BUG #19422: Malformed raius packet

The following bug has been logged on the website:

Bug reference: 19422
Logged by: Stanislav Osipov
Email address: stasos24(at)gmail(dot)com
PostgreSQL version: 18.3
Operating system: Ubuntu 22
Description:

User can create malformed radius packet by sending username, which length is
>253
This is would lead to overwriting raidius attributes without causing
security consequences

Due to calling radius_add_attribute at PerformRadiusTransaction:
[https://github.com/postgres/postgres/blob/386ca3908de28dd882a62b8f97a329db07b23138/src/backend/libpq/auth.c#L3012]

radius_add_attribute(packet, RADIUS_USER_NAME, (const unsigned char *)
user_name, strlen(user_name));
[https://github.com/postgres/postgres/blob/386ca3908de28dd882a62b8f97a329db07b23138/src/backend/libpq/auth.c#L2828]
{...
attr = (radius_attribute *) ((unsigned char *) packet +
packet->length);
attr->attribute = type;
attr->length = len + 2; /* total size includes type and
length */
memcpy(attr->data, data, len);
packet->length += attr->length;
}

User may overflow attr->length (uint8) by sending user_name with length of
254 that would led to overwriting user_name attribute and to incorrect
computation of packet->length by next call of radius_add_attribute
[https://github.com/postgres/postgres/blob/386ca3908de28dd882a62b8f97a329db07b23138/src/backend/libpq/auth.c#L3013]
Even though it overflows only in bounds of array, it may have negative
affect in the future.