From nobody Sat Jun 11 02:08:35 2022 X-Original-To: standards@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 86B81830756 for ; Sat, 11 Jun 2022 02:08:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LKh8320CTz4gS0 for ; Sat, 11 Jun 2022 02:08:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2533B243E1 for ; Sat, 11 Jun 2022 02:08:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 25B28ZLh030282 for ; Sat, 11 Jun 2022 02:08:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 25B28ZrZ030281 for standards@FreeBSD.org; Sat, 11 Jun 2022 02:08:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: standards@FreeBSD.org Subject: [Bug 264598] libradius invalid Message-Authenticator in retransmit packet Date: Sat, 11 Jun 2022 02:08:35 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: standards X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: hwlin1414@cs.nctu.edu.tw X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: standards@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Standards compliance List-Archive: https://lists.freebsd.org/archives/freebsd-standards List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-standards@freebsd.org X-BeenThere: freebsd-standards@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654913315; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0biIX118PCjMPoFRyimIo4w5xvq6N3VfAW3hcDIidd4=; b=l88Y0d+1xLOOV/UDlVu/gPDyPnZbYxQrDPfeJkXk2gWvtUjmCYkz2AQHBuI7uaWgq3NafP 6ZO7Ud72STNB0PFFs8ic5ZqLgRNnBWbLne4hDmXqUUdRDbiPbBodE1Oea1bdOc0L3PbK5S 3d4vjkrE6eE1lYe1dfnNI8iI4wbKXb2Xl+INBF/53DwR988zUj+tCHS44e/YmdeOSTt9WS dsgC06/DiR+jQmy7BDqBqTDDlXuiZ5NgO/U7yCNTtVj3kOdW6yy1s8HeyZ5/jM/fzm9ZFJ +LPzsl+NFchqnIwSgol6CpYwHiYFQb1ZFhKENtCXXdfQrcS4aTVCd+Y8YX3irg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1654913315; a=rsa-sha256; cv=none; b=vyUncT6EkQKf5y+xLEKsg89rRvpBRGyv8L1pznq37QzhT8ifKPKu3vwPT/SbMlfeSxFwPs wCIBP8svLqaXDOADYpSm2eVe8VgcZHOnT4Mfj53ocC7y8oTA1gpLMmm5LQ3zqRbJESs90i FsmHtw8bz+QuUaf/ENrCw+yYXgw6N8Qi2fNItuOFYWL8hTgZ7m+r1TRT/181eu+WwvBALi tJRVmokogwqMv/JQuV08HPdwgc1D98H72hN5rZ9H5olOGTm9Y0lL3At97WNrf3ePtoYaa3 njsZuP6SeE+m5XRQLuX4rKG6WB2Idy+oDGEBw3YyUIdwbL5Jle1s69ZA7AVaoQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D264598 --- Comment #2 from hwlin --- I think it's not required to do similar treatment. insert_request_authenticator() is call at radlib.c:776 773| if (h->out[POS_CODE] !=3D RAD_ACCESS_REQUEST) { 774| /* Insert the request authenticator into the request */ 775| memset(&h->out[POS_AUTH], 0, LEN_AUTH); 776| insert_request_authenticator(h, 0); 777| } The old value were cleared before caluclate the new one. insert_request_authenticator() is also call at radlib.c:846 844| insert_message_authenticator(h, 845| (h->in[POS_CODE] =3D=3D RAD_ACCESS_REQUEST) ? 1 : 0); 846| insert_request_authenticator(h, 1); 847| Because of handling response packet, the function use the request packet's request authenticator field instead of response packet's request authentica= tor field. That is to say it would not calculate the old value into the new one. Doing similar treatments doesn't seem to cause any problems. I'm not sure if it's better to clear the old value before calculate the new one. --=20 You are receiving this mail because: You are the assignee for the bug.=