iscsi-target; Enforce 1024 byte maximum for CHAP_C key value

This patch adds a check in chap_server_compute_md5() to enforce a 1024 byte maximum for the CHAP_C key value following the requirement in RFC-3720 Section 11.1.4: "..., C and R are large-binary-values and their binary length (not the length of the character string that represents them in encoded form) MUST not exceed 1024 bytes." Reported-by: rahul.rane <rahul.rane@calsoftinc.com> Tested-by: rahul.rane <rahul.rane@calsoftinc.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

iscsi-target; Enforce 1024 byte maximum for CHAP_C key value
This patch adds a check in chap_server_compute_md5() to enforce a 1024 byte maximum for the CHAP_C key value following the requirement in RFC-3720 Section 11.1.4: "..., C and R are large-binary-values and their binary length (not the length of the character string that represents them in encoded form) MUST not exceed 1024 bytes." Reported-by: rahul.rane <rahul.rane@calsoftinc.com> Tested-by: rahul.rane <rahul.rane@calsoftinc.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Nicholas Bellinger
1 parent b06eef6eab
Showing 1 changed file with 4 additions and 0 deletions Side-by-side Diff
drivers/target/iscsi/iscsi_target_auth.c
@@ -355,6 +355,10 @@
 		pr_err("Unable to convert incoming challenge\n");
 		goto out;
 	}
+	if (challenge_len > 1024) {
+		pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n");
+		goto out;
+	}
 	/*
 	 * During mutual authentication, the CHAP_C generated by the
 	 * initiator must not match the original CHAP_C generated by
...	...	@@ -355,6 +355,10 @@
355	355	pr_err("Unable to convert incoming challenge\n");
356	356	goto out;
357	357	}
	358	+ if (challenge_len > 1024) {
	359	+ pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n");
	360	+ goto out;
	361	+ }
358	362	/*
359	363	* During mutual authentication, the CHAP_C generated by the
360	364	* initiator must not match the original CHAP_C generated by