authsrv: fix chap

use OCHAPREPLYLEN instead of sizeof(reply) (no padding).

exit after sending ticket response to force eof as factotum
unconditionally reads tailing secret hash (as of mschap).

1 files changed, 5 insertions, 1 deletions

diff --git a/sys/src/cmd/auth/authsrv.c b/sys/src/cmd/auth/authsrv.c
index 23a6a38a2..be2505d1d 100644
--- a/sys/src/cmd/auth/authsrv.c
+++ b/sys/src/cmd/auth/authsrv.c
@@ -588,8 +588,9 @@ chap(Ticketreq *tr)
 	/*
 	 *  get chap reply
 	 */
-	if(readn(0, &reply, sizeof(reply)) < 0)
+	if(readn(0, &reply, OCHAPREPLYLEN) < 0)
 		exits(0);
+
 	safecpy(tr->uid, reply.uid, sizeof(tr->uid));
 	if(tr->uid[0] == 0)
 		exits(0);
@@ -625,6 +626,9 @@ chap(Ticketreq *tr)
 	tickauthreply(tr, &hkey);
 
 	syslog(0, AUTHLOG, "chap-ok %s %s", tr->uid, raddr);
+
+	/* no secret after ticket */
+	exits(0);
 }
 
 enum {