aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src
diff options
context:
space:
mode:
authorAnders Svensson <[email protected]>2015-06-15 17:46:44 +0200
committerAnders Svensson <[email protected]>2015-06-18 00:41:37 +0200
commit7f4f9583bb1245c27ca58d88fe6862498a2df1f2 (patch)
tree59d0c6e4632a54f96cf6b6f7202cb3cd5eb26aaf /lib/ssl/doc/src
parent552962544c812caa1005094f3a0a00e05556565b (diff)
downloadotp-7f4f9583bb1245c27ca58d88fe6862498a2df1f2.tar.gz
otp-7f4f9583bb1245c27ca58d88fe6862498a2df1f2.tar.bz2
otp-7f4f9583bb1245c27ca58d88fe6862498a2df1f2.zip
Fix decode of Grouped AVPs containing errors
RFC 6733 says this of Failed-AVP in 7.5: In the case where the offending AVP is embedded within a Grouped AVP, the Failed-AVP MAY contain the grouped AVP, which in turn contains the single offending AVP. The same method MAY be employed if the grouped AVP itself is embedded in yet another grouped AVP and so on. In this case, the Failed-AVP MAY contain the grouped AVP hierarchy up to the single offending AVP. This enables the recipient to detect the location of the offending AVP when embedded in a group. It says this of DIAMETER_INVALID_AVP_LENGTH in 7.1.5: The request contained an AVP with an invalid length. A Diameter message indicating this error MUST include the offending AVPs within a Failed-AVP AVP. In cases where the erroneous AVP length value exceeds the message length or is less than the minimum AVP header length, it is sufficient to include the offending AVP header and a zero filled payload of the minimum required length for the payloads data type. If the AVP is a Grouped AVP, the Grouped AVP header with an empty payload would be sufficient to indicate the offending AVP. In the case where the offending AVP header cannot be fully decoded when the AVP length is less than the minimum AVP header length, it is sufficient to include an offending AVP header that is formulated by padding the incomplete AVP header with zero up to the minimum AVP header length. The AVPs placed in the errors field of a diameter_packet record are intended to be appropriate for inclusion in a Failed-AVP, but neither of the above paragraphs has been followed in the Grouped case: the entire faulty AVP (non-faulty components and all) has been included. This made it impossible to identify the actual faulty AVP in all but simple case. This commit adapts the decode to the RFC, and implements the suggested single faulty AVP, nested in as many Grouped containers as required. The best-effort decode of Failed-AVP in answer messages, initially implemented in commit 0f9cdbaf, is also applied.
Diffstat (limited to 'lib/ssl/doc/src')
0 files changed, 0 insertions, 0 deletions