Commit bc704fb5 authored by Nicholas Bellinger's avatar Nicholas Bellinger

iscsi-target: fix chap identifier simple_strtoul usage

This patch makes chap_server_compute_md5() use proper unsigned long
usage for the CHAP_I (identifier) and check for values beyond 255 as
per RFC-1994.
Reported-by: default avatarJoern Engel <joern@logfs.org>
Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
parent 8359cf43
...@@ -165,7 +165,8 @@ static int chap_server_compute_md5( ...@@ -165,7 +165,8 @@ static int chap_server_compute_md5(
unsigned int *nr_out_len) unsigned int *nr_out_len)
{ {
char *endptr; char *endptr;
unsigned char id, digest[MD5_SIGNATURE_SIZE]; unsigned long id;
unsigned char digest[MD5_SIGNATURE_SIZE];
unsigned char type, response[MD5_SIGNATURE_SIZE * 2 + 2]; unsigned char type, response[MD5_SIGNATURE_SIZE * 2 + 2];
unsigned char identifier[10], *challenge = NULL; unsigned char identifier[10], *challenge = NULL;
unsigned char *challenge_binhex = NULL; unsigned char *challenge_binhex = NULL;
...@@ -304,15 +305,18 @@ static int chap_server_compute_md5( ...@@ -304,15 +305,18 @@ static int chap_server_compute_md5(
goto out; goto out;
} }
/* FIXME: What happens when simple_strtoul() return 256, 257, etc.? */
if (type == HEX) if (type == HEX)
id = simple_strtoul(&identifier[2], &endptr, 0); id = simple_strtoul(&identifier[2], &endptr, 0);
else else
id = simple_strtoul(identifier, &endptr, 0); id = simple_strtoul(identifier, &endptr, 0);
if (id > 255) {
pr_err("chap identifier: %lu greater than 255\n", id);
goto out;
}
/* /*
* RFC 1994 says Identifier is no more than octet (8 bits). * RFC 1994 says Identifier is no more than octet (8 bits).
*/ */
pr_debug("[server] Got CHAP_I=%d\n", id); pr_debug("[server] Got CHAP_I=%lu\n", id);
/* /*
* Get CHAP_C. * Get CHAP_C.
*/ */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment