Support verification of RADIUS request messages
authorMartin Willi <martin@revosec.ch>
Wed, 22 Feb 2012 12:06:14 +0000 (13:06 +0100)
committerMartin Willi <martin@revosec.ch>
Mon, 5 Mar 2012 17:06:13 +0000 (18:06 +0100)
src/libcharon/plugins/eap_radius/radius_message.c
src/libcharon/plugins/eap_radius/radius_message.h

index 7fa95e3..8a2074b 100644 (file)
@@ -319,7 +319,14 @@ METHOD(radius_message_t, verify, bool,
 
        /* replace Response by Request Authenticator for verification */
        memcpy(res_auth, this->msg->authenticator, HASH_SIZE_MD5);
-       memcpy(this->msg->authenticator, req_auth, HASH_SIZE_MD5);
+       if (req_auth)
+       {
+               memcpy(this->msg->authenticator, req_auth, HASH_SIZE_MD5);
+       }
+       else
+       {
+               memset(this->msg->authenticator, 0, HASH_SIZE_MD5);
+       }
        msg = chunk_create((u_char*)this->msg, ntohs(this->msg->length));
 
        /* verify Response-Authenticator */
index eede401..7f1c456 100644 (file)
@@ -251,9 +251,9 @@ struct radius_message_t {
                                 hasher_t *hasher, chunk_t secret);
 
        /**
-        * Verify the integrity of a received RADIUS response.
+        * Verify the integrity of a received RADIUS message.
         *
-        * @param req_auth              16 byte Authenticator of the corresponding request
+        * @param req_auth              16 byte Authenticator of request, or NULL
         * @param secret                shared RADIUS secret
         * @param hasher                hasher to verify Response-Authenticator
         * @param signer                signer to verify Message-Authenticator attribute