aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
diff options
context:
space:
mode:
authorJohn Crispin <blogic@openwrt.org>2014-08-03 11:15:36 +0000
committerJohn Crispin <blogic@openwrt.org>2014-08-03 11:15:36 +0000
commit73e2be1336c9b94b07e9d5e2b32f0cd6a419a896 (patch)
tree451bd73eb55cc3f4d73f7d09d3748efa4a6c6d99 /package/network/services
parent21384340fad7e3eb63ab2e75c2974da87e498ebf (diff)
downloadupstream-73e2be1336c9b94b07e9d5e2b32f0cd6a419a896.tar.gz
upstream-73e2be1336c9b94b07e9d5e2b32f0cd6a419a896.tar.bz2
upstream-73e2be1336c9b94b07e9d5e2b32f0cd6a419a896.zip
ppp: fix a buffer overrun in the ms chap code
https://dev.openwrt.org/ticket/17296 Signed-off-by: John Crispin <blogic@openwrt.org> Backport of r41882 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@41966 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/network/services')
-rw-r--r--package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch13
1 files changed, 13 insertions, 0 deletions
diff --git a/package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch b/package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch
new file mode 100644
index 0000000000..acbf33b65a
--- /dev/null
+++ b/package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch
@@ -0,0 +1,13 @@
+Index: ppp-2.4.6/pppd/chap_ms.c
+===================================================================
+--- ppp-2.4.6.orig/pppd/chap_ms.c 2014-07-29 00:38:03.073968867 +0100
++++ ppp-2.4.6/pppd/chap_ms.c 2014-07-29 00:41:52.897964689 +0100
+@@ -382,7 +382,7 @@
+ unsigned char *private)
+ {
+ const struct chapms2_response_cache_entry *cache_entry;
+- unsigned char auth_response[MS_AUTH_RESPONSE_LENGTH];
++ unsigned char auth_response[MS_AUTH_RESPONSE_LENGTH+1];
+
+ challenge++; /* skip length, should be 16 */
+ *response++ = MS_CHAP2_RESPONSE_LEN;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 03:02:51 +0000