summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/ppp/ppp/radius.c30
1 files changed, 25 insertions, 5 deletions
diff --git a/usr.sbin/ppp/ppp/radius.c b/usr.sbin/ppp/ppp/radius.c
index bf27a3e0daa..b149b0c14e2 100644
--- a/usr.sbin/ppp/ppp/radius.c
+++ b/usr.sbin/ppp/ppp/radius.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: radius.c,v 1.20 2002/06/17 01:14:08 brian Exp $
+ * $OpenBSD: radius.c,v 1.21 2002/07/01 11:14:34 brian Exp $
*
*/
@@ -419,8 +419,18 @@ radius_Process(struct radius *r, int got)
if (len == 0)
r->errstr = NULL;
else {
- if ((r->errstr = rad_cvt_string((const char *)data + 1,
- len - 1)) == NULL) {
+ if (len < 3 || ((const char *)data)[1] != '=') {
+ /*
+ * Only point at the String field if we don't think the
+ * peer has misformatted the response.
+ */
+ ((const char *)data)++;
+ len--;
+ } else
+ log_Printf(LogWARN, "Warning: The MS-CHAP-Error "
+ "attribute is mis-formatted. Compensating\n");
+ if ((r->errstr = rad_cvt_string((const char *)data,
+ len)) == NULL) {
log_Printf(LogERROR, "rad_cvt_string: %s\n",
rad_strerror(r->cx.rad));
auth_Failure(r->cx.auth);
@@ -436,8 +446,18 @@ radius_Process(struct radius *r, int got)
if (len == 0)
r->msrepstr = NULL;
else {
- if ((r->msrepstr = rad_cvt_string((const char *)data + 1,
- len - 1)) == NULL) {
+ if (len < 3 || ((const char *)data)[1] != '=') {
+ /*
+ * Only point at the String field if we don't think the
+ * peer has misformatted the response.
+ */
+ ((const char *)data)++;
+ len--;
+ } else
+ log_Printf(LogWARN, "Warning: The MS-CHAP2-Success "
+ "attribute is mis-formatted. Compensating\n");
+ if ((r->msrepstr = rad_cvt_string((const char *)data,
+ len)) == NULL) {
log_Printf(LogERROR, "rad_cvt_string: %s\n",
rad_strerror(r->cx.rad));
auth_Failure(r->cx.auth);