diff options
| author | Eivind Næss <eivnaes@yahoo.com> | 2023-03-05 23:03:13 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-06 18:03:13 +1100 |
| commit | 3de4392234241ae91300854264864da213a49b10 (patch) | |
| tree | 3cb715ed260ba6d4e113d6f5671bb149e284cf28 | |
| parent | ba7f7e053daae846a54a1d08d3d133a5f1266ace (diff) | |
| download | ppp-3de4392234241ae91300854264864da213a49b10.tar.gz | |
Fix out-of-bounds accesses to ZPasswordHash arrays (#395)
* Add 'const' parameter to input arguments in crypto_ms.*
* Round ZPasswordHash buffers up to 24 bytes, as the DES MakeKey() function
accesses ZPasswordHash[21]
Closes github issue #392
[paulus@ozlabs.org - tidied up headline and commit message]
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
| -rw-r--r-- | pppd/chap_ms.c | 2 | ||||
| -rw-r--r-- | pppd/crypto_ms.c | 10 | ||||
| -rw-r--r-- | pppd/crypto_ms.h | 12 |
3 files changed, 12 insertions, 12 deletions
diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c index c34b6aa..d1e0cf8 100644 --- a/pppd/chap_ms.c +++ b/pppd/chap_ms.c @@ -509,7 +509,7 @@ ChallengeResponse(u_char *challenge, u_char *PasswordHash, u_char *response) { - u_char ZPasswordHash[21]; + u_char ZPasswordHash[24]; PPP_CIPHER_CTX *ctx; BZERO(ZPasswordHash, sizeof(ZPasswordHash)); diff --git a/pppd/crypto_ms.c b/pppd/crypto_ms.c index 81f3a76..a9ddd5f 100644 --- a/pppd/crypto_ms.c +++ b/pppd/crypto_ms.c @@ -125,7 +125,7 @@ MakeKey(const unsigned char *key, unsigned char *des_key) #include <openssl/evp.h> int -DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) +DesEncrypt(const unsigned char *clear, const unsigned char *key, unsigned char *cipher) { int retval = 0; unsigned int clen = 0; @@ -154,7 +154,7 @@ DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) } int -DesDecrypt(unsigned char *cipher, unsigned char *key, unsigned char *clear) +DesDecrypt(const unsigned char *cipher, const unsigned char *key, unsigned char *clear) { int retval = 0; unsigned int clen = 0; @@ -196,10 +196,10 @@ int test_encrypt() 0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26 }; - unsigned char ZPasswordHash[21] = { + unsigned char ZPasswordHash[24] = { 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE - }; + }; unsigned char expected[24] = { 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E, @@ -222,7 +222,7 @@ int test_decrypt() 0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26 }; - unsigned char ZPasswordHash[21] = { + unsigned char ZPasswordHash[24] = { 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE }; diff --git a/pppd/crypto_ms.h b/pppd/crypto_ms.h index 9083594..e9a039c 100644 --- a/pppd/crypto_ms.h +++ b/pppd/crypto_ms.h @@ -40,10 +40,10 @@ * This is the DES encrypt functions as described by RFC2759. * * Parameters: - * unsigned char *clear: + * const unsigned char *clear: * A 8 byte input array to be encrypted * - * unsigned char *key: + * const unsigned char *key: * A raw 7-byte array to be expanded to 8 with odd-parity * * unsigned char *cipher: @@ -51,17 +51,17 @@ * * DesEncrypt returns 1 on success */ -int DesEncrypt(unsigned char *clear, unsigned char *key, +int DesEncrypt(const unsigned char *clear, const unsigned char *key, unsigned char *cipher); /** * This is the DES decrypt functions as described by RFC2759. * * Parameters: - * unsigned char *cipher: + * const unsigned char *cipher: * A 8 byte input array to be decrypted * - * unsigned char *key: + * const unsigned char *key: * A raw 7-byte array to be expanded to a 8-byte key with odd-parity * * unsigned char *clear: @@ -69,7 +69,7 @@ int DesEncrypt(unsigned char *clear, unsigned char *key, * * DesDecrypt returns 1 on success */ -int DesDecrypt(unsigned char *cipher, unsigned char *key, +int DesDecrypt(const unsigned char *cipher, const unsigned char *key, unsigned char *clear); #endif /* PPP_PPPCRYPT_H */ |