From: Martin Willi Date: Thu, 5 Jul 2012 16:11:26 +0000 (+0200) Subject: Add a return value to radius_message_t.sign() X-Git-Tag: 5.0.1~372 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5fb719e0de156f6940b7475f444b2d36ebbf7c8d;p=thirdparty%2Fstrongswan.git Add a return value to radius_message_t.sign() --- diff --git a/src/libcharon/plugins/eap_radius/eap_radius_dae.c b/src/libcharon/plugins/eap_radius/eap_radius_dae.c index 80da99a0f3..75b7b70a78 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c @@ -184,11 +184,16 @@ static void send_response(private_eap_radius_dae_t *this, response = radius_message_create(code); response->set_identifier(response, request->get_identifier(request)); - response->sign(response, request->get_authenticator(request), - this->secret, this->hasher, this->signer, NULL, FALSE); - - send_message(this, response, client); - save_retransmit(this, response, client); + if (response->sign(response, request->get_authenticator(request), + this->secret, this->hasher, this->signer, NULL, FALSE)) + { + send_message(this, response, client); + save_retransmit(this, response, client); + } + else + { + response->destroy(response); + } } /** diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c index 7e2e667f9a..6911364306 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c @@ -293,12 +293,13 @@ static void send_response(private_tnc_pdp_t *this, radius_message_t *request, chunk_free(&data); } response->set_identifier(response, request->get_identifier(request)); - response->sign(response, request->get_authenticator(request), - this->secret, this->hasher, this->signer, NULL, TRUE); - - DBG1(DBG_CFG, "sending RADIUS %N to client '%H'", radius_message_code_names, - code, client); - send_message(this, response, client); + if (response->sign(response, request->get_authenticator(request), + this->secret, this->hasher, this->signer, NULL, TRUE)) + { + DBG1(DBG_CFG, "sending RADIUS %N to client '%H'", + radius_message_code_names, code, client); + send_message(this, response, client); + } response->destroy(response); } diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c index 17fa7357b5..6291244d03 100644 --- a/src/libradius/radius_message.c +++ b/src/libradius/radius_message.c @@ -286,7 +286,7 @@ METHOD(radius_message_t, add, void, this->msg->length = htons(ntohs(this->msg->length) + attribute->length); } -METHOD(radius_message_t, sign, void, +METHOD(radius_message_t, sign, bool, private_radius_message_t *this, u_int8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth) { @@ -329,6 +329,7 @@ METHOD(radius_message_t, sign, void, hasher->get_hash(hasher, msg, NULL); hasher->get_hash(hasher, secret, this->msg->authenticator); } + return TRUE; } METHOD(radius_message_t, verify, bool, diff --git a/src/libradius/radius_message.h b/src/libradius/radius_message.h index 6d0df53c35..f9c57c5ef8 100644 --- a/src/libradius/radius_message.h +++ b/src/libradius/radius_message.h @@ -257,8 +257,9 @@ struct radius_message_t { * @param hasher MD5 hasher * @param rng RNG to create Request-Authenticator, NULL to omit * @param msg_auth calculate and add Message-Authenticator + * @return TRUE if signed successfully */ - void (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret, + bool (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth); /** diff --git a/src/libradius/radius_socket.c b/src/libradius/radius_socket.c index 048c8814e5..143f99e00a 100644 --- a/src/libradius/radius_socket.c +++ b/src/libradius/radius_socket.c @@ -148,8 +148,11 @@ METHOD(radius_socket_t, request, radius_message_t*, /* set Message Identifier */ request->set_identifier(request, this->identifier++); /* sign the request */ - request->sign(request, NULL, this->secret, this->hasher, this->signer, - rng, rng != NULL); + if (!request->sign(request, NULL, this->secret, this->hasher, this->signer, + rng, rng != NULL)) + { + return NULL; + } if (!check_connection(this, fd, port)) {