break out length checks into separate error message

alandekok · alandekok · commit 965fe9345023 · 2026-03-18T12:39:47.000-04:00
diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
@@ -589,8 +589,16 @@ static int CC_HINT(nonnull) mod_process(void *arg, eap_handler_t *handler)
 	}
 
 	length = (eap_ds->response->type.data[2] << 8) | eap_ds->response->type.data[3];
-	if ((length < (5 + 49)) || (length > (256 + 5 + 49)) || (length != (eap_ds->response->type.length - 5))) {
-		REDEBUG("Response contains invalid length %zd", length);
+	if ((length < (5 + 49)) || (length > (256 + 5 + 49))) {
+		REDEBUG("Response contains invalid MS-Length %zd");
+		return 0;
+	}
+
+	/*
+	 *	type.length is already updated to remove the EAP header.
+	 */
+	if (length != eap_ds->response->type.length) {
+		REDEBUG("Response contains invalid MS-Length %zd vs %zd", length, eap_ds->response->type.length);
 		return 0;
 	}
 
