summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordu.net>2011-03-09 19:51:59 +0100
committerLinus Nordberg <linus@nordu.net>2011-03-09 19:51:59 +0100
commit11cf984f611e835c394deede450af9fd69434e30 (patch)
tree327ddee1b8ca5390912e83c3a6124a7852c29f85
parente92bfb068a357645de21a920362fe82ab6ec669f (diff)
Don't add Message-Authenticator more than once.
Retransmiting the packet showed that we added another Message-Authenticator attribute every time we sent it.
-rw-r--r--lib/packet.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/packet.c b/lib/packet.c
index e79268b..7b5ae2d 100644
--- a/lib/packet.c
+++ b/lib/packet.c
@@ -59,19 +59,25 @@ packet_do_send (struct rs_packet *pkt)
{
VALUE_PAIR *vp = NULL;
+ assert (pkt);
+ assert (pkt->conn);
+ assert (pkt->conn->active_peer);
+ assert (pkt->conn->active_peer->secret);
assert (pkt->rpkt);
- /* Add Message-Authenticator, RFC 2869. */
+ /* Add a Message-Authenticator, RFC 2869, if not already present. */
/* FIXME: Make Message-Authenticator optional? */
vp = paircreate (PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS);
if (!vp)
return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
"paircreate: %s", fr_strerror ());
- pairadd (&pkt->rpkt->vps, vp);
+ pairreplace (&pkt->rpkt->vps, vp);
+ /* Encode message. */
if (rad_encode (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
"rad_encode: %s", fr_strerror ());
+ /* Sign message. */
if (rad_sign (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
"rad_sign: %s", fr_strerror ());