Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
freeradius-server.14503
fc8662d7e_port.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fc8662d7e_port.patch of Package freeradius-server.14503
commit fc8662d7e827f630d515eaa0bddfa94754c8047f Author: Alan T. DeKok <aland@freeradius.org> Date: Tue Jul 4 10:12:09 2017 -0400 FR-GV-201 - check input / output length in make_secret() Index: freeradius-server-3.0.3/src/lib/radius.c =================================================================== --- freeradius-server-3.0.3.orig/src/lib/radius.c +++ freeradius-server-3.0.3/src/lib/radius.c @@ -503,17 +503,17 @@ static ssize_t rad_recvfrom(int sockfd, * */ static void make_secret(uint8_t *digest, uint8_t const *vector, - char const *secret, uint8_t const *value) + char const *secret, uint8_t const *value, size_t length) { FR_MD5_CTX context; - int i; + size_t i; fr_MD5Init(&context); fr_MD5Update(&context, vector, AUTH_VECTOR_LEN); fr_MD5Update(&context, (uint8_t const *) secret, strlen(secret)); fr_MD5Final(digest, &context); - for ( i = 0; i < AUTH_VECTOR_LEN; i++ ) { + for ( i = 0; i < length; i++ ) { digest[i] ^= value[i]; } } @@ -975,8 +975,8 @@ static ssize_t vp2data_any(RADIUS_PACKET * always fits. */ case FLAG_ENCRYPT_ASCEND_SECRET: - if (len != 16) return 0; - make_secret(ptr, packet->vector, secret, data); + if (len > AUTH_VECTOR_LEN) len = AUTH_VECTOR_LEN; + make_secret(ptr, packet->vector, secret, data, len); len = AUTH_VECTOR_LEN; break; @@ -3701,9 +3701,14 @@ ssize_t data2vp(RADIUS_PACKET *packet, goto raw; } else { uint8_t my_digest[AUTH_VECTOR_LEN]; + size_t secret_len; + + secret_len = datalen; + if (secret_len > AUTH_VECTOR_LEN) secret_len = AUTH_VECTOR_LEN; + make_secret(my_digest, original->vector, - secret, data); + secret, data, secret_len); memcpy(buffer, my_digest, AUTH_VECTOR_LEN ); buffer[AUTH_VECTOR_LEN] = '\0';
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor