[Bug 264598] libradius invalid Message-Authenticator in retransmit packet

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 264598] libradius invalid Message-Authenticator in retransmit packet"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 264598] libradius invalid Message-Authenticator in retransmit packet"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 10 Jun 2022 16:00:49 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264598

            Bug ID: 264598
           Summary: libradius invalid Message-Authenticator in retransmit
                    packet
           Product: Base System
           Version: Unspecified
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: standards
          Assignee: standards@FreeBSD.org
          Reporter: hwlin1414@cs.nctu.edu.tw

When libradius retransmit packets, the insert_message_authenticator function is
called and calculated again with old Message-Authenticator checksum. It cause
the Message-Authenticator set to the wrong checksum in retransmit packet.

According to RFC-2869
https://datatracker.ietf.org/doc/html/rfc2869#section-5.14
> When the checksum is calculated the signature string should be
> considered to be sixteen octets of zero.

A possible fix maybe:
--- a/radlib.c
+++ b/radlib.c
@@ -160,6 +160,8 @@ insert_message_authenticator(struct rad_handle *h, int
resp)
        srvp = &h->servers[h->srv];

        if (h->authentic_pos != 0) {
+               memset(&h->out[h->authentic_pos + 2], 0, MD5_DIGEST_LENGTH);
+
                ctx = HMAC_CTX_new();
                HMAC_Init_ex(ctx, srvp->secret, strlen(srvp->secret),
EVP_md5(), NULL);
                HMAC_Update(ctx, &h->out[POS_CODE], POS_AUTH - POS_CODE);

-- 
You are receiving this mail because:
You are the assignee for the bug.