[Bug 264598] libradius invalid Message-Authenticator in retransmit packet

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 11 Jun 2022 02:08:35 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264598

--- Comment #2 from hwlin <hwlin1414@cs.nctu.edu.tw> ---
I think it's not required to do similar treatment.

insert_request_authenticator() is call at radlib.c:776
773|    if (h->out[POS_CODE] != RAD_ACCESS_REQUEST) {
774|            /* Insert the request authenticator into the request */
775|            memset(&h->out[POS_AUTH], 0, LEN_AUTH);
776|            insert_request_authenticator(h, 0);
777|    }
The old value were cleared before caluclate the new one.

insert_request_authenticator() is also call at radlib.c:846
844|    insert_message_authenticator(h,
845|        (h->in[POS_CODE] == RAD_ACCESS_REQUEST) ? 1 : 0);
846|    insert_request_authenticator(h, 1);
847|
Because of handling response packet, the function use the request packet's
request authenticator field instead of response packet's request authenticator
field. That is to say it would not calculate the old value into the new one.

Doing similar treatments doesn't seem to cause any problems.
I'm not sure if it's better to clear the old value before calculate the new
one.

-- 
You are receiving this mail because:
You are the assignee for the bug.