From patchwork Tue Jul 26 14:18:08 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nick Lowe X-Patchwork-Id: 652777 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2001:1868:205::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3rzKxf0Rqwz9t15 for ; Wed, 27 Jul 2016 00:19:18 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=lugatech-com.20150623.gappssmtp.com header.i=@lugatech-com.20150623.gappssmtp.com header.b=yVWS0OSI; dkim-atps=neutral Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.85_2 #1 (Red Hat Linux)) id 1bS3Bu-0000LK-2s; Tue, 26 Jul 2016 14:18:38 +0000 Received: from mail-wm0-x241.google.com ([2a00:1450:400c:c09::241]) by bombadil.infradead.org with esmtps (Exim 4.85_2 #1 (Red Hat Linux)) id 1bS3Bn-0000Hy-IY for hostap@lists.infradead.org; Tue, 26 Jul 2016 14:18:36 +0000 Received: by mail-wm0-x241.google.com with SMTP id x83so1898952wma.3 for ; Tue, 26 Jul 2016 07:18:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lugatech-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=RqXIXd1r98SFs3ViXyXN7s6g7GTJk8II1oRKF09cymw=; b=yVWS0OSI43mABYfaoqQj6iNYQcJP20Fx66bJ9Yfw3flr6TCEHMMkL1oPwgEJ89BaoA j85BsvH+Y8I/Vm99+fYc6aLlctZiXdNvjx9oW/w8ocM7lOCmAy1YtNUou7F4qzA9oaix d6Qhzgl1K89i/YgQZMZaMqyh/M5ox7KzUAiHoQU3xcX2vLwkbNmYYrMoXwpNsszGSRkB YZFssv2rPQh418p3m/Qa6YRD2YD+jo2LBC3CBAdJtQZ15oFpBHSXdw7kbByVE+91r+tN RiaOmJWZWmHCIsAxxYg0fRH5JCUjXcmHbUnflasxQZsaMZg2rXI72mEfuOe7yZIr3E96 BhdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=RqXIXd1r98SFs3ViXyXN7s6g7GTJk8II1oRKF09cymw=; b=ZLKV55ysFjO82X9W95I4C534OEdvvbLaFubpZro3rerGojDs0CXgUonBI/uDKfP2O/ a3NNxMuzrD74hcSeYHmBzcjjDXk4bbkOPqG4L0+qHoPH37gc4cSGSE1z8pajVClk/SdR DsVrBHb5botJY4ostrftbG2iCQVZD/xcHKnmM34/t+D/3r1kBRpAFgKD40Gx2ywLPkug r/9g83fd3GOSvpfqk0ZYYCkYJOiIoxTUBr01SB0RB60+M5aogGeMyJ+wRQE5fr7mHZJ3 N4eJLhZDMXOtG8QU5CKRQaVD/iainhuTaqjWLPgJxnfzY1J9swBUU26Esx3zdMHwqwHx MmPQ== X-Gm-Message-State: AEkoouvEtGwGcAnjGOPtb27ywnUTZ5u/py2EmZBEqZizd+QdV3F9xKmBPm6cVHOl97Z7arwhPHJX2UU0/GGWvQ== X-Received: by 10.194.190.232 with SMTP id gt8mr21306981wjc.141.1469542688906; Tue, 26 Jul 2016 07:18:08 -0700 (PDT) MIME-Version: 1.0 Received: by 10.194.242.39 with HTTP; Tue, 26 Jul 2016 07:18:08 -0700 (PDT) X-Originating-IP: [81.133.41.11] From: Nick Lowe Date: Tue, 26 Jul 2016 15:18:08 +0100 Message-ID: Subject: [PATCH] Use a random initial value for next_radius_identifier so that the identifier is less likely to be reused when multiple hostapd instances are running that will appear to a RADIUS server as being from the same NAS. To: hostap@lists.infradead.org X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160726_071831_990434_13EDDB81 X-CRM114-Status: UNSURE ( 9.50 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -2.6 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.6 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2a00:1450:400c:c09:0:0:0:241 listed in] [list.dnswl.org] -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org [PATCH] Use a random initial value for next_radius_identifier so that the identifier is less likely to be reused when multiple hostapd instances are running that will appear to a RADIUS server as being from the same NAS. Signed-off-by: Nick Lowe --- src/radius/radius_client.c | 4 ++++ 1 file changed, 4 insertions(+) if (conf->auth_server && radius_client_init_auth(radius)) { radius_client_deinit(radius); diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c index a4edd5f..bfe42e1 100644 --- a/src/radius/radius_client.c +++ b/src/radius/radius_client.c @@ -1446,6 +1446,10 @@ radius_client_init(void *ctx, struct hostapd_radius_servers *conf) radius->auth_serv_sock = radius->acct_serv_sock = radius->auth_serv_sock6 = radius->acct_serv_sock6 = radius->auth_sock = radius->acct_sock = -1; + if (os_get_random((u8 *) &radius->next_radius_identifier, sizeof(radius->next_radius_identifier)) < 0) { + radius_client_deinit(radius); + return NULL; + }