From: Masashi Honma <honma@ictec.co.jp>
Date: Wed, 9 Dec 2009 21:42:54 +0000 (+0200)
Subject: EAP-TTLS/PAP: User-Password obfuscation for zero length password
X-Git-Tag: hostap_0_7_1~373
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bab31499fd0883be8614d807daa6e05da2f9f4f8;p=thirdparty%2Fhostap.git

EAP-TTLS/PAP: User-Password obfuscation for zero length password

The password in User-Password AVP is padded to a multiple of 16 bytes
on EAP-TTLS/PAP. But when the password length is zero, no padding is
added. It doesn't cause connectivity issue. In fact, I could connect
with hostapd RADIUS server with zero length password.

I think it's better for obfuscation to pad the 16 bytes data when the
password length is zero with this patch.
---

diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index 800f1b57d..f93ba38f2 100644
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -846,7 +846,7 @@ static int eap_ttls_phase2_request_pap(struct eap_sm *sm,
 	/* User-Password; in RADIUS, this is encrypted, but EAP-TTLS encrypts
 	 * the data, so no separate encryption is used in the AVP itself.
 	 * However, the password is padded to obfuscate its length. */
-	pad = (16 - (password_len & 15)) & 15;
+	pad = password_len == 0 ? 16 : (16 - (password_len & 15)) & 15;
 	pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_USER_PASSWORD, 0, 1,
 			       password_len + pad);
 	os_memcpy(pos, password, password_len);