[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pppd MSCHAP authentication bug

To: bugs@openbsd.org
Subject: pppd MSCHAP authentication bug
From: Peter Balland <pballand@llnl.gov>
Date: Tue, 29 Jun 2004 14:37:07 -0700
User-Agent: Mozilla Thunderbird 0.6 (X11/20040502)

I have rediscovered a bug in /usr/sbin/pppd provided in OpenBSD 3.4 and 
have successfully demonstrated the bug and the fix on an i386 platform.  
The bug has not been confirmed on 3.5

The bug is described in the last post here:
http://dbforums.com/arch/181/2002/5/358412

Briefly, the bug exists because of differences in the md4 routines used 
on Linux and BSD.

I don't have access to the source right now, but if you grep for 
'secret_len * 2 * 8' you will find the line quite easily.  The fix is to 
change this to 'secret_len * 2'

The fix should be attributed to the original poster rather than me; I 
only read the post and confirmed it's validity.

Thanks!!!!!
    Peter

Prev by Date: f.d.a appr.oved m.eds
Next by Date: corrected
Prev by thread: f.d.a appr.oved m.eds
Next by thread: corrected
Index(es):
- Date
- Thread