Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 86784c6b authored Nov 20, 2013 by Eric Seppanen Committed by Nicholas Bellinger Nov 20, 2013

iscsi-target: chap auth shouldn't match username with trailing garbage



In iSCSI negotiations with initiator CHAP enabled, usernames with
trailing garbage are permitted, because the string comparison only
checks the strlen of the configured username.

e.g. "usernameXXXXX" will be permitted to match "username".

Just check one more byte so the trailing null char is also matched.

Signed-off-by: Eric Seppanen <eric@purestorage.com>
Cc: <stable@vger.kernel.org> #3.1+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

parent 369653e4

drivers/target/iscsi/iscsi_target_auth.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -146,6 +146,7 @@ static int chap_server_compute_md5(
		unsigned char client_digest[MD5_SIGNATURE_SIZE];
		unsigned char server_digest[MD5_SIGNATURE_SIZE];
		unsigned char chap_n[MAX_CHAP_N_SIZE], chap_r[MAX_RESPONSE_LENGTH];
		size_t compare_len;
		struct iscsi_chap *chap = conn->auth_protocol;
		struct crypto_hash *tfm;
		struct hash_desc desc;
		@@ -184,7 +185,9 @@ static int chap_server_compute_md5(
		goto out;
		}

		if (memcmp(chap_n, auth->userid, strlen(auth->userid)) != 0) {
		/* Include the terminating NULL in the compare */
		compare_len = strlen(auth->userid) + 1;
		if (strncmp(chap_n, auth->userid, compare_len) != 0) {
		pr_err("CHAP_N values do not match!\n");
		goto out;
		}