Browse Source

ppp: fix a buffer overrun in the ms chap code

https://dev.openwrt.org/ticket/17296

Signed-off-by: John Crispin <blogic@openwrt.org>

Backport of r41882

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@41966 3c298f89-4303-0410-b956-a3cf2f4a3e73
test-seperate-ports
blogic 8 years ago
parent
commit
17419452a6
  1. 13
      package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch

13
package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch

@ -0,0 +1,13 @@
Index: ppp-2.4.6/pppd/chap_ms.c
===================================================================
--- ppp-2.4.6.orig/pppd/chap_ms.c 2014-07-29 00:38:03.073968867 +0100
+++ ppp-2.4.6/pppd/chap_ms.c 2014-07-29 00:41:52.897964689 +0100
@@ -382,7 +382,7 @@
unsigned char *private)
{
const struct chapms2_response_cache_entry *cache_entry;
- unsigned char auth_response[MS_AUTH_RESPONSE_LENGTH];
+ unsigned char auth_response[MS_AUTH_RESPONSE_LENGTH+1];
challenge++; /* skip length, should be 16 */
*response++ = MS_CHAP2_RESPONSE_LEN;
Loading…
Cancel
Save