DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

RADIUS DAS: Move Message-Authenticator attribute to be the first one

Browse source 
Even if this might not be strictly speaking necessary for mitigating
certain RADIUS protocol attacks, be consistent with the RADIUS server
behavior and move the Message-Authenticator attribute to be the first
attribute in the RADIUS DAS responses from hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2024-03-16 11:26:58 +02:00
parent 37fe8e48ab
commit f54157077f
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/radius/radius_das.c
View file

@ -177,6 +177,11 @@ fail:
if (reply == NULL)
return NULL;
if (!radius_msg_add_msg_auth(reply)) {
radius_msg_free(reply);
return NULL;
}
if (error) {
if (!radius_msg_add_attr_int32(reply, RADIUS_ATTR_ERROR_CAUSE,
error)) {
@ -368,6 +373,11 @@ fail:
if (!reply)
return NULL;
if (!radius_msg_add_msg_auth(reply)) {
radius_msg_free(reply);
return NULL;
}
if (error &&
!radius_msg_add_attr_int32(reply, RADIUS_ATTR_ERROR_CAUSE, error)) {
radius_msg_free(reply);