From: Nick Porter <nick@portercomputing.co.uk>
Date: Tue, 9 Dec 2025 15:57:20 +0000 (+0000)
Subject: Look for Message-Authenticator in the correct list
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a96fe2a5ba3496b5dbe65488ca422386ce839eee;p=thirdparty%2Ffreeradius-server.git

Look for Message-Authenticator in the correct list

This check is for Message-Authenticator in the reply from a home server
- so look in the list the response has been decoded into.
---

diff --git a/src/modules/rlm_radius/bio.c b/src/modules/rlm_radius/bio.c
index aa4a6355d77..119c665f100 100644
--- a/src/modules/rlm_radius/bio.c
+++ b/src/modules/rlm_radius/bio.c
@@ -1235,8 +1235,8 @@ static fr_radius_decode_fail_t decode(TALLOC_CTX *ctx, fr_pair_list_t *reply, ui
 	if ((u->code == FR_RADIUS_CODE_ACCESS_REQUEST) &&
 	    (inst->require_message_authenticator == FR_RADIUS_REQUIRE_MA_AUTO) &&
 	    !*(inst->received_message_authenticator) &&
-	    fr_pair_find_by_da(&request->request_pairs, NULL, attr_message_authenticator) &&
-	    !fr_pair_find_by_da(&request->request_pairs, NULL, attr_eap_message)) {
+	    fr_pair_find_by_da(reply, NULL, attr_message_authenticator) &&
+	    !fr_pair_find_by_da(reply, NULL, attr_eap_message)) {
 		RINFO("Packet contained a valid Message-Authenticator.  Setting \"require_message_authenticator = yes\"");
 		*(inst->received_message_authenticator) = true;
 	}