Date: Fri, 10 Jun 2022 16:00:49 +0000 From: bugzilla-noreply@freebsd.org To: standards@FreeBSD.org Subject: [Bug 264598] libradius invalid Message-Authenticator in retransmit packet Message-ID: <bug-264598-99@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D264598 Bug ID: 264598 Summary: libradius invalid Message-Authenticator in retransmit packet Product: Base System Version: Unspecified Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: standards Assignee: standards@FreeBSD.org Reporter: hwlin1414@cs.nctu.edu.tw When libradius retransmit packets, the insert_message_authenticator functio= n is called and calculated again with old Message-Authenticator checksum. It cau= se the Message-Authenticator set to the wrong checksum in retransmit packet. According to RFC-2869 https://datatracker.ietf.org/doc/html/rfc2869#section-5.14 > When the checksum is calculated the signature string should be > considered to be sixteen octets of zero. A possible fix maybe: --- a/radlib.c +++ b/radlib.c @@ -160,6 +160,8 @@ insert_message_authenticator(struct rad_handle *h, int resp) srvp =3D &h->servers[h->srv]; if (h->authentic_pos !=3D 0) { + memset(&h->out[h->authentic_pos + 2], 0, MD5_DIGEST_LENGTH); + ctx =3D HMAC_CTX_new(); HMAC_Init_ex(ctx, srvp->secret, strlen(srvp->secret), EVP_md5(), NULL); HMAC_Update(ctx, &h->out[POS_CODE], POS_AUTH - POS_CODE); --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-264598-99>