[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-gnu-radius] Fix for RFC2868 problem in CVS version of radius
|
From: |
Maurice Makaay |
|
Subject: |
[Bug-gnu-radius] Fix for RFC2868 problem in CVS version of radius |
|
Date: |
Sun, 2 Nov 2003 02:40:40 +0100 |
Hi,
The RFC2868 implementation is not correct currently. It is now implemented
like this:
byte1 byte2 byte3 byte4 rest
+--------+--------+--------+--------+---------------------------
|tag |passlen |salt |salt |encrypted password ....
+--------+--------+--------+--------+---------------------------
But this should be:
byte1 byte2 byte3 rest
+--------+--------+--------+------------------------------------
|tag |salt |salt |encrypted passlen + password ....
+--------+--------+--------+------------------------------------
So the encrypted text contains of the password length concatenated with
the password string.
I attached a diff for cryptpass.c which fixes this bug. There's also a little
fix in the call for encrypt_text(). The salt is of type unsigned short in
crypt_tunnel_password() and of type unsigned char in encrypt_text(). This
resulted in a compiler warning.
With this patch applied I just successfully setup a tunnel connection, so
the encryption part is correct. I also updated the decryption part. I
think it is correct, but I haven't really tested it (following the invaluable
"It compiles, ship it!" philosophy ;-) and because I don't know how to test
this easily).
Regards,
-- Maurice Makaay
cryptpass.c.diff
Description: Text document
- [Bug-gnu-radius] Fix for RFC2868 problem in CVS version of radius,
Maurice Makaay <=