diff options
| author | Paul Mackerras <paulus@samba.org> | 2006-05-21 07:23:15 +0000 |
|---|---|---|
| committer | Paul Mackerras <paulus@samba.org> | 2006-05-21 07:23:15 +0000 |
| commit | 74fc0589bb4ec8f9e37711067cdc58dd5447cde5 (patch) | |
| tree | a0cf9544fcfafee7cc0167c01b7e728d262d9178 /pppd/chap_ms.c | |
| parent | a89d7bd8e80c08aa0793e523ffcc5ca5af9d03e2 (diff) | |
| download | ppp-74fc0589bb4ec8f9e37711067cdc58dd5447cde5.tar.gz | |
Fix segfault when secret is exactly 32 bytes long.
Also fixed a potential problem with secrets longer than 64
bytes, and fixed some signed/unsigned warnings in chap_ms.c.
Diffstat (limited to 'pppd/chap_ms.c')
| -rw-r--r-- | pppd/chap_ms.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c index 05c6225..e3dff96 100644 --- a/pppd/chap_ms.c +++ b/pppd/chap_ms.c @@ -74,7 +74,7 @@ * */ -#define RCSID "$Id: chap_ms.c,v 1.34 2004/11/15 22:13:26 paulus Exp $" +#define RCSID "$Id: chap_ms.c,v 1.35 2006/05/21 07:23:15 paulus Exp $" #ifdef CHAPMS @@ -98,7 +98,7 @@ static const char rcsid[] = RCSID; static void ascii2unicode __P((char[], int, u_char[])); -static void NTPasswordHash __P((char *, int, u_char[MD4_SIGNATURE_SIZE])); +static void NTPasswordHash __P((u_char *, int, u_char[MD4_SIGNATURE_SIZE])); static void ChallengeResponse __P((u_char *, u_char *, u_char[24])); static void ChapMS_NT __P((u_char *, char *, int, u_char[24])); static void ChapMS2_NT __P((u_char *, u_char[16], char *, char *, int, @@ -507,7 +507,7 @@ ascii2unicode(char ascii[], int ascii_len, u_char unicode[]) } static void -NTPasswordHash(char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) +NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) { #ifdef __NetBSD__ /* NetBSD uses the libc md4 routines which take bytes instead of bits */ @@ -518,7 +518,13 @@ NTPasswordHash(char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) MD4_CTX md4Context; MD4Init(&md4Context); - MD4Update(&md4Context, (unsigned char *)secret, mdlen); + /* MD4Update can take at most 64 bytes at a time */ + while (mdlen > 512) { + MD4Update(&md4Context, secret, 512); + secret += 64; + mdlen -= 512; + } + MD4Update(&md4Context, secret, mdlen); MD4Final(hash, &md4Context); } @@ -532,7 +538,7 @@ ChapMS_NT(u_char *rchallenge, char *secret, int secret_len, /* Hash the Unicode version of the secret (== password). */ ascii2unicode(secret, secret_len, unicodePassword); - NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash); + NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); ChallengeResponse(rchallenge, PasswordHash, NTResponse); } @@ -549,7 +555,7 @@ ChapMS2_NT(u_char *rchallenge, u_char PeerChallenge[16], char *username, /* Hash the Unicode version of the secret (== password). */ ascii2unicode(secret, secret_len, unicodePassword); - NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash); + NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); ChallengeResponse(Challenge, PasswordHash, NTResponse); } @@ -637,8 +643,8 @@ GenerateAuthenticatorResponsePlain /* Hash (x2) the Unicode version of the secret (== password). */ ascii2unicode(secret, secret_len, unicodePassword); - NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash); - NTPasswordHash((char *)PasswordHash, sizeof(PasswordHash), + NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); + NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); GenerateAuthenticatorResponse(PasswordHashHash, NTResponse, PeerChallenge, |