iscsi-target; Enforce 1024 byte maximum for CHAP_C key value
This patch adds a check in chap_server_compute_md5() to enforce a 1024 byte maximum for the CHAP_C key value following the requirement in RFC-3720 Section 11.1.4: "..., C and R are large-binary-values and their binary length (not the length of the character string that represents them in encoded form) MUST not exceed 1024 bytes." Reported-by: rahul.rane <rahul.rane@calsoftinc.com> Tested-by: rahul.rane <rahul.rane@calsoftinc.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
This commit is contained in:
parent
b06eef6eab
commit
e4fae2318b
|
@ -355,6 +355,10 @@ static int chap_server_compute_md5(
|
|||
pr_err("Unable to convert incoming challenge\n");
|
||||
goto out;
|
||||
}
|
||||
if (challenge_len > 1024) {
|
||||
pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n");
|
||||
goto out;
|
||||
}
|
||||
/*
|
||||
* During mutual authentication, the CHAP_C generated by the
|
||||
* initiator must not match the original CHAP_C generated by
|
||||
|
|
Loading…
Reference in New Issue