diff options
| author | brian <brian@FreeBSD.org> | 2002-07-02 00:47:24 +0000 |
|---|---|---|
| committer | brian <brian@FreeBSD.org> | 2002-07-02 00:47:24 +0000 |
| commit | a8c83ef89cf64a832b01495ea3732c11e7b20990 (patch) | |
| tree | 8a1fcd2ca50d758a81bc21d0af8dbe94afedb523 /usr.sbin | |
| parent | c90db9b98a019d3e885f508def1c15ad103c90d6 (diff) | |
| download | FreeBSD-src-a8c83ef89cf64a832b01495ea3732c11e7b20990.zip FreeBSD-src-a8c83ef89cf64a832b01495ea3732c11e7b20990.tar.gz | |
Don't trust the MPPE key lengths passed back from the RADIUS server.
Instead, use the correct values based on the number of bits actually
negotiated.
Spotted by: Sergey Korolew <ds@rt.balakovo.ru>
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/ppp/mppe.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/usr.sbin/ppp/mppe.c b/usr.sbin/ppp/mppe.c index 2d55ee4..606ad0f 100644 --- a/usr.sbin/ppp/mppe.c +++ b/usr.sbin/ppp/mppe.c @@ -691,7 +691,8 @@ MPPEInitInput(struct bundle *bundle, struct fsm_opt *o) #ifndef NORADIUS if (*bundle->radius.cfg.file && bundle->radius.mppe.recvkey) { - mip->keylen = bundle->radius.mppe.recvkeylen; + if (mip->keylen > bundle->radius.mppe.recvkeylen) + mip->keylen = bundle->radius.mppe.recvkeylen; if (mip->keylen > sizeof mip->mastkey) mip->keylen = sizeof mip->mastkey; memcpy(mip->mastkey, bundle->radius.mppe.recvkey, mip->keylen); @@ -746,7 +747,8 @@ MPPEInitOutput(struct bundle *bundle, struct fsm_opt *o) #ifndef NORADIUS if (*bundle->radius.cfg.file && bundle->radius.mppe.sendkey) { - mop->keylen = bundle->radius.mppe.sendkeylen; + if (mop->keylen > bundle->radius.mppe.sendkeylen) + mop->keylen = bundle->radius.mppe.sendkeylen; if (mop->keylen > sizeof mop->mastkey) mop->keylen = sizeof mop->mastkey; memcpy(mop->mastkey, bundle->radius.mppe.sendkey, mop->keylen); |
