]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 67bb7ab)
pass require_ma to fr_radius_verify()
authorAlan T. DeKok <aland@freeradius.org>
Tue, 12 Oct 2021 17:57:11 +0000 (13:57 -0400)
committerAlan T. DeKok <aland@freeradius.org>
Tue, 12 Oct 2021 17:57:11 +0000 (13:57 -0400)
src/listen/radius/proto_radius.c patch | blob | blame | history

diff --git a/src/listen/radius/proto_radius.c b/src/listen/radius/proto_radius.c
index 85c153ef864207b3737581f24a0d60da2247fd46..72caae6be5e59dd94535be2778ca04d6205232fc 100644 (file)
--- a/src/listen/radius/proto_radius.c
+++ b/src/listen/radius/proto_radius.c
@@ -209,6 +209,12 @@ static int mod_decode(void const *instance, request_t *request, uint8_t *const d
 
        client = address->radclient;
 
+       if (fr_radius_verify(data, NULL, (uint8_t const *) client->secret, talloc_array_length(client->secret) - 1,
+                            client->message_authenticator) < 0) {
+               RPEDEBUG("Failed verifying packet signature.");
+               return -1;
+       }
+
        /*
         *      Hacks for now until we have a lower-level decode routine.
         */
Mirror of https://github.com/FreeRADIUS/freeradius-server.git