don't use packet->vector for CHAP-Challenge

author Alan T. DeKok <aland@freeradius.org>

Sun, 11 Aug 2024 19:48:02 +0000 (15:48 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Sun, 11 Aug 2024 19:55:56 +0000 (15:55 -0400)
author Alan T. DeKok <aland@freeradius.org>
Sun, 11 Aug 2024 19:48:02 +0000 (15:48 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Sun, 11 Aug 2024 19:55:56 +0000 (15:55 -0400)
diff --git a/src/modules/rlm_chap/rlm_chap.c b/src/modules/rlm_chap/rlm_chap.c

index 770156e5666917114753a2976460ecd582b8837c..807162a6ba960e4e0f52663e7fc91912e8aa1fb0 100644 (file)
--- a/src/modules/rlm_chap/rlm_chap.c
+++ b/src/modules/rlm_chap/rlm_chap.c
@@ -157,10 +157,12 @@ static xlat_action_t xlat_func_chap_password(TALLOC_CTX *ctx, fr_dcursor_t *out,
             (env_data->chap_challenge.vb_length >= inst->min_challenge_len)) {
                 challenge = env_data->chap_challenge.vb_octets;
                 challenge_len = env_data->chap_challenge.vb_length;
+
         } else {
-               if (env_data->chap_challenge.type == FR_TYPE_OCTETS)
+               if (env_data->chap_challenge.type == FR_TYPE_OCTETS) {
                         RWDEBUG("&request.CHAP-Challenge shorter than minimum length (%ld)", inst->min_challenge_len);
-               challenge = request->packet->vector;
+               }
+               challenge = request->packet->data + 4;
                 challenge_len = RADIUS_AUTH_VECTOR_LENGTH;
         }
         fr_chap_encode(chap_password, (uint8_t)(fr_rand() & 0xff), challenge, challenge_len,
@@ -202,7 +204,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod
                 RDEBUG2("Creating %s from request authenticator", env_data->chap_challenge_tmpl->name);
  
                 MEM(vp = fr_pair_afrom_da(request->request_ctx, tmpl_attr_tail_da(env_data->chap_challenge_tmpl)));
-               fr_pair_value_memdup(vp, request->packet->vector, sizeof(request->packet->vector), true);
+               fr_pair_value_memdup(vp, request->packet->data + 4, RADIUS_AUTH_VECTOR_LENGTH, true);
                 fr_pair_append(&request->request_pairs, vp);
         }
  
@@ -288,9 +290,10 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result,
                 challenge = env_data->chap_challenge.vb_octets;
                 challenge_len = env_data->chap_challenge.vb_length;
         } else {
-               if (env_data->chap_challenge.type == FR_TYPE_OCTETS)
+               if (env_data->chap_challenge.type == FR_TYPE_OCTETS) {
                         RWDEBUG("&request.CHAP-Challenge shorter than minimum length (%ld)", inst->min_challenge_len);
-               challenge = request->packet->vector;
+               }
+               challenge = request->packet->data + 4;
                 challenge_len = RADIUS_AUTH_VECTOR_LENGTH;
         }
         fr_chap_encode(pass_str, env_data->chap_password.vb_octets[0], challenge, challenge_len,
@@ -311,8 +314,8 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result,
                         length = env_data->chap_challenge.vb_length;
                 } else {
                         RDEBUG2("Using challenge from authenticator field");
-                       p = request->packet->vector;
-                       length = sizeof(request->packet->vector);
+                       p = request->packet->data + 4;
+                       length = RADIUS_AUTH_VECTOR_LENGTH;
                 }
  
                 RINDENT();
diff --git a/src/modules/rlm_radius/rlm_radius.c b/src/modules/rlm_radius/rlm_radius.c

index 8c67924e0135b05aef61758c0f78f49f72468782..e91945713762de0b766dab8d1ca21b4a864c3567 100644 (file)
--- a/src/modules/rlm_radius/rlm_radius.c
+++ b/src/modules/rlm_radius/rlm_radius.c
@@ -28,6 +28,7 @@ RCSID("$Id$")
  #include <freeradius-devel/server/modpriv.h>
  #include <freeradius-devel/util/debug.h>
  #include <freeradius-devel/util/dlist.h>
+#include <freeradius-devel/util/chap.h>
  
  #include "rlm_radius.h"
  
@@ -384,7 +385,7 @@ static void radius_fixups(rlm_radius_t const *inst, request_t *request)
         if (fr_pair_find_by_da(&request->request_pairs, NULL, attr_chap_password) &&
             !fr_pair_find_by_da(&request->request_pairs, NULL, attr_chap_challenge)) {
                 MEM(pair_append_request(&vp, attr_chap_challenge) >= 0);
-               fr_pair_value_memdup(vp, request->packet->vector, sizeof(request->packet->vector), true);
+               fr_pair_value_memdup(vp, request->packet->data + 4, FR_CHAP_CHALLENGE_LENGTH, true);
         }
  }
author	Alan T. DeKok <aland@freeradius.org>
	Sun, 11 Aug 2024 19:48:02 +0000 (15:48 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Sun, 11 Aug 2024 19:55:56 +0000 (15:55 -0400)
src/modules/rlm_chap/rlm_chap.c		patch \| blob \| blame \| history
src/modules/rlm_radius/rlm_radius.c		patch \| blob \| blame \| history