diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2014-02-15 19:57:13 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2014-02-15 19:57:13 +0100 |
| commit | e42981dfcfd7451bb8f122c366f024e877c3fab7 (patch) | |
| tree | c20f7869744348ab02c7ccfbc3d33c2813ec1722 /sys | |
| parent | 240ba73770ef98cfbbad9eddd6f445bf5cfec166 (diff) | |
factotum/authsrv: fix padding for mschap on amd64, use constants for structure sizes
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/include/authsrv.h | 2 | ||||
| -rw-r--r-- | sys/src/cmd/auth/authsrv.c | 2 | ||||
| -rw-r--r-- | sys/src/cmd/auth/factotum/chap.c | 21 |
3 files changed, 15 insertions, 10 deletions
diff --git a/sys/include/authsrv.h b/sys/include/authsrv.h index 41ef56a3a..79805fea2 100644 --- a/sys/include/authsrv.h +++ b/sys/include/authsrv.h @@ -100,6 +100,7 @@ struct OChapreply char uid[ANAMELEN]; char resp[OMD5LEN]; }; +#define OCHAPREPLYLEN (1+ANAMELEN+OMD5LEN) struct OMSchapreply { @@ -107,6 +108,7 @@ struct OMSchapreply char LMresp[24]; /* Lan Manager response */ char NTresp[24]; /* NT response */ }; +#define OMSCHAPREPLYLEN (ANAMELEN+24+24) /* * convert to/from wire format diff --git a/sys/src/cmd/auth/authsrv.c b/sys/src/cmd/auth/authsrv.c index 7e1542587..8255b02ee 100644 --- a/sys/src/cmd/auth/authsrv.c +++ b/sys/src/cmd/auth/authsrv.c @@ -695,7 +695,7 @@ mschap(Ticketreq *tr) /* * get chap reply */ - if(readn(0, &reply, sizeof(reply)) < 0) + if(readn(0, &reply, OMSCHAPREPLYLEN) < 0) exits(0); /* diff --git a/sys/src/cmd/auth/factotum/chap.c b/sys/src/cmd/auth/factotum/chap.c index 4d8a2819e..6430dce43 100644 --- a/sys/src/cmd/auth/factotum/chap.c +++ b/sys/src/cmd/auth/factotum/chap.c @@ -24,6 +24,9 @@ enum { MShashlen = 16, MSchallen = 8, MSresplen = 24, + + Chapreplylen = MD5LEN+1, + MSchapreplylen = 24+24, }; static int dochal(State *s); @@ -198,10 +201,10 @@ chapwrite(Fsstate *fss, void *va, uint n) default: return failure(fss, "chap internal botch"); case AuthChap: - if(n != sizeof(*cr)) + if(n < Chapreplylen) return failure(fss, "did not get Chapreply"); cr = (Chapreply*)va; - nreply = sizeof(*ocr); + nreply = OCHAPREPLYLEN; memset(reply, 0, nreply); ocr = (OChapreply*)reply; strecpy(ocr->uid, ocr->uid+sizeof(ocr->uid), s->user); @@ -209,17 +212,17 @@ chapwrite(Fsstate *fss, void *va, uint n) memmove(ocr->resp, cr->resp, sizeof(ocr->resp)); break; case AuthMSchap: - if(n < sizeof(*mcr)) + if(n < MSchapreplylen) return failure(fss, "did not get MSchapreply"); - if(n > sizeof(reply)+sizeof(*mcr)-sizeof(*omcr)) + if(n > sizeof(reply)+MSchapreplylen-OMSCHAPREPLYLEN) return failure(fss, "MSchapreply too long"); mcr = (MSchapreply*)va; - nreply = n+sizeof(*omcr)-sizeof(*mcr); + nreply = n+OMSCHAPREPLYLEN-MSchapreplylen; memset(reply, 0, nreply); omcr = (OMSchapreply*)reply; strecpy(omcr->uid, omcr->uid+sizeof(omcr->uid), s->user); memmove(omcr->LMresp, mcr->LMresp, sizeof(omcr->LMresp)); - memmove(omcr->NTresp, mcr->NTresp, n+sizeof(mcr->NTresp)-sizeof(*mcr)); + memmove(omcr->NTresp, mcr->NTresp, n+sizeof(mcr->NTresp)-MSchapreplylen); break; } if(doreply(s, reply, nreply) < 0) @@ -282,7 +285,7 @@ dochal(State *s) memset(&s->tr, 0, sizeof(s->tr)); s->tr.type = s->astype; - safecpy(s->tr.authdom, dom, sizeof s->tr.authdom); + safecpy(s->tr.authdom, dom, sizeof(s->tr.authdom)); safecpy(s->tr.hostid, user, sizeof(s->tr.hostid)); convTR2M(&s->tr, trbuf); @@ -488,7 +491,7 @@ domschap(char *passwd, uchar chal[MSchallen], uchar *resp, int resplen) MSchapreply *r; r = (MSchapreply*)resp; - if(resplen < sizeof(*r)) + if(resplen < MSchapreplylen) return 0; lmhash(hash, passwd); @@ -497,7 +500,7 @@ domschap(char *passwd, uchar chal[MSchallen], uchar *resp, int resplen) nthash(hash, passwd); mschalresp((uchar*)r->NTresp, hash, chal); - return sizeof(*r); + return MSchapreplylen; } static int |