diff options
author | Anders Svensson <[email protected]> | 2015-06-15 17:46:44 +0200 |
---|---|---|
committer | Anders Svensson <[email protected]> | 2015-06-18 00:41:37 +0200 |
commit | 7f4f9583bb1245c27ca58d88fe6862498a2df1f2 (patch) | |
tree | 59d0c6e4632a54f96cf6b6f7202cb3cd5eb26aaf /lib/ssh/src/ssh_client_key.erl | |
parent | 552962544c812caa1005094f3a0a00e05556565b (diff) | |
download | otp-7f4f9583bb1245c27ca58d88fe6862498a2df1f2.tar.gz otp-7f4f9583bb1245c27ca58d88fe6862498a2df1f2.tar.bz2 otp-7f4f9583bb1245c27ca58d88fe6862498a2df1f2.zip |
Fix decode of Grouped AVPs containing errors
RFC 6733 says this of Failed-AVP in 7.5:
In the case where the offending AVP is embedded within a Grouped AVP,
the Failed-AVP MAY contain the grouped AVP, which in turn contains
the single offending AVP. The same method MAY be employed if the
grouped AVP itself is embedded in yet another grouped AVP and so on.
In this case, the Failed-AVP MAY contain the grouped AVP hierarchy up
to the single offending AVP. This enables the recipient to detect
the location of the offending AVP when embedded in a group.
It says this of DIAMETER_INVALID_AVP_LENGTH in 7.1.5:
The request contained an AVP with an invalid length. A Diameter
message indicating this error MUST include the offending AVPs
within a Failed-AVP AVP. In cases where the erroneous AVP length
value exceeds the message length or is less than the minimum AVP
header length, it is sufficient to include the offending AVP
header and a zero filled payload of the minimum required length
for the payloads data type. If the AVP is a Grouped AVP, the
Grouped AVP header with an empty payload would be sufficient to
indicate the offending AVP. In the case where the offending AVP
header cannot be fully decoded when the AVP length is less than
the minimum AVP header length, it is sufficient to include an
offending AVP header that is formulated by padding the incomplete
AVP header with zero up to the minimum AVP header length.
The AVPs placed in the errors field of a diameter_packet record are
intended to be appropriate for inclusion in a Failed-AVP, but neither of
the above paragraphs has been followed in the Grouped case: the entire
faulty AVP (non-faulty components and all) has been included. This made
it impossible to identify the actual faulty AVP in all but simple case.
This commit adapts the decode to the RFC, and implements the suggested
single faulty AVP, nested in as many Grouped containers as required.
The best-effort decode of Failed-AVP in answer messages, initially
implemented in commit 0f9cdbaf, is also applied.
Diffstat (limited to 'lib/ssh/src/ssh_client_key.erl')
0 files changed, 0 insertions, 0 deletions