From 2bd59d9cb3a50d0083ed9b8bda6970df62e39bca Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Mon, 15 Jan 2018 01:31:27 +0100
Subject: authsrv: fix chap

use OCHAPREPLYLEN instead of sizeof(reply) (no padding).

exit after sending ticket response to force eof as factotum
unconditionally reads tailing secret hash (as of mschap).
---
 sys/src/cmd/auth/authsrv.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'sys/src')

diff --git a/sys/src/cmd/auth/authsrv.c b/sys/src/cmd/auth/authsrv.c
index 23a6a38a2..be2505d1d 100644
--- a/sys/src/cmd/auth/authsrv.c
+++ b/sys/src/cmd/auth/authsrv.c
@@ -588,8 +588,9 @@ chap(Ticketreq *tr)
 	/*
 	 *  get chap reply
 	 */
-	if(readn(0, &reply, sizeof(reply)) < 0)
+	if(readn(0, &reply, OCHAPREPLYLEN) < 0)
 		exits(0);
+
 	safecpy(tr->uid, reply.uid, sizeof(tr->uid));
 	if(tr->uid[0] == 0)
 		exits(0);
@@ -625,6 +626,9 @@ chap(Ticketreq *tr)
 	tickauthreply(tr, &hkey);
 
 	syslog(0, AUTHLOG, "chap-ok %s %s", tr->uid, raddr);
+
+	/* no secret after ticket */
+	exits(0);
 }
 
 enum {
-- 
cgit v1.2.3