Skip to content

Commit

Permalink
Fix Message-Authenticator verification for requests
Browse files Browse the repository at this point in the history
  • Loading branch information
jrisc committed Oct 4, 2024
1 parent afa71c9 commit 8fc1bdd
Showing 1 changed file with 32 additions and 23 deletions.
55 changes: 32 additions & 23 deletions src/lib/krad/packet.c
Original file line number Diff line number Diff line change
Expand Up @@ -569,26 +569,32 @@ static krb5_error_code
verify_msgauth(const char *secret, const krad_packet *req,
const krad_packet *rsp)
{
uint8_t signature[MD5_DIGEST_SIZE]; /* XXX rename */
uint8_t mac[MD5_DIGEST_SIZE];
krad_attr msgauth_type = krad_attr_name2num("Message-Authenticator");
const krb5_data *msgauth;
const krad_packet *pkt;
uint8_t *auth = NULL;
krb5_error_code retval;

msgauth = krad_packet_get_attr(rsp, msgauth_type, 0);
if (rsp != NULL) {
pkt = rsp;
auth = pkt_auth(req);
} else {
pkt = req;
}

msgauth = krad_packet_get_attr(pkt, msgauth_type, 0);
if (msgauth == NULL)
return ENODATA;

if (rsp != NULL)
retval = calculate_msgauth(secret, rsp, pkt_auth(req), signature);
else
retval = calculate_msgauth(secret, req, NULL, signature);
retval = calculate_msgauth(secret, pkt, auth, mac);
if (retval)
return retval;

if (msgauth->length != MD5_DIGEST_SIZE)
return EMSGSIZE;

if (k5_bcmp(signature, msgauth->data, MD5_DIGEST_SIZE) != 0)
if (k5_bcmp(mac, msgauth->data, MD5_DIGEST_SIZE) != 0)
return EBADMSG;

return 0;
Expand Down Expand Up @@ -648,27 +654,30 @@ krad_packet_decode_request(krb5_context ctx, const char *secret,
krb5_error_code retval;

retval = decode_packet(ctx, secret, buffer, reqpkt);
if (cb != NULL && retval == 0) {
while ((tmp = (*cb)(data, FALSE)) != NULL) {
if (pkt_id_get(*reqpkt) != pkt_id_get(tmp))
continue;
if (retval != 0)
return retval;

/* Verify Message-Authenticator if present. */
if (has_pkt_msgauth(tmp))
retval = verify_msgauth(secret, tmp, NULL);
else if (requires_msgauth(secret, pkt_code_get(tmp)))
retval = ENODATA;
/* Verify Message-Authenticator if present. */
if (has_pkt_msgauth(*reqpkt)) {
retval = verify_msgauth(secret, *reqpkt, NULL);
if (retval != 0)
return retval;
} else if (requires_msgauth(secret, pkt_code_get(*reqpkt))) {
return ENODATA;
}

break;
if (cb != NULL) {
while ((tmp = (*cb)(data, FALSE)) != NULL) {
if (pkt_id_get(*reqpkt) == pkt_id_get(tmp))
break;
}
}

if (cb != NULL && (retval != 0 || tmp != NULL))
(*cb)(data, TRUE);
if (tmp != NULL)
(*cb)(data, TRUE);
}

if (retval == 0)
*duppkt = tmp;
return retval;
*duppkt = tmp;
return 0;
}

krb5_error_code
Expand Down

0 comments on commit 8fc1bdd

Please sign in to comment.