diff options
| author | Eivind Næss <eivnaes@yahoo.com> | 2023-03-05 23:03:13 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-06 18:03:13 +1100 |
| commit | 3de4392234241ae91300854264864da213a49b10 (patch) | |
| tree | 3cb715ed260ba6d4e113d6f5671bb149e284cf28 /pppd/chap_ms.c | |
| parent | ba7f7e053daae846a54a1d08d3d133a5f1266ace (diff) | |
| download | ppp-3de4392234241ae91300854264864da213a49b10.tar.gz | |
Fix out-of-bounds accesses to ZPasswordHash arrays (#395)
* Add 'const' parameter to input arguments in crypto_ms.*
* Round ZPasswordHash buffers up to 24 bytes, as the DES MakeKey() function
accesses ZPasswordHash[21]
Closes github issue #392
[paulus@ozlabs.org - tidied up headline and commit message]
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Diffstat (limited to 'pppd/chap_ms.c')
| -rw-r--r-- | pppd/chap_ms.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c index c34b6aa..d1e0cf8 100644 --- a/pppd/chap_ms.c +++ b/pppd/chap_ms.c @@ -509,7 +509,7 @@ ChallengeResponse(u_char *challenge, u_char *PasswordHash, u_char *response) { - u_char ZPasswordHash[21]; + u_char ZPasswordHash[24]; PPP_CIPHER_CTX *ctx; BZERO(ZPasswordHash, sizeof(ZPasswordHash)); |