This is another MFC candidate.

Fix a serious bug in sppp where anyone could obtain a successful PAP
authentication by supplying a null password.  I've only stumpled across
the PR while browsing for all sppp-related PRs.

Should we also file a security advisory for this?

PR:		21592
Submitted by:	<dli@3bc.de> Dirk Liebke
This commit is contained in:
Joerg Wunsch
2001-03-25 09:53:07 +00:00
parent b7a441ca87
commit 728eb83bf2
+2 -2
View File
@@ -3448,8 +3448,8 @@ sppp_pap_input(struct sppp *sp, struct mbuf *m)
sppp_print_string((char*)passwd, passwd_len);
log(-1, ">\n");
}
if (name_len > AUTHNAMELEN ||
passwd_len > AUTHKEYLEN ||
if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) ||
passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) ||
bcmp(name, sp->hisauth.name, name_len) != 0 ||
bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
/* action scn, tld */