diff options
author | brian <brian@FreeBSD.org> | 2001-04-01 22:39:17 +0000 |
---|---|---|
committer | brian <brian@FreeBSD.org> | 2001-04-01 22:39:17 +0000 |
commit | 9e1dc5332d1757c528eaeac56798184e82839118 (patch) | |
tree | a2aa0ebd421ed7b70402cf5d3dc3be5cf390f150 /usr.sbin/ppp/radius.c | |
parent | 4cdbbd70f3a32d69b2b1eec231b8dcb52b4a0951 (diff) | |
download | FreeBSD-src-9e1dc5332d1757c528eaeac56798184e82839118.zip FreeBSD-src-9e1dc5332d1757c528eaeac56798184e82839118.tar.gz |
Don't assume challenges and responses don't contain embedded '\0's.
Mschapv2 response generation may produce embedded NULs... causing
us to send a bogus response to the radius server and end up
failing the client's valid response.
Problem pointed out by: Eugene Vigovskiy <vigov@com2com.ru>
Diffstat (limited to 'usr.sbin/ppp/radius.c')
-rw-r--r-- | usr.sbin/ppp/radius.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/usr.sbin/ppp/radius.c b/usr.sbin/ppp/radius.c index 79c81b0..14a7d1a 100644 --- a/usr.sbin/ppp/radius.c +++ b/usr.sbin/ppp/radius.c @@ -368,7 +368,7 @@ radius_Destroy(struct radius *r) */ void radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, - const char *key, const char *challenge) + const char *key, int klen, const char *challenge, int clen) { struct ttyent *ttyp; struct timeval tv; @@ -416,14 +416,14 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, if (challenge != NULL) { /* We're talking CHAP */ - if (rad_put_string(r->cx.rad, RAD_CHAP_PASSWORD, key) != 0 || - rad_put_string(r->cx.rad, RAD_CHAP_CHALLENGE, challenge) != 0) { + if (rad_put_attr(r->cx.rad, RAD_CHAP_PASSWORD, key, klen) != 0 || + rad_put_attr(r->cx.rad, RAD_CHAP_CHALLENGE, challenge, clen) != 0) { log_Printf(LogERROR, "CHAP: rad_put_string: %s\n", rad_strerror(r->cx.rad)); rad_close(r->cx.rad); return; } - } else if (rad_put_string(r->cx.rad, RAD_USER_PASSWORD, key) != 0) { + } else if (rad_put_attr(r->cx.rad, RAD_USER_PASSWORD, key, klen) != 0) { /* We're talking PAP */ log_Printf(LogERROR, "PAP: rad_put_string: %s\n", rad_strerror(r->cx.rad)); rad_close(r->cx.rad); |