Support verification of RADIUS request messages

author Martin Willi <martin@revosec.ch>

Wed, 22 Feb 2012 12:06:14 +0000 (13:06 +0100)

committer Martin Willi <martin@revosec.ch>

Mon, 5 Mar 2012 17:06:13 +0000 (18:06 +0100)
author Martin Willi <martin@revosec.ch>
Wed, 22 Feb 2012 12:06:14 +0000 (13:06 +0100)
committer Martin Willi <martin@revosec.ch>
Mon, 5 Mar 2012 17:06:13 +0000 (18:06 +0100)
diff --git a/src/libcharon/plugins/eap_radius/radius_message.c b/src/libcharon/plugins/eap_radius/radius_message.c

index 7fa95e39d0c278b5a4c22537a09a4da553c23b76..8a2074b2f305e107d11f66a07c09442a1cdc8b91 100644 (file)
--- a/src/libcharon/plugins/eap_radius/radius_message.c
+++ b/src/libcharon/plugins/eap_radius/radius_message.c
@@ -319,7 +319,14 @@ METHOD(radius_message_t, verify, bool,
  
         /* replace Response by Request Authenticator for verification */
         memcpy(res_auth, this->msg->authenticator, HASH_SIZE_MD5);
-       memcpy(this->msg->authenticator, req_auth, HASH_SIZE_MD5);
+       if (req_auth)
+       {
+               memcpy(this->msg->authenticator, req_auth, HASH_SIZE_MD5);
+       }
+       else
+       {
+               memset(this->msg->authenticator, 0, HASH_SIZE_MD5);
+       }
         msg = chunk_create((u_char*)this->msg, ntohs(this->msg->length));
  
         /* verify Response-Authenticator */
diff --git a/src/libcharon/plugins/eap_radius/radius_message.h b/src/libcharon/plugins/eap_radius/radius_message.h

index eede401206047d435c89be916f88fa6ea83b75c6..7f1c456da5b6f72fcf7539f865f749a499f8a029 100644 (file)
--- a/src/libcharon/plugins/eap_radius/radius_message.h
+++ b/src/libcharon/plugins/eap_radius/radius_message.h
@@ -251,9 +251,9 @@ struct radius_message_t {
                                  hasher_t *hasher, chunk_t secret);
  
         /**
-        * Verify the integrity of a received RADIUS response.
+        * Verify the integrity of a received RADIUS message.
          *
-        * @param req_auth              16 byte Authenticator of the corresponding request
+        * @param req_auth              16 byte Authenticator of request, or NULL
          * @param secret                shared RADIUS secret
          * @param hasher                hasher to verify Response-Authenticator
          * @param signer                signer to verify Message-Authenticator attribute
author	Martin Willi <martin@revosec.ch>
	Wed, 22 Feb 2012 12:06:14 +0000 (13:06 +0100)
committer	Martin Willi <martin@revosec.ch>
	Mon, 5 Mar 2012 17:06:13 +0000 (18:06 +0100)
src/libcharon/plugins/eap_radius/radius_message.c		patch \| blob \| blame \| history
src/libcharon/plugins/eap_radius/radius_message.h		patch \| blob \| blame \| history