Github user necouchman commented on a diff in the pull request: https://github.com/apache/guacamole-client/pull/242#discussion_r165853678 --- Diff: extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java --- @@ -155,9 +158,21 @@ public AuthenticatedUser authenticateUser(Credentials credentials) // This is a response to a previous challenge, authenticate with that. else { try { + String stateString = request.getParameter(RadiusStateField.PARAMETER_NAME); + if (stateString == null) { + logger.warn("Expected state parameter was not present in challenge/response."); + throw new GuacamoleInvalidCredentialsException("Authentication error.", CredentialsInfo.USERNAME_PASSWORD); + } + + byte[] stateBytes = DatatypeConverter.parseHexBinary(stateString); radPack = radiusService.sendChallengeResponse(credentials.getUsername(), - challengeResponse, - request.getParameter(RadiusStateField.PARAMETER_NAME)); + challengeResponse, + stateBytes); + } + catch (IllegalArgumentException e) { + logger.warn("Illegal hexadecimal value while parsing RADIUS state string.", e.getMessage()); + logger.debug("Encountered exception while attepmting to perse the hexidecimanl state value.", e); --- End diff -- Whoa, not my best job of speling.
---