Skip to content

Commit 59dea90

Browse files
alandekokalandekok
committed
more corner cases for RADIUS
1 parent e019cae commit 59dea90

File tree

1 file changed

+126
-1
lines changed

1 file changed

+126
-1
lines changed

src/tests/unit/protocols/radius/errors.txt

Lines changed: 126 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,5 +11,130 @@ match fr_radius_decode_pair: Insufficient data
1111
decode-pair 01 01 00
1212
match fr_radius_decode_pair: Insufficient data
1313

14+
#
15+
# Attribute length overflows input - length field says 10 but only 4 bytes total
16+
#
17+
decode-pair 01 0a 01 02
18+
match fr_radius_decode_pair: Insufficient data
19+
20+
#
21+
# ---- Packet-level validation tests (fr_radius_ok) ----
22+
#
23+
24+
#
25+
# Packet too short - 19 bytes (minimum is 20)
26+
#
27+
decode-proto 01 00 00 13 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
28+
match Packet failed verification - packet is smaller than the minimum packet length
29+
30+
#
31+
# Packet too short - 10 bytes
32+
#
33+
decode-proto 01 00 00 0a 00 01 02 03 04 05
34+
match Packet failed verification - packet is smaller than the minimum packet length
35+
36+
#
37+
# Unknown packet code 0
38+
#
39+
decode-proto 00 00 00 14 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
40+
match Packet failed verification - unknown packet code
41+
42+
#
43+
# Unknown packet code 53 (0x35) - first invalid code (FR_RADIUS_CODE_MAX)
44+
#
45+
decode-proto 35 00 00 14 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
46+
match Packet failed verification - unknown packet code
47+
48+
#
49+
# Unknown packet code 255
50+
#
51+
decode-proto ff 00 00 14 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
52+
match Packet failed verification - unknown packet code
53+
54+
#
55+
# Header length field too small - says 19 (0x0013) but minimum is 20
56+
# Actual data is 20 bytes.
57+
#
58+
decode-proto 01 00 00 13 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
59+
match Packet failed verification - header 'length' field has a value smaller than the minimum packet length
60+
61+
#
62+
# Header length field larger than received data - says 100 (0x0064)
63+
# but only 20 bytes of data.
64+
#
65+
decode-proto 01 00 00 64 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
66+
match Packet failed verification - header 'length' field has a value larger than the received data
67+
68+
#
69+
# Attribute header overflows packet - only 1 byte after 20-byte header
70+
# Length field = 21, so the 1 byte is "attribute data" but < 2 bytes for a header
71+
#
72+
decode-proto 01 00 00 15 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ff
73+
match Packet failed verification - attribute header overflows the packet
74+
75+
#
76+
# Attribute number zero is invalid
77+
#
78+
decode-proto 01 00 00 16 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 00 02
79+
match Packet failed verification - attribute number 0 is invalid
80+
81+
#
82+
# Attribute length field = 0 (must be >= 2)
83+
#
84+
decode-proto 01 00 00 16 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 01 00
85+
match Packet failed verification - attribute 'length' field contains invalid value
86+
87+
#
88+
# Attribute length field = 1 (must be >= 2)
89+
#
90+
decode-proto 01 00 00 16 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 01 01
91+
match Packet failed verification - attribute 'length' field contains invalid value
92+
93+
#
94+
# Attribute length overflows packet - claims 10 bytes but only 2 available
95+
#
96+
decode-proto 01 00 00 16 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 01 0a
97+
match Packet failed verification - attribute 'length' field overflows the packet
98+
99+
#
100+
# Message-Authenticator (type 80/0x50) with invalid length
101+
# Must be exactly 18 bytes (2 header + 16 HMAC-MD5). Here it's 5 bytes.
102+
#
103+
decode-proto 01 00 00 19 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 50 05 00 00 00
104+
match Packet failed verification - Message-Authenticator has invalid length
105+
106+
#
107+
# Status-Server (code 12/0x0c) requires Message-Authenticator
108+
# This packet has no attributes at all.
109+
#
110+
decode-proto 0c 00 00 14 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
111+
match Packet failed verification - Message-Authenticator is required for this packet, but it is missing
112+
113+
#
114+
# EAP-Message (type 79/0x4f) present requires Message-Authenticator
115+
# Access-Request with EAP-Message but no MA.
116+
#
117+
decode-proto 01 00 00 18 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 4f 04 01 01
118+
match Packet failed verification - Message-Authenticator is required for this packet, but it is missing
119+
120+
#
121+
# Status-Server with User-Name but no Message-Authenticator
122+
#
123+
decode-proto 0c 00 00 19 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 01 05 62 6f 62
124+
match Packet failed verification - Message-Authenticator is required for this packet, but it is missing
125+
126+
#
127+
# Multiple attribute errors: first attribute is valid, second has length 0
128+
#
129+
decode-proto 01 00 00 1a 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 01 04 68 69 02 00
130+
match Packet failed verification - attribute 'length' field contains invalid value
131+
132+
#
133+
# Multiple attributes: first valid, second overflows
134+
# User-Name = "hi" (4 bytes), then NAS-IP (type 4) claiming 10 bytes
135+
#
136+
decode-proto 01 00 00 1a 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 01 04 68 69 04 0a
137+
match Packet failed verification - attribute 'length' field overflows the packet
138+
14139
count
15-
match 7
140+
match 45

0 commit comments

Comments
 (0)