Commit e4fae231 authored by Nicholas Bellinger's avatar Nicholas Bellinger

iscsi-target; Enforce 1024 byte maximum for CHAP_C key value

This patch adds a check in chap_server_compute_md5() to enforce a
1024 byte maximum for the CHAP_C key value following the requirement
in RFC-3720 Section 11.1.4:

   "..., C and R are large-binary-values and their binary length (not
   the length of the character string that represents them in encoded
   form) MUST not exceed 1024 bytes."
Reported-by: default avatarrahul.rane <rahul.rane@calsoftinc.com>
Tested-by: default avatarrahul.rane <rahul.rane@calsoftinc.com>
Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
parent b06eef6e
...@@ -355,6 +355,10 @@ static int chap_server_compute_md5( ...@@ -355,6 +355,10 @@ static int chap_server_compute_md5(
pr_err("Unable to convert incoming challenge\n"); pr_err("Unable to convert incoming challenge\n");
goto out; goto out;
} }
if (challenge_len > 1024) {
pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n");
goto out;
}
/* /*
* During mutual authentication, the CHAP_C generated by the * During mutual authentication, the CHAP_C generated by the
* initiator must not match the original CHAP_C generated by * initiator must not match the original CHAP_C generated by
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment