Don't assume challenges and responses don't contain embedded '\0's.

Mschapv2 response generation may produce embedded NULs... causing us to send a bogus response to the radius server and end up failing the client's valid response. Problem pointed out by: Eugene Vigovskiy <vigov@com2com.ru>
svn path=/head/; revision=75071
2001-04-01 22:39:17 +00:00 · 2001-04-01 22:39:17 +00:00 · 50ca6ec387 · 2020-12-20 02:59:44 +00:00
commit 50ca6ec387
parent 51f5329641
4 changed files with 12 additions and 15 deletions
--- a/usr.sbin/ppp/chap.c
+++ b/usr.sbin/ppp/chap.c
@ -810,16 +810,12 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
        name = chap->auth.in.name;
        nlen = strlen(name);
 #ifndef NORADIUS
-        if (*bundle->radius.cfg.file) {
-          u_char end;
-
-          end = chap->challenge.local[*chap->challenge.local+1];
-          chap->challenge.local[*chap->challenge.local+1] = '\0';
+        if (*bundle->radius.cfg.file)
          radius_Authenticate(&bundle->radius, &chap->auth,
-                              chap->auth.in.name, ans,
-                              chap->challenge.local + 1);
-          chap->challenge.local[*chap->challenge.local+1] = end;
-        } else
+                              chap->auth.in.name, ans, alen + 1,
+                              chap->challenge.local + 1,
+                              *chap->challenge.local);
+        else
 #endif
        {
          key = auth_GetSecret(bundle, name, nlen, p);
--- a/usr.sbin/ppp/pap.c
+++ b/usr.sbin/ppp/pap.c
@ -249,7 +249,7 @@ pap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
 #ifndef NORADIUS
      if (*bundle->radius.cfg.file)
        radius_Authenticate(&bundle->radius, authp, authp->in.name,
-                            key, NULL);
+                            key, strlen(key), NULL, 0);
      else
 #endif
      if (auth_Validate(bundle, authp->in.name, key, p))
--- a/usr.sbin/ppp/radius.c
+++ b/usr.sbin/ppp/radius.c
@ -368,7 +368,7 @@ radius_Destroy(struct radius *r)
 */
 void
 radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name,
-                    const char *key, const char *challenge)
+                    const char *key, int klen, const char *challenge, int clen)
 {
  struct ttyent *ttyp;
  struct timeval tv;
@ -416,14 +416,14 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name,

  if (challenge != NULL) {
    /* We're talking CHAP */
-    if (rad_put_string(r->cx.rad, RAD_CHAP_PASSWORD, key) != 0 ||
-        rad_put_string(r->cx.rad, RAD_CHAP_CHALLENGE, challenge) != 0) {
+    if (rad_put_attr(r->cx.rad, RAD_CHAP_PASSWORD, key, klen) != 0 ||
+        rad_put_attr(r->cx.rad, RAD_CHAP_CHALLENGE, challenge, clen) != 0) {
      log_Printf(LogERROR, "CHAP: rad_put_string: %s\n",
                 rad_strerror(r->cx.rad));
      rad_close(r->cx.rad);
      return;
    }
-  } else if (rad_put_string(r->cx.rad, RAD_USER_PASSWORD, key) != 0) {
+  } else if (rad_put_attr(r->cx.rad, RAD_USER_PASSWORD, key, klen) != 0) {
    /* We're talking PAP */
    log_Printf(LogERROR, "PAP: rad_put_string: %s\n", rad_strerror(r->cx.rad));
    rad_close(r->cx.rad);
--- a/usr.sbin/ppp/radius.h
+++ b/usr.sbin/ppp/radius.h
@ -65,7 +65,8 @@ extern void radius_Destroy(struct radius *);

 extern void radius_Show(struct radius *, struct prompt *);
 extern void radius_Authenticate(struct radius *, struct authinfo *,
-                                const char *, const char *, const char *);
+                                const char *, const char *, int,
+                                const char *, int);
 extern void radius_Account(struct radius *, struct radacct *, 
                           struct datalink *, int, struct in_addr *,
                           struct in_addr *, struct pppThroughput *);