Fix segfault when secret is exactly 32 bytes long.

[ppp.git] / pppd / chap_ms.c

diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c
index 05c6225a720612fe01afc43c917c59dd58a37ea3..e3dff968c038de706205bff8fb046778311eb28b 100644 (file)
--- a/pppd/chap_ms.c
+++ b/pppd/chap_ms.c
@@ -74,7 +74,7 @@
  *
  */
 
-#define RCSID  "$Id: chap_ms.c,v 1.34 2004/11/15 22:13:26 paulus Exp $"
+#define RCSID  "$Id: chap_ms.c,v 1.35 2006/05/21 07:23:15 paulus Exp $"
 
 #ifdef CHAPMS
 
@@ -98,7 +98,7 @@ static const char rcsid[] = RCSID;
 
 
 static void    ascii2unicode __P((char[], int, u_char[]));
-static void    NTPasswordHash __P((char *, int, u_char[MD4_SIGNATURE_SIZE]));
+static void    NTPasswordHash __P((u_char *, int, u_char[MD4_SIGNATURE_SIZE]));
 static void    ChallengeResponse __P((u_char *, u_char *, u_char[24]));
 static void    ChapMS_NT __P((u_char *, char *, int, u_char[24]));
 static void    ChapMS2_NT __P((u_char *, u_char[16], char *, char *, int,
@@ -507,7 +507,7 @@ ascii2unicode(char ascii[], int ascii_len, u_char unicode[])
 }
 
 static void
-NTPasswordHash(char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE])
+NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE])
 {
 #ifdef __NetBSD__
     /* NetBSD uses the libc md4 routines which take bytes instead of bits */
@@ -518,7 +518,13 @@ NTPasswordHash(char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE])
     MD4_CTX            md4Context;
 
     MD4Init(&md4Context);
-    MD4Update(&md4Context, (unsigned char *)secret, mdlen);
+    /* MD4Update can take at most 64 bytes at a time */
+    while (mdlen > 512) {
+       MD4Update(&md4Context, secret, 512);
+       secret += 64;
+       mdlen -= 512;
+    }
+    MD4Update(&md4Context, secret, mdlen);
     MD4Final(hash, &md4Context);
 
 }
@@ -532,7 +538,7 @@ ChapMS_NT(u_char *rchallenge, char *secret, int secret_len,
 
     /* Hash the Unicode version of the secret (== password). */
     ascii2unicode(secret, secret_len, unicodePassword);
-    NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash);
+    NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
 
     ChallengeResponse(rchallenge, PasswordHash, NTResponse);
 }
@@ -549,7 +555,7 @@ ChapMS2_NT(u_char *rchallenge, u_char PeerChallenge[16], char *username,
 
     /* Hash the Unicode version of the secret (== password). */
     ascii2unicode(secret, secret_len, unicodePassword);
-    NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash);
+    NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
 
     ChallengeResponse(Challenge, PasswordHash, NTResponse);
 }
@@ -637,8 +643,8 @@ GenerateAuthenticatorResponsePlain
 
     /* Hash (x2) the Unicode version of the secret (== password). */
     ascii2unicode(secret, secret_len, unicodePassword);
-    NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash);
-    NTPasswordHash((char *)PasswordHash, sizeof(PasswordHash),
+    NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
+    NTPasswordHash(PasswordHash, sizeof(PasswordHash),
                   PasswordHashHash);
 
     GenerateAuthenticatorResponse(PasswordHashHash, NTResponse, PeerChallenge,