shithub: riscv

Download patch

ref: 2bd59d9cb3a50d0083ed9b8bda6970df62e39bca
parent: 87c2d23c8fa108f08cd5a5342d1e0c2c79497c17
author: cinap_lenrek <[email protected]>
date: Sun Jan 14 20:31:27 EST 2018

authsrv: fix chap

use OCHAPREPLYLEN instead of sizeof(reply) (no padding).

exit after sending ticket response to force eof as factotum
unconditionally reads tailing secret hash (as of mschap).

--- a/sys/src/cmd/auth/authsrv.c
+++ b/sys/src/cmd/auth/authsrv.c
@@ -588,8 +588,9 @@
 	/*
 	 *  get chap reply
 	 */
-	if(readn(0, &reply, sizeof(reply)) < 0)
+	if(readn(0, &reply, OCHAPREPLYLEN) < 0)
 		exits(0);
+
 	safecpy(tr->uid, reply.uid, sizeof(tr->uid));
 	if(tr->uid[0] == 0)
 		exits(0);
@@ -625,6 +626,9 @@
 	tickauthreply(tr, &hkey);
 
 	syslog(0, AUTHLOG, "chap-ok %s %s", tr->uid, raddr);
+
+	/* no secret after ticket */
+	exits(0);
 }
 
 enum {