From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 7 May 2012 16:33:31 +0000 (+0200)
Subject: oreect Message-Authenticator calculation for CoA packets.
X-Git-Tag: release_2_2_0~130
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be9f5b6cf71e21f28ccbb8893085690f89b4f0d4;p=thirdparty%2Ffreeradius-server.git

oreect Message-Authenticator calculation for CoA packets.

Patch from Jouni Malinen.
---

diff --git a/src/lib/radius.c b/src/lib/radius.c
index 31948547872..375bded9a37 100644
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -2095,11 +2095,7 @@ int rad_verify(RADIUS_PACKET *packet, RADIUS_PACKET *original,
 
 			case PW_ACCOUNTING_REQUEST:
 			case PW_DISCONNECT_REQUEST:
-			case PW_DISCONNECT_ACK:
-			case PW_DISCONNECT_NAK:
 			case PW_COA_REQUEST:
-			case PW_COA_ACK:
-			case PW_COA_NAK:
 			  	memset(packet->data + 4, 0, AUTH_VECTOR_LEN);
 				break;
 
@@ -2107,6 +2103,10 @@ int rad_verify(RADIUS_PACKET *packet, RADIUS_PACKET *original,
 			case PW_AUTHENTICATION_ACK:
 			case PW_AUTHENTICATION_REJECT:
 			case PW_ACCESS_CHALLENGE:
+			case PW_DISCONNECT_ACK:
+			case PW_DISCONNECT_NAK:
+			case PW_COA_ACK:
+			case PW_COA_NAK:
 				if (!original) {
 					fr_strerror_printf("ERROR: Cannot validate Message-Authenticator in response packet without a request packet.");
 					return -1;