In proxy_send(), if there is no realm to proxy the request to,

	then return an error.

	In rad_respond(), check if proxy_send() returns an error, and
	reject the request if so.

	Also, fix up a possible race condition in refresh_request(), where
	we were marking the request finished, and THEN still accessing it.

diff --git a/src/main/proxy.c b/src/main/proxy.c
index a2297ba..f5d8941 100644 (file)
--- a/src/main/proxy.c
+++ b/src/main/proxy.c
@@ -122,6 +122,14 @@ int proxy_send(REQUEST *request)
        char *realmname;
        int replicating;
 
+       /*
+        *      Not authentication or accounting.  Stop it.
+        */
+       if ((request->packet->code != PW_AUTHENTICATION_REQUEST) &&
+           (request->packet->code != PW_ACCOUNTING_REQUEST)) {
+         return -1;
+       }
+
        /* 
         *      The timestamp is used below to figure the
         *      next_try. The request needs to "hang around" until
@@ -169,7 +177,7 @@ int proxy_send(REQUEST *request)
         */
        realm = realm_find(realmname);
        if (realm == NULL) {
-               return 0;
+               return -1;
        }
 
        /*
@@ -253,7 +261,7 @@ int proxy_send(REQUEST *request)
        if (request->packet->code == PW_AUTHENTICATION_REQUEST) {
                request->proxy->dst_port = realm->auth_port;
                request->proxy->dst_ipaddr = realm->ipaddr;
-       } else {
+       } else if (request->packet->code == PW_ACCOUNTING_REQUEST) {
                request->proxy->dst_port = realm->acct_port;
                request->proxy->dst_ipaddr = realm->acct_ipaddr;
        }

diff --git a/src/main/radiusd.c b/src/main/radiusd.c
index 655709c..7597e56 100644 (file)
--- a/src/main/radiusd.c
+++ b/src/main/radiusd.c
@@ -1535,7 +1535,24 @@ int rad_respond(REQUEST *request, RAD_REQUEST_FUNP fun)
         */
        if (proxy_requests) {
                if (request->proxy == NULL) {
+                       /*
+                        *  Try to proxy this request.  Returns:
+                        *  -1: error, drop the request
+                        *   0: OK, but don't proxy it.
+                        *   1: OK, it's been proxied, don't do any more here.
+                        *   2: OK, it's been proxied to one or more servers.
+                        */
                        proxy_sent = proxy_send(request);
+
+                       /*
+                        *  There was an error trying to proxy the request.
+                        *  Drop it on the floor.
+                        */
+                       if (proxy_sent < 0) {
+                               DEBUG2("Error trying to proxy request %d: Rejecting it", request->number);
+                               rad_reject(request);
+                               goto finished_request;
+                       }
                        
                        /*
                         *  sent==1 means it's been proxied.  The child
@@ -1543,7 +1560,6 @@ int rad_respond(REQUEST *request, RAD_REQUEST_FUNP fun)
                         *  is NOT finished!
                         */
                        if (proxy_sent == 1) {
-                               finished = request->finished;
                                goto postpone_request;
                        }
                }
@@ -1630,7 +1646,6 @@ finished_request:
         *  by a thread.
         */
        if (proxy_sent) {
-               finished = request->finished;
                goto postpone_request;
        }
 
@@ -2476,9 +2491,9 @@ static int refresh_request(REQUEST *request, void *data)
         *  the request as finished, and go to the next one.
         */
        if (request->proxy_try_count == 0) {
-               request->finished = TRUE;
                rad_reject(request);
                realm_disable(request->proxy->dst_ipaddr);
+               request->finished = TRUE;
                goto setup_timeout;
        }