Commit e4fae2318b5ddd7aec0e65871f1b455b796cf33d
1 parent
b06eef6eab
iscsi-target; Enforce 1024 byte maximum for CHAP_C key value
This patch adds a check in chap_server_compute_md5() to enforce a 1024 byte maximum for the CHAP_C key value following the requirement in RFC-3720 Section 11.1.4: "..., C and R are large-binary-values and their binary length (not the length of the character string that represents them in encoded form) MUST not exceed 1024 bytes." Reported-by: rahul.rane <rahul.rane@calsoftinc.com> Tested-by: rahul.rane <rahul.rane@calsoftinc.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Showing 1 changed file with 4 additions and 0 deletions Side-by-side Diff
drivers/target/iscsi/iscsi_target_auth.c
... | ... | @@ -355,6 +355,10 @@ |
355 | 355 | pr_err("Unable to convert incoming challenge\n"); |
356 | 356 | goto out; |
357 | 357 | } |
358 | + if (challenge_len > 1024) { | |
359 | + pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n"); | |
360 | + goto out; | |
361 | + } | |
358 | 362 | /* |
359 | 363 | * During mutual authentication, the CHAP_C generated by the |
360 | 364 | * initiator must not match the original CHAP_C generated by |