get_noskip_flag = _get_noskip_flag,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_vendor_id = _get_error_vendor_id,
.get_error_code = _get_error_code,
.get_msg_info = _get_msg_info,
.get_attr_info = _get_attr_info,
.set_attr_info = _set_attr_info,
.get_offset = _get_offset,
},
.vendor_id = PEN_IETF,
.type = IETF_ATTR_PA_TNC_ERROR,
.error_vendor_id = vendor_id,
.error_code = error_code,
.msg_info = chunk_clone(msg_info),
.error_offset = error_offset,
.ref = 1,
);
return &this->public.pa_tnc_attribute;
}
/**
* Described in header.
*/
@ -356,6 +436,7 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_from_data(chunk_t data)
.get_msg_info = _get_msg_info,
.get_attr_info = _get_attr_info,
.set_attr_info = _set_attr_info,
.get_offset = _get_offset,
},
.vendor_id = PEN_IETF,
.type = IETF_ATTR_PA_TNC_ERROR,

22
src/libimcv/ietf/ietf_attr_pa_tnc_error.h
View File

@ -88,6 +88,14 @@ struct ietf_attr_pa_tnc_error_t {
* @param attr_info PA-TNC message info
*/
void (*set_attr_info)(ietf_attr_pa_tnc_error_t *this, chunk_t attr_info);
/**
* Get the PA-TNC error offset
*
* @return PA-TNC error offset
*/
u_int32_t (*get_offset)(ietf_attr_pa_tnc_error_t *this);
};
/**
@ -102,6 +110,20 @@ pa_tnc_attr_t* ietf_attr_pa_tnc_error_create(pen_t vendor_id,
u_int32_t error_code,
chunk_t header);
/**
* Creates an ietf_attr_pa_tnc_error_t object from an error code with offset
*
* @param vendor_id PA-TNC error code vendor ID
* @param error_code PA-TNC error code
* @param header PA-TNC message header (first 8 bytes)
* @param error_offset PA-TNC error offset in bytes
*
*/
pa_tnc_attr_t* ietf_attr_pa_tnc_error_create_with_offset(pen_t vendor_id,
u_int32_t error_code,
chunk_t header,
u_int32_t error_offset);
/**
* Creates an ietf_attr_pa_tnc_error_t object from received data
*

5
src/libimcv/ietf/ietf_attr_port_filter.c
View File

@ -137,7 +137,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
private_ietf_attr_port_filter_t *this)
private_ietf_attr_port_filter_t *this, u_int32_t *offset)
{
bio_reader_t *reader;
port_entry_t *entry;
@ -145,6 +145,9 @@ METHOD(pa_tnc_attr_t, process, status_t,
if (this->value.len % PORT_FILTER_ENTRY_SIZE)
{
DBG1(DBG_TNC, "ietf port filter attribute value is not a multiple of %d",
PORT_FILTER_ENTRY_SIZE);
*offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);

2
src/libimcv/ita/ita_attr_command.c
View File

@ -99,7 +99,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
private_ita_attr_command_t *this)
private_ita_attr_command_t *this, u_int32_t *offset)
{
this->command = malloc(this->value.len + 1);
memcpy(this->command, this->value.ptr, this->value.len);

3
src/libimcv/pa_tnc/pa_tnc_attr.h
View File

@ -75,9 +75,10 @@ struct pa_tnc_attr_t {
/**
* Process the value of an PA-TNC attribute to extract its parameters
*
* @param relative error offset within attribute body
* @return result status
*/
status_t (*process)(pa_tnc_attr_t *this);
status_t (*process)(pa_tnc_attr_t *this, u_int32_t *offset);
/**
* Get a new reference to the PA-TNC attribute

37
src/libimcv/pa_tnc/pa_tnc_msg.c
View File

@ -173,7 +173,7 @@ METHOD(pa_tnc_msg_t, process, status_t,
bio_reader_t *reader;
pa_tnc_attr_t *error;
u_int8_t version;
u_int32_t reserved;
u_int32_t reserved, offset, attr_offset;
/* process message header */
if (this->encoding.len < PA_TNC_HEADER_SIZE)
@ -196,6 +196,9 @@ METHOD(pa_tnc_msg_t, process, status_t,
goto err;
}
/* offset of the first PA-TNC attribute in the PA-TNC message */
offset = PA_TNC_HEADER_SIZE;
/* pre-process PA-TNC attributes */
while (reader->remaining(reader) >= PA_TNC_ATTR_HEADER_SIZE)
{
@ -229,17 +232,18 @@ METHOD(pa_tnc_msg_t, process, status_t,
{
DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length",
length);
error = ietf_attr_pa_tnc_error_create(PEN_IETF,
PA_ERROR_INVALID_PARAMETER, this->encoding);
error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
PA_ERROR_INVALID_PARAMETER, this->encoding,
offset + PA_TNC_ATTR_INFO_SIZE);
goto err;
}
length -= PA_TNC_ATTR_HEADER_SIZE;
if (!reader->read_data(reader, length , &value))
if (!reader->read_data(reader, length - PA_TNC_ATTR_HEADER_SIZE, &value))
{
DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value");
error = ietf_attr_pa_tnc_error_create(PEN_IETF,
PA_ERROR_INVALID_PARAMETER, this->encoding);
error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
PA_ERROR_INVALID_PARAMETER, this->encoding,
offset + PA_TNC_ATTR_INFO_SIZE);
goto err;
}
DBG3(DBG_TNC, "%B", &value);
@ -259,17 +263,27 @@ METHOD(pa_tnc_msg_t, process, status_t,
else
{
DBG1(DBG_TNC, "skipping unsupported PA-TNC attribute");
offset += length;
continue;
}
}
if (attr->process(attr) != SUCCESS)
if (attr->process(attr, &attr_offset) != SUCCESS)
{
attr->destroy(attr);
error = ietf_attr_pa_tnc_error_create(PEN_IETF,
PA_ERROR_INVALID_PARAMETER, this->encoding);
if (vendor_id == PEN_IETF && type == IETF_ATTR_PA_TNC_ERROR)
{
/* error while processing a PA-TNC error attribute - abort */
reader->destroy(reader);
return FAILED;
}
error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
PA_ERROR_INVALID_PARAMETER, this->encoding,
offset + PA_TNC_ATTR_HEADER_SIZE + attr_offset);
goto err;
}
add_attribute(this, attr);
offset += length;
}
if (reader->remaining(reader) == 0)
@ -277,6 +291,9 @@ METHOD(pa_tnc_msg_t, process, status_t,
reader->destroy(reader);
return SUCCESS;
}
DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute header");
error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
PA_ERROR_INVALID_PARAMETER, this->encoding, offset);
err:
reader->destroy(reader);

5
src/libimcv/plugins/imc_scanner/imc_scanner.c
View File

@ -297,6 +297,7 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
ietf_attr_pa_tnc_error_t *error_attr;
pa_tnc_error_code_t error_code;
chunk_t msg_info, attr_info;
u_int32_t offset;
if (attr->get_vendor_id(attr) != PEN_IETF &&
attr->get_type(attr) != IETF_ATTR_PA_TNC_ERROR)
@ -312,6 +313,10 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
switch (error_code)
{
case PA_ERROR_INVALID_PARAMETER:
offset = error_attr->get_offset(error_attr);
DBG1(DBG_IMC, " occurred at offset of %u bytes", offset);
break;
case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
attr_info = error_attr->get_attr_info(error_attr);
DBG1(DBG_IMC, " unsupported attribute %#B", &attr_info);

5
src/libimcv/plugins/imc_test/imc_test.c
View File

@ -219,6 +219,7 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
ietf_attr_pa_tnc_error_t *error_attr;
pa_tnc_error_code_t error_code;
chunk_t msg_info, attr_info;
u_int32_t offset;
error_attr = (ietf_attr_pa_tnc_error_t*)attr;
error_code = error_attr->get_error_code(error_attr);
@ -228,6 +229,10 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
pa_tnc_error_code_names, error_code, &msg_info);
switch (error_code)
{
case PA_ERROR_INVALID_PARAMETER:
offset = error_attr->get_offset(error_attr);
DBG1(DBG_IMC, " occurred at offset of %u bytes", offset);
break;
case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
attr_info = error_attr->get_attr_info(error_attr);
DBG1(DBG_IMC, " unsupported attribute %#B", &attr_info);

5
src/libimcv/plugins/imv_scanner/imv_scanner.c
View File

@ -228,6 +228,7 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
ietf_attr_pa_tnc_error_t *error_attr;
pa_tnc_error_code_t error_code;
chunk_t msg_info, attr_info;
u_int32_t offset;
error_attr = (ietf_attr_pa_tnc_error_t*)attr;
error_code = error_attr->get_error_code(error_attr);
@ -237,6 +238,10 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
switch (error_code)
{
case PA_ERROR_INVALID_PARAMETER:
offset = error_attr->get_offset(error_attr);
DBG1(DBG_IMV, " occurred at offset of %u bytes", offset);
break;
case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
attr_info = error_attr->get_attr_info(error_attr);
DBG1(DBG_IMV, " unsupported attribute %#B", &attr_info);

5
src/libimcv/plugins/imv_test/imv_test.c
View File

@ -174,6 +174,7 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
ietf_attr_pa_tnc_error_t *error_attr;
pa_tnc_error_code_t error_code;
chunk_t msg_info, attr_info;
u_int32_t offset;
error_attr = (ietf_attr_pa_tnc_error_t*)attr;
error_code = error_attr->get_error_code(error_attr);
@ -183,6 +184,10 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
pa_tnc_error_code_names, error_code, &msg_info);
switch (error_code)
{
case PA_ERROR_INVALID_PARAMETER:
offset = error_attr->get_offset(error_attr);
DBG1(DBG_IMV, " occurred at offset of %u bytes", offset);
break;
case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
attr_info = error_attr->get_attr_info(error_attr);
DBG1(DBG_IMV, " unsupported attribute %#B", &attr_info);