merge commit

attribute.go

@@ -139,7 +139,7 @@ func NewIFID(addr net.HardwareAddr) (Attribute, error) {
 // attribute length is invalid, the secret is empty, or the requestAuthenticator
 // length is invalid.
 func UserPassword(a Attribute, secret, requestAuthenticator []byte) ([]byte, error) {
-	if len(a) < 16 || len(a) > 128 {
+	if len(a) < 16 || len(a) > 128 || len(a)%16 != 0 {
 		return nil, errors.New("invalid attribute length (" + strconv.Itoa(len(a)) + ")")
 	}
 	if len(secret) == 0 {
@@ -204,8 +204,8 @@ func NewUserPassword(plaintext, secret, requestAuthenticator []byte) (Attribute,
 	hash.Write(requestAuthenticator)
 	enc = hash.Sum(enc)
 
-	for i, b := range plaintext[:16] {
-		enc[i] ^= b
+	for i := 0; i < 16 && i < len(plaintext); i++ {
+		enc[i] ^= plaintext[i]
 	}
 
 	for i := 16; i < len(plaintext); i += 16 {
@@ -214,8 +214,8 @@ func NewUserPassword(plaintext, secret, requestAuthenticator []byte) (Attribute,
 		hash.Write(enc[i-16 : i])
 		enc = hash.Sum(enc)
 
-		for j, b := range plaintext[i : i+16] {
-			enc[i+j] ^= b
+		for j := 0; j < 16 && i+j < len(plaintext); j++ {
+			enc[i+j] ^= plaintext[i+j]
 		}
 	}
 
@@ -467,18 +467,21 @@ func IPv6Prefix(a Attribute) (*net.IPNet, error) {
 	}
 
 	prefixLength := int(a[1])
-	if (len(a)-2)*8 < prefixLength {
+	if prefixLength > net.IPv6len*8 {
 		return nil, errors.New("invalid prefix length")
 	}
 
 	ip := make(net.IP, net.IPv6len)
 	copy(ip, a[2:])
 
-	// clear final non-mask bits
-	if i := uint(prefixLength % 8); i != 0 {
-		for ; i < 8; i++ {
-			ip[prefixLength/8] &^= 1 << (7 - i)
+	bit := uint(prefixLength % 8)
+	for octet := prefixLength / 8; octet < len(ip); octet++ {
+		for ; bit < 8; bit++ {
+			if ip[octet]&(1<<(7-bit)) != 0 {
+				return nil, errors.New("invalid prefix data")
+			}
 		}
+		bit = 0
 	}
 
 	return &net.IPNet{

attribute_test.go

@@ -10,28 +10,36 @@ import (
 
 func TestNewUserPassword_length(t *testing.T) {
 	tbl := []struct {
-		Password      string
+		Password      []byte
 		EncodedLength int
 	}{
-		{"", 16},
-		{"abc", 16},
-		{"0123456789abcde", 16},
-		{"0123456789abcdef", 16},
-		{"0123456789abcdef0", 16 * 2},
-		{"0123456789abcdef0123456789abcdef0123456789abcdef", 16 * 3},
+		{append(make([]byte, 0, 0), ""...), 16},
+		{append(make([]byte, 0, 15), "abc"...), 16},
+		{append(make([]byte, 0, 15), "0123456789abcde"...), 16},
+		{append(make([]byte, 0, 16), "0123456789abcdef"...), 16},
+		{append(make([]byte, 0, 30), "0123456789abcdef0"...), 16 * 2},
+		{append(make([]byte, 0, 48), "0123456789abcdefzzzzzzzzzzzzzzzzQQQQQQQQQQQQQQQQ"...), 16 * 3},
 	}
 
 	secret := []byte(`12345`)
 	ra := []byte(`0123456789abcdef`)
 
 	for _, x := range tbl {
-		attr, err := NewUserPassword([]byte(x.Password), secret, ra)
+		attr, err := NewUserPassword(x.Password, secret, ra)
 		if err != nil {
 			t.Fatal(err)
 		}
 		if len(attr) != x.EncodedLength {
 			t.Fatalf("expected encoded length of %#v = %d, got %d", x.Password, x.EncodedLength, len(attr))
 		}
+
+		decoded, err := UserPassword(attr, secret, ra)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !bytes.Equal(decoded, x.Password) {
+			t.Fatalf("expected roundtrip to succeed")
+		}
 	}
 }
 
@@ -122,6 +130,19 @@ func TestIPv6Prefix(t *testing.T) {
 	}
 }
 
+func TestIPv6Prefix_issue118(t *testing.T) {
+	ipNet, err := IPv6Prefix([]byte{0x00, 0x40, 0x20, 0x01, 0x15, 0x30, 0x10, 0x0e})
+	if err != nil {
+		t.Fatalf("unexpected error: %s", err)
+	}
+	if expected := net.ParseIP("2001:1530:100e::"); !ipNet.IP.Equal(expected) {
+		t.Fatalf("got %v, expected %v", ipNet.IP, expected)
+	}
+	if ones, size := ipNet.Mask.Size(); ones != 64 || size != 128 {
+		t.Fatalf("got %v:%v, expected 64, 128", ones, size)
+	}
+}
+
 func ipNetEquals(a, b *net.IPNet) bool {
 	if a == nil && b == nil {
 		return true

go.mod

@@ -3,6 +3,6 @@ module layeh.com/radius
 go 1.12
 
 require (
-	golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899
-	golang.org/x/text v0.3.3
+	golang.org/x/crypto v0.13.0
+	golang.org/x/text v0.13.0
 )

go.sum

@@ -1,10 +1,40 @@
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899 h1:DZhuSZLsGlFL4CmhA8BcRA0mnthyA/nZ00AqCUo7vHg=
-golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=