radclient fails to validate Message-Authenticator on Disconnect-ACK packets

Bug #1206367 reported by Martijn vdS
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
freeradius (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

When I send a "Disconnect-Request" to a Hostapd instance, it sends back a "Disconnect-ACK" packet with a Message-Authenticator set.

However, radclient thinks the value of this Message-Authenticator is invalid (because it doesn't check properly).

This bug has been fixed in upstream version 2.2.0.

A patch is discussed here:
http://freeradius.1045715.n5.nabble.com/radclient-and-Message-Authenticator-validation-td5689533.html

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: freeradius (not installed)
ProcVersionSignature: Ubuntu 3.10.0-5.14-generic 3.10.2
Uname: Linux 3.10.0-5-generic x86_64
ApportVersion: 2.11-0ubuntu1
Architecture: amd64
Date: Tue Jul 30 07:00:36 2013
InstallationDate: Installed on 2013-06-02 (57 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424)
MarkForUpload: True
SourcePackage: freeradius
UpgradeStatus: Upgraded to saucy on 2013-06-05 (54 days ago)

Revision history for this message
Martijn vdS (martijn) wrote :
Revision history for this message
Martijn vdS (martijn) wrote :

I send the packet like this (IP of the hostap instance is 10.0.0.2, Event-Timestamp is "current" when I try this, otherwise hostapd wouldn't send a Disconnect-ACK, but just not reply at all, this happened to me during some earlier debugging):

$ cat packet.txt
Acct-Session-Id=XXXXXXXX-XXXXXXX
<email address hidden>
Message-Authenticator=0
Event-Timestamp=1375159866

$ radclient -x 10.0.0.2:3799 disconnect 'SharedSecret' < packet.txt
Sending Disconnect-Request of id 176 to 10.0.0.2 port 3799
 Acct-Session-Id = "XXXXXXXX-XXXXXXX"
 User-Name = "<email address hidden>"
 Message-Authenticator = 0x00000000000000000000000000000000
 Event-Timestamp = "Jul 30 2013 06:51:06 CEST"
rad_recv: Disconnect-ACK packet from host 10.0.0.2 port 3799, id=176, length=44
rad_verify: Received packet from 10.0.0.2 with invalid Message-Authenticator! (Shared secret is incorrect.)

The last line is where the problem is: the incoming "Disconnect-ACK" isn't verified properly.

Changed in freeradius (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Oibaf (oibaf) wrote :

> This bug has been fixed in upstream version 2.2.0.
Xenial/16.04 and later has 2.2.8, so it should be fixed here.

Changed in freeradius (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.