diff options
author | joerg <joerg@FreeBSD.org> | 2001-03-25 09:53:07 +0000 |
---|---|---|
committer | joerg <joerg@FreeBSD.org> | 2001-03-25 09:53:07 +0000 |
commit | 28ec9af9483a1c93f561d336452ffb5d2547d2c7 (patch) | |
tree | 61550458ef56e9e339f9b88c0c09477c8372dcfe | |
parent | d8e320c72ce06955bb3b01cbe04e10270a87dfd2 (diff) | |
download | FreeBSD-src-28ec9af9483a1c93f561d336452ffb5d2547d2c7.zip FreeBSD-src-28ec9af9483a1c93f561d336452ffb5d2547d2c7.tar.gz |
This is another MFC candidate.
Fix a serious bug in sppp where anyone could obtain a successful PAP
authentication by supplying a null password. I've only stumpled across
the PR while browsing for all sppp-related PRs.
Should we also file a security advisory for this?
PR: 21592
Submitted by: <dli@3bc.de> Dirk Liebke
-rw-r--r-- | sys/net/if_spppsubr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c index 2e59072..d4bdcec 100644 --- a/sys/net/if_spppsubr.c +++ b/sys/net/if_spppsubr.c @@ -3448,8 +3448,8 @@ sppp_pap_input(struct sppp *sp, struct mbuf *m) sppp_print_string((char*)passwd, passwd_len); log(-1, ">\n"); } - if (name_len > AUTHNAMELEN || - passwd_len > AUTHKEYLEN || + if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || + passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || bcmp(name, sp->hisauth.name, name_len) != 0 || bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { /* action scn, tld */ |