abc/lwip
1
0
Fork 0
mirror of https://git.savannah.nongnu.org/git/lwip.git synced 2026-06-24 14:23:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

PPP: remove casts from unsigned (strlen return value) to signed when checking auth

Browse Source 
In theory, if provided username or password is over 0x80000000 byte long
(err...), casts to signed integer of strlen() return values is going to
return negative values breaking lengths checks.

Fix it by only using unsigned integer or size_t (guaranteed to be
unsigned) comparisons.
This commit is contained in:
Sylvain Rochet
2020-10-16 21:16:05 +02:00
parent 49bbc2d4bf
commit 729b3da96d
2 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/include/netif/ppp/ppp_impl.h
View File

@@ -559,7 +559,7 @@ void start_networks(ppp_pcb *pcb); /* start all the network control protos */
void continue_networks(ppp_pcb *pcb); /* start network [ip, etc] control protos */
#if PPP_AUTH_SUPPORT
#if PPP_SERVER
int auth_check_passwd(ppp_pcb *pcb, char *auser, int userlen, char *apasswd, int passwdlen, const char **msg, int *msglen);
int auth_check_passwd(ppp_pcb *pcb, char *auser, unsigned int userlen, char *apasswd, unsigned int passwdlen, const char **msg, int *msglen);
/* check the user name and passwd against configuration */
void auth_peer_fail(ppp_pcb *pcb, int protocol);
/* peer failed to authenticate itself */