From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 6 Sep 2012 08:52:06 +0000 (+0200)
Subject: Corrected bug with NS-MTA-MD5 passwords.  Found by coverity.
X-Git-Tag: release_3_0_0_beta0~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7185343e0c2401ccb742fcda12fbd69dafedd219;p=thirdparty%2Ffreeradius-server.git

Corrected bug with NS-MTA-MD5 passwords.  Found by coverity.
---

diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
index 41d368b7a23..cda4636c822 100644
--- a/src/modules/rlm_pap/rlm_pap.c
+++ b/src/modules/rlm_pap/rlm_pap.c
@@ -515,7 +515,7 @@ static int pap_authenticate(void *instance, REQUEST *request)
 	fr_SHA1_CTX sha1_context;
 	uint8_t binbuf[128];
 	char charbuf[128];
-	char buff[MAX_STRING_LEN];
+	uint8_t buff[MAX_STRING_LEN];
 	char buff2[MAX_STRING_LEN + 50];
 	int scheme = PAP_ENC_INVALID;
 
@@ -829,9 +829,9 @@ static int pap_authenticate(void *instance, REQUEST *request)
 			fr_MD5Init(&md5_context);
 			fr_MD5Update(&md5_context, (uint8_t *) buff2,
 				     p - buff2);
-			fr_MD5Final(binbuf, &md5_context);
+			fr_MD5Final(buff, &md5_context);
 		}
-		if (rad_digest_cmp(binbuf, (uint8_t *) buff, 16) != 0) {
+		if (rad_digest_cmp(binbuf, buff, 16) != 0) {
 			snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: NS-MTA-MD5 password check failed");
 			goto make_msg;
 		}