From 95f6f6a49d44a2fc23e425482455cd170ee8255a Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Mon, 2 Jun 2014 15:50:31 +0300
Subject: [PATCH] RADIUS/EAP server: Use longer username buffer to avoid
 truncation

If the peer provides a username with large part of it being non-ASCII
characters, the previously used buffers may not have been long enough to
include the full string in debug logs and database search due to forced
truncation of the string by printf_encode(). Avoid this by increasing
the buffer sizes to fit in the maximum result.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
 src/eap_server/eap_server_identity.c | 4 ++--
 src/eap_server/eap_server_mschapv2.c | 4 ++--
 src/eap_server/eap_server_ttls.c     | 4 ++--
 src/radius/radius_server.c           | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/eap_server/eap_server_identity.c b/src/eap_server/eap_server_identity.c
index b3c20873a..45015336b 100644
--- a/src/eap_server/eap_server_identity.c
+++ b/src/eap_server/eap_server_identity.c
@@ -120,9 +120,9 @@ static void eap_identity_process(struct eap_sm *sm, void *priv,
 		return; /* Should not happen - frame already validated */
 
 	wpa_hexdump_ascii(MSG_DEBUG, "EAP-Identity: Peer identity", pos, len);
-	buf = os_malloc(len * 3 + 1);
+	buf = os_malloc(len * 4 + 1);
 	if (buf) {
-		printf_encode(buf, len * 3 + 1, pos, len);
+		printf_encode(buf, len * 4 + 1, pos, len);
 		eap_log_msg(sm, "EAP-Response/Identity '%s'", buf);
 		os_free(buf);
 	}
diff --git a/src/eap_server/eap_server_mschapv2.c b/src/eap_server/eap_server_mschapv2.c
index 790c71950..0eb7908f3 100644
--- a/src/eap_server/eap_server_mschapv2.c
+++ b/src/eap_server/eap_server_mschapv2.c
@@ -330,9 +330,9 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
 	wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
 	wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
 
-	buf = os_malloc(name_len * 3 + 1);
+	buf = os_malloc(name_len * 4 + 1);
 	if (buf) {
-		printf_encode(buf, name_len * 3 + 1, name, name_len);
+		printf_encode(buf, name_len * 4 + 1, name, name_len);
 		eap_log_msg(sm, "EAP-MSCHAPV2 Name '%s'", buf);
 		os_free(buf);
 	}
diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c
index 24225a45a..d09a76933 100644
--- a/src/eap_server/eap_server_ttls.c
+++ b/src/eap_server/eap_server_ttls.c
@@ -985,9 +985,9 @@ static void eap_ttls_process_phase2(struct eap_sm *sm,
 
 	if (parse.user_name) {
 		char *nbuf;
-		nbuf = os_malloc(parse.user_name_len * 3 + 1);
+		nbuf = os_malloc(parse.user_name_len * 4 + 1);
 		if (nbuf) {
-			printf_encode(nbuf, parse.user_name_len * 3 + 1,
+			printf_encode(nbuf, parse.user_name_len * 4 + 1,
 				      parse.user_name,
 				      parse.user_name_len);
 			eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf);
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 78c996146..c35ba557a 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -639,12 +639,12 @@ radius_server_get_new_session(struct radius_server_data *data,
 	sess->accept_attr = tmp.accept_attr;
 	sess->macacl = tmp.macacl;
 
-	sess->username = os_malloc(user_len * 2 + 1);
+	sess->username = os_malloc(user_len * 4 + 1);
 	if (sess->username == NULL) {
 		radius_server_session_free(data, sess);
 		return NULL;
 	}
-	printf_encode(sess->username, user_len * 2 + 1, user, user_len);
+	printf_encode(sess->username, user_len * 4 + 1, user, user_len);
 
 	sess->nas_ip = os_strdup(from_addr);
 	if (sess->nas_ip == NULL) {