From c9e9c1c924e15f8a160499a9d9101459765eed6b Mon Sep 17 00:00:00 2001 From: yasuoka Date: Mon, 1 Jul 2024 03:31:29 +0000 Subject: [PATCH] Don't receive decoration when not requested. --- usr.sbin/radiusd/radiusd.c | 24 ++++++++++++++++++++++-- usr.sbin/radiusd/radiusd_local.h | 3 ++- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/usr.sbin/radiusd/radiusd.c b/usr.sbin/radiusd/radiusd.c index 28ade7d19d3..b0544ac9d9e 100644 --- a/usr.sbin/radiusd/radiusd.c +++ b/usr.sbin/radiusd/radiusd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusd.c,v 1.38 2024/07/01 03:29:21 yasuoka Exp $ */ +/* $OpenBSD: radiusd.c,v 1.39 2024/07/01 03:31:29 yasuoka Exp $ */ /* * Copyright (c) 2013, 2023 Internet Initiative Japan Inc. @@ -1275,6 +1275,14 @@ radiusd_module_imsg(struct radiusd_module *module, struct imsg *imsg) module->radpktoff = 0; switch (imsg->hdr.type) { case IMSG_RADIUSD_MODULE_REQDECO_DONE: + if (q->deco == NULL || q->deco->type != + IMSG_RADIUSD_MODULE_REQDECO) { + log_warnx("q=%u received %s " + "but not requested", q->id, typestr); + if (radpkt != NULL) + radius_delete_packet(radpkt); + break; + } if (radpkt != NULL) { radius_delete_packet(q->req); q->req = radpkt; @@ -1283,7 +1291,7 @@ radiusd_module_imsg(struct radiusd_module *module, struct imsg *imsg) break; case IMSG_RADIUSD_MODULE_ACCSREQ_ANSWER: if (radpkt == NULL) { - log_warn("q=%u wrong pkt from module", + log_warnx("q=%u wrong pkt from module", q->id); radiusd_access_request_aborted(q); break; @@ -1292,6 +1300,14 @@ radiusd_module_imsg(struct radiusd_module *module, struct imsg *imsg) radiusd_access_request_answer(q); break; case IMSG_RADIUSD_MODULE_RESDECO_DONE: + if (q->deco == NULL || q->deco->type != + IMSG_RADIUSD_MODULE_RESDECO) { + log_warnx("q=%u received %s but not " + "requested", q->id, typestr); + if (radpkt != NULL) + radius_delete_packet(radpkt); + break; + } if (radpkt != NULL) { radius_delete_packet(q->res); radius_set_request_packet(radpkt, @@ -1536,6 +1552,8 @@ radiusd_module_request_decoration(struct radiusd_module *module, radiusd_access_request_aborted(q); return; } + RADIUSD_ASSERT(q->deco != NULL); + q->deco->type = IMSG_RADIUSD_MODULE_REQDECO; radiusd_module_reset_ev_handler(module); } @@ -1563,6 +1581,8 @@ radiusd_module_response_decoration(struct radiusd_module *module, radiusd_access_request_aborted(q); return; } + RADIUSD_ASSERT(q->deco != NULL); + q->deco->type = IMSG_RADIUSD_MODULE_RESDECO; radiusd_module_reset_ev_handler(module); } diff --git a/usr.sbin/radiusd/radiusd_local.h b/usr.sbin/radiusd/radiusd_local.h index 5cc4b2230d7..7ead23e9d73 100644 --- a/usr.sbin/radiusd/radiusd_local.h +++ b/usr.sbin/radiusd/radiusd_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusd_local.h,v 1.7 2024/05/21 05:00:48 jsg Exp $ */ +/* $OpenBSD: radiusd_local.h,v 1.8 2024/07/01 03:31:29 yasuoka Exp $ */ /* * Copyright (c) 2013 Internet Initiative Japan Inc. @@ -85,6 +85,7 @@ struct radiusd_module { struct radiusd_module_ref { struct radiusd_module *module; + unsigned int type; TAILQ_ENTRY(radiusd_module_ref) next; }; -- 2.20.1