From: Nicholas Bellinger Date: Fri, 13 Jun 2014 04:28:31 +0000 (+0000) Subject: iscsi-target; Enforce 1024 byte maximum for CHAP_C key value X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=e4fae2318b5ddd7aec0e65871f1b455b796cf33d;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git iscsi-target; Enforce 1024 byte maximum for CHAP_C key value This patch adds a check in chap_server_compute_md5() to enforce a 1024 byte maximum for the CHAP_C key value following the requirement in RFC-3720 Section 11.1.4: "..., C and R are large-binary-values and their binary length (not the length of the character string that represents them in encoded form) MUST not exceed 1024 bytes." Reported-by: rahul.rane Tested-by: rahul.rane Signed-off-by: Nicholas Bellinger --- diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c index 9430eea7c0d6..ab4915c0d933 100644 --- a/drivers/target/iscsi/iscsi_target_auth.c +++ b/drivers/target/iscsi/iscsi_target_auth.c @@ -355,6 +355,10 @@ static int chap_server_compute_md5( pr_err("Unable to convert incoming challenge\n"); goto out; } + if (challenge_len > 1024) { + pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n"); + goto out; + } /* * During mutual authentication, the CHAP_C generated by the * initiator must not match the original CHAP_C generated by