Date: Sat, 11 Jun 2022 02:08:35 +0000 From: bugzilla-noreply@freebsd.org To: standards@FreeBSD.org Subject: [Bug 264598] libradius invalid Message-Authenticator in retransmit packet Message-ID: <bug-264598-99-AEGcsjXx0I@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-264598-99@https.bugs.freebsd.org/bugzilla/> References: <bug-264598-99@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D264598 --- Comment #2 from hwlin <hwlin1414@cs.nctu.edu.tw> --- I think it's not required to do similar treatment. insert_request_authenticator() is call at radlib.c:776 773| if (h->out[POS_CODE] !=3D RAD_ACCESS_REQUEST) { 774| /* Insert the request authenticator into the request */ 775| memset(&h->out[POS_AUTH], 0, LEN_AUTH); 776| insert_request_authenticator(h, 0); 777| } The old value were cleared before caluclate the new one. insert_request_authenticator() is also call at radlib.c:846 844| insert_message_authenticator(h, 845| (h->in[POS_CODE] =3D=3D RAD_ACCESS_REQUEST) ? 1 : 0); 846| insert_request_authenticator(h, 1); 847| Because of handling response packet, the function use the request packet's request authenticator field instead of response packet's request authentica= tor field. That is to say it would not calculate the old value into the new one. Doing similar treatments doesn't seem to cause any problems. I'm not sure if it's better to clear the old value before calculate the new one. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-264598-99-AEGcsjXx0I>