[pptp-server] two bugs in pppd (mppe-patch)
Christian Boye
cboye at stud.uni-goettingen.de
Tue Dec 19 15:44:27 CST 2000
hi,
i have found two bugs in the pppd, more concrete in the
mppe-patch (pppd/chap_ms.c:ChapMS_v2_Auth) near line 326.
SHA1_Update(&Context, Magic2, sizeof(Magic2) - 1);
SHA1_Final(Digest, &Context);
- s = stpcpy(StrResponse, "S=");
+ s = strcpy(StrResponse, "S=");
+ s += 2;
for(i = 0; i < SHA_DIGEST_LENGTH; ++i) {
*s++ = HexDigs[Digest[i] >> 4];
*s++ = HexDigs[Digest[i] & 0x0F];
}
*s = '\0';
BCOPY(StrResponse, cstate->response, sizeof(StrResponse));
The function stpcpy is unknown and does not initialize the variable s.
It should be strcpy. But without 's += 2' the "S=" is overwritten by the
ASCII-digest.
Christian
--
Universitaet Goettingen - Internet-Hotline (Administration)
Platz der Goettinger Sieben 5, D-37073 Goettingen, Germany
Phone: +49-551-398392, E-Mail: cboye at stud.uni-goettingen.de
PGP-Key: http://www.stud.uni-goettingen.de/~cboye
More information about the pptp-server
mailing list