[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pppd MSCHAP authentication bug
- To: firstname.lastname@example.org
- Subject: pppd MSCHAP authentication bug
- From: Peter Balland <email@example.com>
- Date: Tue, 29 Jun 2004 14:37:07 -0700
- User-Agent: Mozilla Thunderbird 0.6 (X11/20040502)
I have rediscovered a bug in /usr/sbin/pppd provided in OpenBSD 3.4 and
have successfully demonstrated the bug and the fix on an i386 platform.
The bug has not been confirmed on 3.5
The bug is described in the last post here:
Briefly, the bug exists because of differences in the md4 routines used
on Linux and BSD.
I don't have access to the source right now, but if you grep for
'secret_len * 2 * 8' you will find the line quite easily. The fix is to
change this to 'secret_len * 2'
The fix should be attributed to the original poster rather than me; I
only read the post and confirmed it's validity.