ppp: Permit CHAP challenges up to 255 bytes
RFC 1994 does not place any limit on the length of the value field in challenge messages except that the length is a single octet which bounds the maximum length to 255. NB: I'm not sure why the local[] and peer[] arrays contain room for an authentication name (AUTHLEN) in addition to a challenge value/response, but I've just left that in place. PR: 271955 Reported by: Robert Morris <rtm@lcs.mit.edu> Reviewed by: des Differential Revision: https://reviews.freebsd.org/D57138
This commit is contained in:
+2
-2
@@ -238,7 +238,7 @@ chap_BuildAnswer(char *name, char *key, u_char id, char *challenge
|
|||||||
MD5Init(&MD5context);
|
MD5Init(&MD5context);
|
||||||
MD5Update(&MD5context, &id, 1);
|
MD5Update(&MD5context, &id, 1);
|
||||||
MD5Update(&MD5context, key, klen);
|
MD5Update(&MD5context, key, klen);
|
||||||
MD5Update(&MD5context, challenge + 1, *challenge);
|
MD5Update(&MD5context, challenge + 1, (u_char)*challenge);
|
||||||
MD5Final(digest, &MD5context);
|
MD5Final(digest, &MD5context);
|
||||||
|
|
||||||
memcpy(digest + 16, name, nlen);
|
memcpy(digest + 16, name, nlen);
|
||||||
@@ -913,7 +913,7 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
|
|||||||
if (myans == NULL)
|
if (myans == NULL)
|
||||||
key = NULL;
|
key = NULL;
|
||||||
else {
|
else {
|
||||||
if (!chap_Cmp(myans + 1, *myans, ans + 1, alen
|
if (!chap_Cmp(myans + 1, (u_char)*myans, ans + 1, alen
|
||||||
#ifndef NODES
|
#ifndef NODES
|
||||||
, p->link.lcp.want_authtype, lanman
|
, p->link.lcp.want_authtype, lanman
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
+2
-2
@@ -48,8 +48,8 @@ struct chap {
|
|||||||
} child;
|
} child;
|
||||||
struct authinfo auth;
|
struct authinfo auth;
|
||||||
struct {
|
struct {
|
||||||
u_char local[CHAPCHALLENGELEN + AUTHLEN]; /* I invented this one */
|
u_char local[CHAPCHALLENGELEN + 1 + AUTHLEN]; /* I invented this one */
|
||||||
u_char peer[CHAPCHALLENGELEN + AUTHLEN]; /* Peer gave us this one */
|
u_char peer[CHAPCHALLENGELEN + 1 + AUTHLEN]; /* Peer gave us this one */
|
||||||
} challenge;
|
} challenge;
|
||||||
#ifndef NODES
|
#ifndef NODES
|
||||||
unsigned NTRespSent : 1; /* Our last response */
|
unsigned NTRespSent : 1; /* Our last response */
|
||||||
|
|||||||
+1
-1
@@ -58,7 +58,7 @@
|
|||||||
#define DEVICE_LEN SCRIPT_LEN /* Size of individual devices */
|
#define DEVICE_LEN SCRIPT_LEN /* Size of individual devices */
|
||||||
#define AUTHLEN 100 /* Size of authname/authkey */
|
#define AUTHLEN 100 /* Size of authname/authkey */
|
||||||
#define CHAPDIGESTLEN 100 /* Maximum chap digest */
|
#define CHAPDIGESTLEN 100 /* Maximum chap digest */
|
||||||
#define CHAPCHALLENGELEN 48 /* Maximum chap challenge */
|
#define CHAPCHALLENGELEN 255 /* Maximum chap challenge */
|
||||||
#define CHAPAUTHRESPONSELEN 48 /* Maximum chap authresponse (chap81) */
|
#define CHAPAUTHRESPONSELEN 48 /* Maximum chap authresponse (chap81) */
|
||||||
#define MAXARGS 40 /* How many args per config line */
|
#define MAXARGS 40 /* How many args per config line */
|
||||||
#define NCP_IDLE_TIMEOUT 180 /* Drop all links */
|
#define NCP_IDLE_TIMEOUT 180 /* Drop all links */
|
||||||
|
|||||||
Reference in New Issue
Block a user