Re: [PATCH] p5-Data-Radius: Fix Message-Authenticator calculations for ACCESS_CHALLENGE packets

Wed, 12 Feb 2025 00:13:09 -0800 

On 06.02.2025 - 09:47:42, Matthias Pitzl wrote:
> On 04.02.2025 - 14:59:52, Klemens Nanni wrote:
> > 04.02.2025 16:23, Matthias Pitzl пишет:
> > > Hi!
> > > 
> > > The current version of the Perl module contains a bug concerning the 
> > > message
> > > authenticator calculation for ACCESS_CHALLENGE replies (this type is 
> > > missing in
> > > the list of reply packet types).
> > > 
> > > The following diff fixes the problem.
> > > I also reported the bug upstream, so hopefully there will be a new 
> > > version of
> > > Data::Radius soon.
> > > 
> > > Index: Makefile
> > > ===================================================================
> > > RCS file: /mount/cvsdev/openbsd/cvs/ports/net/p5-Data-Radius/Makefile,v
> > > diff -u -p -r1.1.1.1 Makefile
> > > --- Makefile      3 Feb 2025 17:43:21 -0000       1.1.1.1
> > > +++ Makefile      4 Feb 2025 13:04:28 -0000
> > > @@ -2,6 +2,8 @@ COMMENT = module to encode/decode RADIUS
> > >  
> > >  DISTNAME =       Data-Radius-1.2.8
> > >  
> > > +REVISION =       1
> > 
> > Not an error, but REVISION starts at 0.
> 
> Fixed
> 
> > 
> > > +
> > >  CATEGORIES =     net
> > >  
> > >  # Artistic 2.0
> > > Index: patches/patch-lib_Data_Radius_Packet_pm
> > > ===================================================================
> > > RCS file: patches/patch-lib_Data_Radius_Packet_pm
> > > diff -N patches/patch-lib_Data_Radius_Packet_pm
> > > --- /dev/null     1 Jan 1970 00:00:00 -0000
> > > +++ patches/patch-lib_Data_Radius_Packet_pm       4 Feb 2025 13:04:11 
> > > -0000
> > 
> > Not required, but imho, a brief description and/or link to the upstream 
> > issue
> > would help.  Porters updating ports where patches change or got merged can
> > use this context instead of checking everything all over again or searching
> > commit messages for more information.
> > 
> 
> Added short comment with link to the CPAN bugreport.
> 
> > > @@ -0,0 +1,11 @@
> > > +--- lib/Data/Radius/Packet.pm.orig       Mon Jul 15 17:27:39 2024
> > > ++++ lib/Data/Radius/Packet.pm    Tue Feb  4 11:01:36 2025
> > > +@@ -31,7 +31,7 @@ use constant {
> > > + };
> > > + use constant ATTR_MSG_AUTH_ZERO => pack('C C', ATTR_MSG_AUTH, 
> > > ATTR_MSG_AUTH_LEN) . ("\x0" x (ATTR_MSG_AUTH_LEN - 2));
> > > + 
> > > +-my %IS_REPLY   = map { $_ => 1 } (ACCESS_ACCEPT, ACCESS_REJECT, 
> > > DISCONNECT_ACCEPT, DISCONNECT_REJECT, COA_ACCEPT, COA_REJECT);
> > > ++my %IS_REPLY   = map { $_ => 1 } (ACCESS_ACCEPT, ACCESS_CHALLENGE, 
> > > ACCESS_REJECT, DISCONNECT_ACCEPT, DISCONNECT_REJECT, COA_ACCEPT, 
> > > COA_REJECT);
> > > + my %IS_REQUEST = map { $_ => 1 } (ACCESS_REQUEST, ACCOUNTING_REQUEST, 
> > > DISCONNECT_REQUEST, COA_REQUEST);
> > > + 
> > > + my %IS_ACCOUNTING = map { $_ => 1 } (ACCOUNTING_REQUEST, 
> > > ACCOUNTING_RESPONSE);
> 
> Updated diff:
> Index: Makefile
> ===================================================================
> RCS file: /mount/cvsdev/openbsd/cvs/ports/net/p5-Data-Radius/Makefile,v
> diff -u -p -r1.1.1.1 Makefile
> --- Makefile  3 Feb 2025 17:43:21 -0000       1.1.1.1
> +++ Makefile  6 Feb 2025 08:43:24 -0000
> @@ -2,6 +2,8 @@ COMMENT =     module to encode/decode RADIUS
>  
>  DISTNAME =   Data-Radius-1.2.8
>  
> +REVISION =   0
> +
>  CATEGORIES = net
>  
>  # Artistic 2.0
> Index: patches/patch-lib_Data_Radius_Packet_pm
> ===================================================================
> RCS file: patches/patch-lib_Data_Radius_Packet_pm
> diff -N patches/patch-lib_Data_Radius_Packet_pm
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-lib_Data_Radius_Packet_pm   6 Feb 2025 08:44:53 -0000
> @@ -0,0 +1,15 @@
> +ACCESS_CHALLENGE is a valid RADIUS reply.
> +This also fixes the Message-Authenticator calculation for such packets.
> +See also https://rt.cpan.org/Public/Bug/Display.html?id=158764
> +
> +--- lib/Data/Radius/Packet.pm.orig   Mon Jul 15 17:27:39 2024
> ++++ lib/Data/Radius/Packet.pm        Tue Feb  4 11:01:36 2025
> +@@ -31,7 +31,7 @@ use constant {
> + };
> + use constant ATTR_MSG_AUTH_ZERO => pack('C C', ATTR_MSG_AUTH, 
> ATTR_MSG_AUTH_LEN) . ("\x0" x (ATTR_MSG_AUTH_LEN - 2));
> + 
> +-my %IS_REPLY   = map { $_ => 1 } (ACCESS_ACCEPT, ACCESS_REJECT, 
> DISCONNECT_ACCEPT, DISCONNECT_REJECT, COA_ACCEPT, COA_REJECT);
> ++my %IS_REPLY   = map { $_ => 1 } (ACCESS_ACCEPT, ACCESS_CHALLENGE, 
> ACCESS_REJECT, DISCONNECT_ACCEPT, DISCONNECT_REJECT, COA_ACCEPT, COA_REJECT);
> + my %IS_REQUEST = map { $_ => 1 } (ACCESS_REQUEST, ACCOUNTING_REQUEST, 
> DISCONNECT_REQUEST, COA_REQUEST);
> + 
> + my %IS_ACCOUNTING = map { $_ => 1 } (ACCOUNTING_REQUEST, 
> ACCOUNTING_RESPONSE);

Ok now?

Greetings,
Matthias

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to