RADIUS: Check Message-Authenticator if it is present even if not required
Always check the Message-Authenticator attribute in a received RADIUS message if it is present. Previously, this would have been skipped if the attribute was not required to be present. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
58097123ec
commit
f302d9f964
1 changed files with 14 additions and 0 deletions
|
|
@ -1001,6 +1001,20 @@ int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!auth) {
|
||||||
|
u8 *pos;
|
||||||
|
size_t alen;
|
||||||
|
|
||||||
|
if (radius_msg_get_attr_ptr(msg,
|
||||||
|
RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
|
||||||
|
&pos, &alen, NULL) == 0) {
|
||||||
|
/* Check the Message-Authenticator attribute since it
|
||||||
|
* was included even if we are configured to not
|
||||||
|
* require it. */
|
||||||
|
auth = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (auth &&
|
if (auth &&
|
||||||
radius_msg_verify_msg_auth(msg, secret, secret_len,
|
radius_msg_verify_msg_auth(msg, secret, secret_len,
|
||||||
sent_msg->hdr->authenticator)) {
|
sent_msg->hdr->authenticator)) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue