shithub: riscv

Download patch

ref: e42981dfcfd7451bb8f122c366f024e877c3fab7
parent: 240ba73770ef98cfbbad9eddd6f445bf5cfec166
author: cinap_lenrek <[email protected]>
date: Sat Feb 15 14:57:13 EST 2014

factotum/authsrv: fix padding for mschap on amd64, use constants for structure sizes

--- a/sys/include/authsrv.h
+++ b/sys/include/authsrv.h
@@ -100,6 +100,7 @@
 	char	uid[ANAMELEN];
 	char	resp[OMD5LEN];
 };
+#define OCHAPREPLYLEN	(1+ANAMELEN+OMD5LEN)
 
 struct	OMSchapreply
 {
@@ -107,6 +108,7 @@
 	char	LMresp[24];		/* Lan Manager response */
 	char	NTresp[24];		/* NT response */
 };
+#define OMSCHAPREPLYLEN	(ANAMELEN+24+24)
 
 /*
  *  convert to/from wire format
--- a/sys/src/cmd/auth/authsrv.c
+++ b/sys/src/cmd/auth/authsrv.c
@@ -695,7 +695,7 @@
 	/*
 	 *  get chap reply
 	 */
-	if(readn(0, &reply, sizeof(reply)) < 0)
+	if(readn(0, &reply, OMSCHAPREPLYLEN) < 0)
 		exits(0);
 
 	/*
--- a/sys/src/cmd/auth/factotum/chap.c
+++ b/sys/src/cmd/auth/factotum/chap.c
@@ -24,6 +24,9 @@
 	MShashlen = 16,
 	MSchallen = 8,
 	MSresplen = 24,
+
+	Chapreplylen = MD5LEN+1,
+	MSchapreplylen = 24+24,
 };
 
 static int dochal(State *s);
@@ -198,10 +201,10 @@
 		default:
 			return failure(fss, "chap internal botch");
 		case AuthChap:
-			if(n != sizeof(*cr))
+			if(n < Chapreplylen)
 				return failure(fss, "did not get Chapreply");
 			cr = (Chapreply*)va;
-			nreply = sizeof(*ocr);
+			nreply = OCHAPREPLYLEN;
 			memset(reply, 0, nreply);
 			ocr = (OChapreply*)reply;
 			strecpy(ocr->uid, ocr->uid+sizeof(ocr->uid), s->user);
@@ -209,17 +212,17 @@
 			memmove(ocr->resp, cr->resp, sizeof(ocr->resp));
 			break;
 		case AuthMSchap:
-			if(n < sizeof(*mcr))
+			if(n < MSchapreplylen)
 				return failure(fss, "did not get MSchapreply");
-			if(n > sizeof(reply)+sizeof(*mcr)-sizeof(*omcr))
+			if(n > sizeof(reply)+MSchapreplylen-OMSCHAPREPLYLEN)
 				return failure(fss, "MSchapreply too long");
 			mcr = (MSchapreply*)va;
-			nreply = n+sizeof(*omcr)-sizeof(*mcr);
+			nreply = n+OMSCHAPREPLYLEN-MSchapreplylen;
 			memset(reply, 0, nreply);
 			omcr = (OMSchapreply*)reply;
 			strecpy(omcr->uid, omcr->uid+sizeof(omcr->uid), s->user);
 			memmove(omcr->LMresp, mcr->LMresp, sizeof(omcr->LMresp));
-			memmove(omcr->NTresp, mcr->NTresp, n+sizeof(mcr->NTresp)-sizeof(*mcr));
+			memmove(omcr->NTresp, mcr->NTresp, n+sizeof(mcr->NTresp)-MSchapreplylen);
 			break;
 		}
 		if(doreply(s, reply, nreply) < 0)
@@ -282,7 +285,7 @@
 	
 	memset(&s->tr, 0, sizeof(s->tr));
 	s->tr.type = s->astype;
-	safecpy(s->tr.authdom, dom, sizeof s->tr.authdom);
+	safecpy(s->tr.authdom, dom, sizeof(s->tr.authdom));
 	safecpy(s->tr.hostid, user, sizeof(s->tr.hostid));
 	convTR2M(&s->tr, trbuf);
 
@@ -488,7 +491,7 @@
 	MSchapreply *r;
 
 	r = (MSchapreply*)resp;
-	if(resplen < sizeof(*r))
+	if(resplen < MSchapreplylen)
 		return 0;
 
 	lmhash(hash, passwd);
@@ -497,7 +500,7 @@
 	nthash(hash, passwd);
 	mschalresp((uchar*)r->NTresp, hash, chal);
 
-	return sizeof(*r);
+	return MSchapreplylen;
 }
 
 static int