diff options
| author |   brian <brian@openbsd.org> | 2001-04-01 22:41:23 +0000 |
|---|---|---|
| committer | brian <brian@openbsd.org> | 2001-04-01 22:41:23 +0000 |
| commit | 0f2a0f5d7d36b1b9d58cf0461a9288de3690bc74 (patch) | |
| tree | 9e2d426838f04ef3bb9bad324d1b4cc711c8d75b | |
| parent | Add a macro to initialize the contents of a vmcmd set. (diff) | |
| download | wireguard-openbsd-0f2a0f5d7d36b1b9d58cf0461a9288de3690bc74.tar.xz wireguard-openbsd-0f2a0f5d7d36b1b9d58cf0461a9288de3690bc74.zip | |
Don't assume challenges and responses don't contain embedded '\0's.
Mschapv2 response generation may produce embedded NULs... causing
us to send a bogus response to the radius server and end up
failing the client's valid response.
Problem pointed out by: Eugene Vigovskiy <vigov@com2com.ru>
| -rw-r--r-- | usr.sbin/ppp/ppp/chap.c | 16 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/pap.c | 4 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/radius.c | 10 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/radius.h | 5 |
4 files changed, 16 insertions, 19 deletions
diff --git a/usr.sbin/ppp/ppp/chap.c b/usr.sbin/ppp/ppp/chap.c index 53c778ec53c..b84f0998158 100644 --- a/usr.sbin/ppp/ppp/chap.c +++ b/usr.sbin/ppp/ppp/chap.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $OpenBSD: chap.c,v 1.25 2000/11/07 23:32:04 brian Exp $ + * $OpenBSD: chap.c,v 1.26 2001/04/01 22:41:23 brian Exp $ * * TODO: */ @@ -810,16 +810,12 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) name = chap->auth.in.name; nlen = strlen(name); #ifndef NORADIUS - if (*bundle->radius.cfg.file) { - u_char end; - - end = chap->challenge.local[*chap->challenge.local+1]; - chap->challenge.local[*chap->challenge.local+1] = '\0'; + if (*bundle->radius.cfg.file) radius_Authenticate(&bundle->radius, &chap->auth, - chap->auth.in.name, ans, - chap->challenge.local + 1); - chap->challenge.local[*chap->challenge.local+1] = end; - } else + chap->auth.in.name, ans, alen + 1, + chap->challenge.local + 1, + *chap->challenge.local); + else #endif { key = auth_GetSecret(bundle, name, nlen, p); diff --git a/usr.sbin/ppp/ppp/pap.c b/usr.sbin/ppp/ppp/pap.c index 495e3f7d56b..d063bff8f07 100644 --- a/usr.sbin/ppp/ppp/pap.c +++ b/usr.sbin/ppp/ppp/pap.c @@ -18,7 +18,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $OpenBSD: pap.c,v 1.14 2000/07/19 11:06:35 brian Exp $ + * $OpenBSD: pap.c,v 1.15 2001/04/01 22:41:23 brian Exp $ * * TODO: */ @@ -249,7 +249,7 @@ pap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) #ifndef NORADIUS if (*bundle->radius.cfg.file) radius_Authenticate(&bundle->radius, authp, authp->in.name, - key, NULL); + key, strlen(key), NULL, 0); else #endif if (auth_Validate(bundle, authp->in.name, key, p)) diff --git a/usr.sbin/ppp/ppp/radius.c b/usr.sbin/ppp/ppp/radius.c index 4c961988752..3ea3def0fc3 100644 --- a/usr.sbin/ppp/ppp/radius.c +++ b/usr.sbin/ppp/ppp/radius.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: radius.c,v 1.11 2001/02/04 01:14:30 brian Exp $ + * $OpenBSD: radius.c,v 1.12 2001/04/01 22:41:23 brian Exp $ * */ @@ -368,7 +368,7 @@ radius_Destroy(struct radius *r) */ void radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, - const char *key, const char *challenge) + const char *key, int klen, const char *challenge, int clen) { struct ttyent *ttyp; struct timeval tv; @@ -416,14 +416,14 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, if (challenge != NULL) { /* We're talking CHAP */ - if (rad_put_string(r->cx.rad, RAD_CHAP_PASSWORD, key) != 0 || - rad_put_string(r->cx.rad, RAD_CHAP_CHALLENGE, challenge) != 0) { + if (rad_put_attr(r->cx.rad, RAD_CHAP_PASSWORD, key, klen) != 0 || + rad_put_attr(r->cx.rad, RAD_CHAP_CHALLENGE, challenge, clen) != 0) { log_Printf(LogERROR, "CHAP: rad_put_string: %s\n", rad_strerror(r->cx.rad)); rad_close(r->cx.rad); return; } - } else if (rad_put_string(r->cx.rad, RAD_USER_PASSWORD, key) != 0) { + } else if (rad_put_attr(r->cx.rad, RAD_USER_PASSWORD, key, klen) != 0) { /* We're talking PAP */ log_Printf(LogERROR, "PAP: rad_put_string: %s\n", rad_strerror(r->cx.rad)); rad_close(r->cx.rad); diff --git a/usr.sbin/ppp/ppp/radius.h b/usr.sbin/ppp/ppp/radius.h index cfa4297cb3d..c920c0169d4 100644 --- a/usr.sbin/ppp/ppp/radius.h +++ b/usr.sbin/ppp/ppp/radius.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: radius.h,v 1.5 2001/03/24 01:06:05 brian Exp $ + * $OpenBSD: radius.h,v 1.6 2001/04/01 22:41:23 brian Exp $ */ struct radius { @@ -65,7 +65,8 @@ extern void radius_Destroy(struct radius *); extern void radius_Show(struct radius *, struct prompt *); extern void radius_Authenticate(struct radius *, struct authinfo *, - const char *, const char *, const char *); + const char *, const char *, int, + const char *, int); extern void radius_Account(struct radius *, struct radacct *, struct datalink *, int, struct in_addr *, struct in_addr *, struct pppThroughput *); |