iscsi-target; Enforce 1024 byte maximum for CHAP_C key value

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch adds a check in chap_server_compute_md5() to enforce a
1024 byte maximum for the CHAP_C key value following the requirement
in RFC-3720 Section 11.1.4:

"..., C and R are large-binary-values and their binary length (not
the length of the character string that represents them in encoded
form) MUST not exceed 1024 bytes."

Reported-by: rahul.rane <rahul.rane@calsoftinc.com>
Tested-by: rahul.rane <rahul.rane@calsoftinc.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

Nicholas Bellinger 11 years ago e4fae231 b06eef6e

1 changed file

expand all

drivers

target

iscsi

iscsi_target_auth.c

drivers/target/iscsi/iscsi_target_auth.c

··· 355 355 pr_err("Unable to convert incoming challenge\n"); 356 356 goto out; 357 357 } 358 + if (challenge_len > 1024) { 359 + pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n"); 360 + goto out; 361 + } 358 362 /* 359 363 * During mutual authentication, the CHAP_C generated by the 360 364 * initiator must not match the original CHAP_C generated by