Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-02-21 03:23:04 -05:00
Code Issues Projects Releases Wiki Activity

Verify CHAP/MSCHAPv2 return code

Browse Source 
Check the return code in some (but not yet all) places where the
functions from ms_funcs.c are used.
This commit is contained in:
Jouni Malinen 2009-08-16 19:07:57 +03:00
parent ce78b289c4
commit c5f6ad5766
5 changed files with 56 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hostapd/nt_password_hash.c
View File

@ -43,7 +43,8 @@ int main(int argc, char *argv[])
password = buf; password = buf;
} }
nt_password_hash((u8 *) password, strlen(password), password_hash); if (nt_password_hash((u8 *) password, strlen(password), password_hash))
return -1;
for (i = 0; i < sizeof(password_hash); i++) for (i = 0; i < sizeof(password_hash); i++)
printf("%02x", password_hash[i]); printf("%02x", password_hash[i]);
printf("\n"); printf("\n");

28
src/eap_peer/eap_leap.c
View File

@ -233,10 +233,16 @@ static struct wpabuf * eap_leap_process_response(struct eap_sm *sm, void *priv,
os_memcpy(data->ap_response, pos, LEAP_RESPONSE_LEN); os_memcpy(data->ap_response, pos, LEAP_RESPONSE_LEN);
if (pwhash) { if (pwhash) {
hash_nt_password_hash(password, pw_hash_hash); if (hash_nt_password_hash(password, pw_hash_hash)) {
ret->ignore = TRUE;
return NULL;
}
} else { } else {
nt_password_hash(password, password_len, pw_hash); if (nt_password_hash(password, password_len, pw_hash) ||
hash_nt_password_hash(pw_hash, pw_hash_hash); hash_nt_password_hash(pw_hash, pw_hash_hash)) {
ret->ignore = TRUE;
return NULL;
}
} }
challenge_response(data->ap_challenge, pw_hash_hash, expected); challenge_response(data->ap_challenge, pw_hash_hash, expected);
@ -345,11 +351,17 @@ static u8 * eap_leap_getKey(struct eap_sm *sm, void *priv, size_t *len)
if (key == NULL) if (key == NULL)
return NULL; return NULL;
if (pwhash) if (pwhash) {
hash_nt_password_hash(password, pw_hash_hash); if (hash_nt_password_hash(password, pw_hash_hash)) {
else { os_free(key);
nt_password_hash(password, password_len, pw_hash); return NULL;
hash_nt_password_hash(pw_hash, pw_hash_hash); }
} else {
if (nt_password_hash(password, password_len, pw_hash) ||
hash_nt_password_hash(pw_hash, pw_hash_hash)) {
os_free(key);
return NULL;
}
} }
wpa_hexdump_key(MSG_DEBUG, "EAP-LEAP: pw_hash_hash", wpa_hexdump_key(MSG_DEBUG, "EAP-LEAP: pw_hash_hash",
pw_hash_hash, 16); pw_hash_hash, 16);

13
src/eap_peer/eap_mschapv2.c
View File

@ -209,10 +209,15 @@ static struct wpabuf * eap_mschapv2_challenge_reply(
"in Phase 1"); "in Phase 1");
auth_challenge = data->auth_challenge; auth_challenge = data->auth_challenge;
} }
mschapv2_derive_response(identity, identity_len, password, if (mschapv2_derive_response(identity, identity_len, password,
password_len, pwhash, auth_challenge, password_len, pwhash, auth_challenge,
peer_challenge, r->nt_response, peer_challenge, r->nt_response,
data->auth_response, data->master_key); data->auth_response, data->master_key)) {
wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to derive "
"response");
wpabuf_free(resp);
return NULL;
}
data->auth_response_valid = 1; data->auth_response_valid = 1;
data->master_key_valid = 1; data->master_key_valid = 1;

13
src/eap_peer/eap_ttls.c
View File

@ -691,10 +691,15 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
pos += EAP_TTLS_MSCHAPV2_CHALLENGE_LEN; pos += EAP_TTLS_MSCHAPV2_CHALLENGE_LEN;
os_memset(pos, 0, 8); /* Reserved, must be zero */ os_memset(pos, 0, 8); /* Reserved, must be zero */
pos += 8; pos += 8;
mschapv2_derive_response(identity, identity_len, password, if (mschapv2_derive_response(identity, identity_len, password,
password_len, pwhash, challenge, password_len, pwhash, challenge,
peer_challenge, pos, data->auth_response, peer_challenge, pos, data->auth_response,
data->master_key); data->master_key)) {
wpabuf_free(msg);
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
"response");
return -1;
}
data->auth_response_valid = 1; data->auth_response_valid = 1;
eap_ttlsv1_permute_inner(sm, data); eap_ttlsv1_permute_inner(sm, data);

26
src/eap_server/eap_mschapv2.c
View File

@ -295,6 +295,7 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
u8 expected[24]; u8 expected[24];
const u8 *username, *user; const u8 *username, *user;
size_t username_len, user_len; size_t username_len, user_len;
int res;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
&len); &len);
@ -372,17 +373,22 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
username, username_len); username, username_len);
if (sm->user->password_hash) { if (sm->user->password_hash) {
generate_nt_response_pwhash(data->auth_challenge, res = generate_nt_response_pwhash(data->auth_challenge,
peer_challenge, peer_challenge,
username, username_len, username, username_len,
sm->user->password, sm->user->password,
expected); expected);
} else { } else {
generate_nt_response(data->auth_challenge, peer_challenge, res = generate_nt_response(data->auth_challenge,
username, username_len, peer_challenge,
sm->user->password, username, username_len,
sm->user->password_len, sm->user->password,
expected); sm->user->password_len,
expected);
}
if (res) {
data->state = FAILURE;
return;
} }
if (os_memcmp(nt_response, expected, 24) == 0) { if (os_memcmp(nt_response, expected, 24) == 0) {