From: Paul Mackerras Date: Sun, 21 May 2006 07:23:15 +0000 (+0000) Subject: Fix segfault when secret is exactly 32 bytes long. X-Git-Tag: ppp-2.4.7~124 X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=commitdiff_plain;h=74fc0589bb4ec8f9e37711067cdc58dd5447cde5 Fix segfault when secret is exactly 32 bytes long. Also fixed a potential problem with secrets longer than 64 bytes, and fixed some signed/unsigned warnings in chap_ms.c. --- diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c index 05c6225..e3dff96 100644 --- a/pppd/chap_ms.c +++ b/pppd/chap_ms.c @@ -74,7 +74,7 @@ * */ -#define RCSID "$Id: chap_ms.c,v 1.34 2004/11/15 22:13:26 paulus Exp $" +#define RCSID "$Id: chap_ms.c,v 1.35 2006/05/21 07:23:15 paulus Exp $" #ifdef CHAPMS @@ -98,7 +98,7 @@ static const char rcsid[] = RCSID; static void ascii2unicode __P((char[], int, u_char[])); -static void NTPasswordHash __P((char *, int, u_char[MD4_SIGNATURE_SIZE])); +static void NTPasswordHash __P((u_char *, int, u_char[MD4_SIGNATURE_SIZE])); static void ChallengeResponse __P((u_char *, u_char *, u_char[24])); static void ChapMS_NT __P((u_char *, char *, int, u_char[24])); static void ChapMS2_NT __P((u_char *, u_char[16], char *, char *, int, @@ -507,7 +507,7 @@ ascii2unicode(char ascii[], int ascii_len, u_char unicode[]) } static void -NTPasswordHash(char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) +NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) { #ifdef __NetBSD__ /* NetBSD uses the libc md4 routines which take bytes instead of bits */ @@ -518,7 +518,13 @@ NTPasswordHash(char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) MD4_CTX md4Context; MD4Init(&md4Context); - MD4Update(&md4Context, (unsigned char *)secret, mdlen); + /* MD4Update can take at most 64 bytes at a time */ + while (mdlen > 512) { + MD4Update(&md4Context, secret, 512); + secret += 64; + mdlen -= 512; + } + MD4Update(&md4Context, secret, mdlen); MD4Final(hash, &md4Context); } @@ -532,7 +538,7 @@ ChapMS_NT(u_char *rchallenge, char *secret, int secret_len, /* Hash the Unicode version of the secret (== password). */ ascii2unicode(secret, secret_len, unicodePassword); - NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash); + NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); ChallengeResponse(rchallenge, PasswordHash, NTResponse); } @@ -549,7 +555,7 @@ ChapMS2_NT(u_char *rchallenge, u_char PeerChallenge[16], char *username, /* Hash the Unicode version of the secret (== password). */ ascii2unicode(secret, secret_len, unicodePassword); - NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash); + NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); ChallengeResponse(Challenge, PasswordHash, NTResponse); } @@ -637,8 +643,8 @@ GenerateAuthenticatorResponsePlain /* Hash (x2) the Unicode version of the secret (== password). */ ascii2unicode(secret, secret_len, unicodePassword); - NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash); - NTPasswordHash((char *)PasswordHash, sizeof(PasswordHash), + NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); + NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); GenerateAuthenticatorResponse(PasswordHashHash, NTResponse, PeerChallenge, diff --git a/pppd/md4.c b/pppd/md4.c index cda9f94..d943e88 100644 --- a/pppd/md4.c +++ b/pppd/md4.c @@ -249,7 +249,8 @@ unsigned int count; byte = count >> 3; bit = count & 7; /* Copy X into XX since we need to modify it */ - for (i=0;i<=byte;i++) XX[i] = X[i]; + if (count) + for (i=0;i<=byte;i++) XX[i] = X[i]; for (i=byte+1;i<64;i++) XX[i] = 0; /* Add padding '1' bit and low-order zeros in last byte */ mask = 1 << (7 - bit);