aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMasashi Honma <honma@ictec.co.jp>2009-12-09 21:42:54 (GMT)
committerJouni Malinen <j@w1.fi>2010-01-09 18:56:56 (GMT)
commit23c70237be0ae79d3d11ce9d60d9977018c2f0dd (patch)
treed9eeddf6e14861e92190763b007e3d115d7949a1
parent77b438453294969ab641eec27189b9acf9139eca (diff)
downloadhostap-06-23c70237be0ae79d3d11ce9d60d9977018c2f0dd.zip
hostap-06-23c70237be0ae79d3d11ce9d60d9977018c2f0dd.tar.gz
hostap-06-23c70237be0ae79d3d11ce9d60d9977018c2f0dd.tar.bz2
EAP-TTLS/PAP: User-Password obfuscation for zero length password
The password in User-Password AVP is padded to a multiple of 16 bytes on EAP-TTLS/PAP. But when the password length is zero, no padding is added. It doesn't cause connectivity issue. In fact, I could connect with hostapd RADIUS server with zero length password. I think it's better for obfuscation to pad the 16 bytes data when the password length is zero with this patch. (cherry picked from commit bab31499fd0883be8614d807daa6e05da2f9f4f8)
-rw-r--r--src/eap_peer/eap_ttls.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index e1a0fbd..0851f8b 100644
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -842,7 +842,7 @@ static int eap_ttls_phase2_request_pap(struct eap_sm *sm,
/* User-Password; in RADIUS, this is encrypted, but EAP-TTLS encrypts
* the data, so no separate encryption is used in the AVP itself.
* However, the password is padded to obfuscate its length. */
- pad = (16 - (password_len & 15)) & 15;
+ pad = password_len == 0 ? 16 : (16 - (password_len & 15)) & 15;
pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_USER_PASSWORD, 0, 1,
password_len + pad);
os_memcpy(pos, password, password_len);