hostapd: Move Message-Authenticator attribute to be the first one in req
Even if this is not strictly speaking necessary for mitigating certain RADIUS protocol attacks, be consistent with the RADIUS server behavior and move the Message-Authenticator attribute to be the first attribute in the message from RADIUS client in hostapd. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
689a248260
commit
37fe8e48ab
2 changed files with 6 additions and 0 deletions
|
@ -128,6 +128,9 @@ static int hostapd_radius_acl_query(struct hostapd_data *hapd, const u8 *addr,
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!radius_msg_add_msg_auth(msg))
|
||||||
|
goto fail;
|
||||||
|
|
||||||
os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT, MAC2STR(addr));
|
os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT, MAC2STR(addr));
|
||||||
if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, (u8 *) buf,
|
if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, (u8 *) buf,
|
||||||
os_strlen(buf))) {
|
os_strlen(buf))) {
|
||||||
|
|
|
@ -767,6 +767,9 @@ void ieee802_1x_encapsulate_radius(struct hostapd_data *hapd,
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!radius_msg_add_msg_auth(msg))
|
||||||
|
goto fail;
|
||||||
|
|
||||||
if (sm->identity &&
|
if (sm->identity &&
|
||||||
!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
|
!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
|
||||||
sm->identity, sm->identity_len)) {
|
sm->identity, sm->identity_len)) {
|
||||||
|
|
Loading…
Reference in a new issue