Add a return value to radius_message_t.sign()
authorMartin Willi <martin@revosec.ch>
Thu, 5 Jul 2012 16:11:26 +0000 (18:11 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:33 +0000 (14:53 +0200)
src/libcharon/plugins/eap_radius/eap_radius_dae.c
src/libcharon/plugins/tnc_pdp/tnc_pdp.c
src/libradius/radius_message.c
src/libradius/radius_message.h
src/libradius/radius_socket.c

index 80da99a..75b7b70 100644 (file)
@@ -184,11 +184,16 @@ static void send_response(private_eap_radius_dae_t *this,
 
        response = radius_message_create(code);
        response->set_identifier(response, request->get_identifier(request));
-       response->sign(response, request->get_authenticator(request),
-                                  this->secret, this->hasher, this->signer, NULL, FALSE);
-
-       send_message(this, response, client);
-       save_retransmit(this, response, client);
+       if (response->sign(response, request->get_authenticator(request),
+                                          this->secret, this->hasher, this->signer, NULL, FALSE))
+       {
+               send_message(this, response, client);
+               save_retransmit(this, response, client);
+       }
+       else
+       {
+               response->destroy(response);
+       }
 }
 
 /**
index 7e2e667..6911364 100644 (file)
@@ -293,12 +293,13 @@ static void send_response(private_tnc_pdp_t *this, radius_message_t *request,
                chunk_free(&data);
        }
        response->set_identifier(response, request->get_identifier(request));
-       response->sign(response, request->get_authenticator(request),
-                                  this->secret, this->hasher, this->signer, NULL, TRUE);
-
-       DBG1(DBG_CFG, "sending RADIUS %N to client '%H'", radius_message_code_names,
-                code, client);
-       send_message(this, response, client);
+       if (response->sign(response, request->get_authenticator(request),
+                                          this->secret, this->hasher, this->signer, NULL, TRUE))
+       {
+               DBG1(DBG_CFG, "sending RADIUS %N to client '%H'",
+                        radius_message_code_names, code, client);
+               send_message(this, response, client);
+       }
        response->destroy(response);
 }
 
index 17fa735..6291244 100644 (file)
@@ -286,7 +286,7 @@ METHOD(radius_message_t, add, void,
        this->msg->length = htons(ntohs(this->msg->length) + attribute->length);
 }
 
-METHOD(radius_message_t, sign, void,
+METHOD(radius_message_t, sign, bool,
        private_radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
        hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth)
 {
@@ -329,6 +329,7 @@ METHOD(radius_message_t, sign, void,
                hasher->get_hash(hasher, msg, NULL);
                hasher->get_hash(hasher, secret, this->msg->authenticator);
        }
+       return TRUE;
 }
 
 METHOD(radius_message_t, verify, bool,
index 6d0df53..f9c57c5 100644 (file)
@@ -257,8 +257,9 @@ struct radius_message_t {
         * @param hasher                MD5 hasher
         * @param rng                   RNG to create Request-Authenticator, NULL to omit
         * @param msg_auth              calculate and add Message-Authenticator
+        * @return                              TRUE if signed successfully
         */
-       void (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
+       bool (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
                                 hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth);
 
        /**
index 048c881..143f99e 100644 (file)
@@ -148,8 +148,11 @@ METHOD(radius_socket_t, request, radius_message_t*,
        /* set Message Identifier */
        request->set_identifier(request, this->identifier++);
        /* sign the request */
-       request->sign(request, NULL, this->secret, this->hasher, this->signer,
-                                                  rng, rng != NULL);
+       if (!request->sign(request, NULL, this->secret, this->hasher, this->signer,
+                                          rng, rng != NULL))
+       {
+               return NULL;
+       }
 
        if (!check_connection(this, fd, port))
        {