From: Nick Porter Date: Wed, 30 Aug 2023 08:22:14 +0000 (+0100) Subject: Add vector_len to fr_radius_encode_chap_password X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ceb76d252a53fec1848e9a3e8d7f383b83e9b3b;p=thirdparty%2Ffreeradius-server.git Add vector_len to fr_radius_encode_chap_password To allow for variable length challenges --- diff --git a/src/bin/radclient.c b/src/bin/radclient.c index 3f0db6b495b..6efb74fb601 100644 --- a/src/bin/radclient.c +++ b/src/bin/radclient.c @@ -1052,7 +1052,7 @@ static int send_one_packet(rc_request_t *request) } fr_radius_encode_chap_password(buffer, - fr_rand() & 0xff, vector, + fr_rand() & 0xff, vector, RADIUS_AUTH_VECTOR_LENGTH, request->password->vp_strvalue, request->password->vp_length); fr_pair_value_memdup(vp, buffer, sizeof(buffer), false); diff --git a/src/modules/rlm_chap/rlm_chap.c b/src/modules/rlm_chap/rlm_chap.c index 2c6aa0bacd3..b504f72f38b 100644 --- a/src/modules/rlm_chap/rlm_chap.c +++ b/src/modules/rlm_chap/rlm_chap.c @@ -97,7 +97,7 @@ static xlat_action_t xlat_func_chap_password(TALLOC_CTX *ctx, fr_dcursor_t *out, } else { vector = request->packet->vector; } - fr_radius_encode_chap_password(chap_password, (uint8_t)(fr_rand() & 0xff), vector, + fr_radius_encode_chap_password(chap_password, (uint8_t)(fr_rand() & 0xff), vector, RADIUS_AUTH_VECTOR_LENGTH, in_head->vb_strvalue, in_head->vb_length); MEM(vb = fr_value_box_alloc_null(ctx)); @@ -224,7 +224,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, } else { vector = request->packet->vector; } - fr_radius_encode_chap_password(pass_str, chap->vp_octets[0], vector, + fr_radius_encode_chap_password(pass_str, chap->vp_octets[0], vector, RADIUS_AUTH_VECTOR_LENGTH, known_good->vp_strvalue, known_good->vp_length); /* diff --git a/src/protocols/radius/encode.c b/src/protocols/radius/encode.c index db8d13c7e70..b6c813e2715 100644 --- a/src/protocols/radius/encode.c +++ b/src/protocols/radius/encode.c @@ -46,11 +46,12 @@ static ssize_t encode_child(fr_dbuff_t *dbuff, * @param[out] out An output buffer of 17 bytes (id + digest). * @param[in] id CHAP ID, a random ID for request/response matching. * @param[in] vector from the original packet or challenge attribute. + * @param[in] vector_len Length of the vector. * @param[in] password Input password to hash. * @param[in] password_len Length of input password. */ void fr_radius_encode_chap_password(uint8_t out[static 1 + RADIUS_CHAP_CHALLENGE_LENGTH], - uint8_t id, uint8_t const vector[static RADIUS_AUTH_VECTOR_LENGTH], + uint8_t id, uint8_t const *vector, size_t vector_len, char const *password, size_t password_len) { fr_md5_ctx_t *md5_ctx; @@ -63,7 +64,7 @@ void fr_radius_encode_chap_password(uint8_t out[static 1 + RADIUS_CHAP_CHALLENGE fr_md5_update(md5_ctx, (uint8_t const *)&id, 1); fr_md5_update(md5_ctx, (uint8_t const *)password, password_len); - fr_md5_update(md5_ctx, vector, RADIUS_AUTH_VECTOR_LENGTH); + fr_md5_update(md5_ctx, vector, vector_len); out[0] = id; fr_md5_final(out + 1, md5_ctx); fr_md5_ctx_free_from_list(&md5_ctx); diff --git a/src/protocols/radius/radius.h b/src/protocols/radius/radius.h index e92cb7216b6..11817b969ab 100644 --- a/src/protocols/radius/radius.h +++ b/src/protocols/radius/radius.h @@ -191,8 +191,8 @@ ssize_t fr_radius_decode_abinary(fr_pair_t *vp, uint8_t const *data, size_t dat * protocols/radius/encode.c */ void fr_radius_encode_chap_password(uint8_t out[static 1 + RADIUS_CHAP_CHALLENGE_LENGTH], - uint8_t id, uint8_t const vector[static RADIUS_AUTH_VECTOR_LENGTH], - char const *password, size_t password_len) CC_HINT(nonnull(1,3,4)); + uint8_t id, uint8_t const *vector, size_t vector_len, + char const *password, size_t password_len) CC_HINT(nonnull(1,3,5)); ssize_t fr_radius_encode_pair(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, void *encode_ctx);