aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorEric Seppanen <eric@purestorage.com>2013-11-20 17:19:52 -0500
committerNicholas Bellinger <nab@linux-iscsi.org>2013-11-21 01:03:57 -0500
commit86784c6bdeeef78eed94d298be7a8879f6a97ee2 (patch)
tree8a73f73d36e0051f0cf7a40ca85a3cae7375b0c6 /drivers
parent369653e4fb511928511b0ce81f41c812ff1f28b6 (diff)
iscsi-target: chap auth shouldn't match username with trailing garbage
In iSCSI negotiations with initiator CHAP enabled, usernames with trailing garbage are permitted, because the string comparison only checks the strlen of the configured username. e.g. "usernameXXXXX" will be permitted to match "username". Just check one more byte so the trailing null char is also matched. Signed-off-by: Eric Seppanen <eric@purestorage.com> Cc: <stable@vger.kernel.org> #3.1+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/target/iscsi/iscsi_target_auth.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c
index 164b87138faf..de77d9aa22c6 100644
--- a/drivers/target/iscsi/iscsi_target_auth.c
+++ b/drivers/target/iscsi/iscsi_target_auth.c
@@ -146,6 +146,7 @@ static int chap_server_compute_md5(
146 unsigned char client_digest[MD5_SIGNATURE_SIZE]; 146 unsigned char client_digest[MD5_SIGNATURE_SIZE];
147 unsigned char server_digest[MD5_SIGNATURE_SIZE]; 147 unsigned char server_digest[MD5_SIGNATURE_SIZE];
148 unsigned char chap_n[MAX_CHAP_N_SIZE], chap_r[MAX_RESPONSE_LENGTH]; 148 unsigned char chap_n[MAX_CHAP_N_SIZE], chap_r[MAX_RESPONSE_LENGTH];
149 size_t compare_len;
149 struct iscsi_chap *chap = conn->auth_protocol; 150 struct iscsi_chap *chap = conn->auth_protocol;
150 struct crypto_hash *tfm; 151 struct crypto_hash *tfm;
151 struct hash_desc desc; 152 struct hash_desc desc;
@@ -184,7 +185,9 @@ static int chap_server_compute_md5(
184 goto out; 185 goto out;
185 } 186 }
186 187
187 if (memcmp(chap_n, auth->userid, strlen(auth->userid)) != 0) { 188 /* Include the terminating NULL in the compare */
189 compare_len = strlen(auth->userid) + 1;
190 if (strncmp(chap_n, auth->userid, compare_len) != 0) {
188 pr_err("CHAP_N values do not match!\n"); 191 pr_err("CHAP_N values do not match!\n");
189 goto out; 192 goto out;
190 } 193 }