This is another MFC candidate.
Fix a serious bug in sppp where anyone could obtain a successful PAP authentication by supplying a null password. I've only stumpled across the PR while browsing for all sppp-related PRs. Should we also file a security advisory for this? PR: 21592 Submitted by: <dli@3bc.de> Dirk Liebke
This commit is contained in:
@@ -3448,8 +3448,8 @@ sppp_pap_input(struct sppp *sp, struct mbuf *m)
|
||||
sppp_print_string((char*)passwd, passwd_len);
|
||||
log(-1, ">\n");
|
||||
}
|
||||
if (name_len > AUTHNAMELEN ||
|
||||
passwd_len > AUTHKEYLEN ||
|
||||
if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) ||
|
||||
passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) ||
|
||||
bcmp(name, sp->hisauth.name, name_len) != 0 ||
|
||||
bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
|
||||
/* action scn, tld */
|
||||
|
||||
Reference in New Issue
Block a user