From 8d3f839da7387bcd14f809e80f7da20d0a5e6d29 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Tue, 29 Jul 2014 12:18:52 +0000 Subject: ppp: fix a buffer overrun in the ms chap code https://dev.openwrt.org/ticket/17296 Signed-off-by: John Crispin SVN-Revision: 41882 --- .../services/ppp/patches/520-ms_chap_buffer_overrun.patch | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch (limited to 'package') diff --git a/package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch b/package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch new file mode 100644 index 0000000000..acbf33b65a --- /dev/null +++ b/package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch @@ -0,0 +1,13 @@ +Index: ppp-2.4.6/pppd/chap_ms.c +=================================================================== +--- ppp-2.4.6.orig/pppd/chap_ms.c 2014-07-29 00:38:03.073968867 +0100 ++++ ppp-2.4.6/pppd/chap_ms.c 2014-07-29 00:41:52.897964689 +0100 +@@ -382,7 +382,7 @@ + unsigned char *private) + { + const struct chapms2_response_cache_entry *cache_entry; +- unsigned char auth_response[MS_AUTH_RESPONSE_LENGTH]; ++ unsigned char auth_response[MS_AUTH_RESPONSE_LENGTH+1]; + + challenge++; /* skip length, should be 16 */ + *response++ = MS_CHAP2_RESPONSE_LEN; -- cgit v1.2.3