if (min_length >= sizeof(buffer)) return; /* paranoia */
+ rad_assert((vp->da->type == PW_TYPE_OCTETS) || (vp->da->type == PW_TYPE_STRING));
+
/*
* Hex encoding.
*/
if (vp->length >= (2 * min_length)) {
size_t decoded;
- decoded = fr_hex2bin(buffer, vp->vp_strvalue, sizeof(buffer));
+
+ decoded = fr_hex2bin(buffer, sizeof(buffer), vp->vp_strvalue, vp->length);
if (decoded == (vp->length >> 1)) {
RDEBUG2("Normalizing %s from hex encoding, %zu bytes -> %zu bytes",
vp->da->name, vp->length, decoded);
return RLM_MODULE_INVALID;
}
- fr_MD5Init(&md5_context);
- fr_MD5Update(&md5_context, request->password->vp_octets,
+ fr_md5_init(&md5_context);
+ fr_md5_update(&md5_context, request->password->vp_octets,
request->password->length);
- fr_MD5Final(digest, &md5_context);
+ fr_md5_final(digest, &md5_context);
if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) {
REDEBUG("MD5 digest does not match \"known good\" digest");
return RLM_MODULE_INVALID;
}
- fr_MD5Init(&md5_context);
- fr_MD5Update(&md5_context, request->password->vp_octets,
+ fr_md5_init(&md5_context);
+ fr_md5_update(&md5_context, request->password->vp_octets,
request->password->length);
- fr_MD5Update(&md5_context, &vp->vp_octets[16], vp->length - 16);
- fr_MD5Final(digest, &md5_context);
+ fr_md5_update(&md5_context, &vp->vp_octets[16], vp->length - 16);
+ fr_md5_final(digest, &md5_context);
/*
* Compare only the MD5 hash results, not the salt.
return RLM_MODULE_INVALID;
}
- fr_SHA1Init(&sha1_context);
- fr_SHA1Update(&sha1_context, request->password->vp_octets,
+ fr_sha1_init(&sha1_context);
+ fr_sha1_update(&sha1_context, request->password->vp_octets,
request->password->length);
- fr_SHA1Final(digest,&sha1_context);
+ fr_sha1_final(digest,&sha1_context);
if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) {
REDEBUG("SHA1 digest does not match \"known good\" digest");
return RLM_MODULE_INVALID;
}
- fr_SHA1Init(&sha1_context);
- fr_SHA1Update(&sha1_context, request->password->vp_octets,
+ fr_sha1_init(&sha1_context);
+ fr_sha1_update(&sha1_context, request->password->vp_octets,
request->password->length);
- fr_SHA1Update(&sha1_context, &vp->vp_octets[20], vp->length - 20);
- fr_SHA1Final(digest,&sha1_context);
+ fr_sha1_update(&sha1_context, &vp->vp_octets[20], vp->length - 20);
+ fr_sha1_final(digest,&sha1_context);
if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) {
REDEBUG("SSHA digest does not match \"known good\" digest");
{
uint8_t digest[16];
char charbuf[32 + 1];
+ ssize_t len;
RDEBUG("Comparing with \"known-good\" NT-Password");
return RLM_MODULE_INVALID;
}
- if (radius_xlat(charbuf, sizeof(charbuf), request, "%{mschap:NT-Hash %{User-Password}}", NULL, NULL) < 0){
+ len = radius_xlat(charbuf, sizeof(charbuf), request, "%{mschap:NT-Hash %{User-Password}}", NULL, NULL);
+ if (len < 0) {
return RLM_MODULE_REJECT;
}
- if ((fr_hex2bin(digest, charbuf, sizeof(digest)) != vp->length) ||
+ if ((fr_hex2bin(digest, sizeof(digest), charbuf, len) != vp->length) ||
(rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) {
REDEBUG("NT digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
{
uint8_t digest[16];
char charbuf[32 + 1];
+ ssize_t len;
RDEBUG("Comparing with \"known-good\" LM-Password");
return RLM_MODULE_INVALID;
}
- if (radius_xlat(charbuf, sizeof(charbuf), request, "%{mschap:LM-Hash %{User-Password}}", NULL, NULL) < 0){
+ len = radius_xlat(charbuf, sizeof(charbuf), request, "%{mschap:LM-Hash %{User-Password}}", NULL, NULL);
+ if (len < 0){
return RLM_MODULE_FAIL;
}
- if ((fr_hex2bin(digest, charbuf, sizeof(digest)) != vp->length) ||
+ if ((fr_hex2bin(digest, sizeof(digest), charbuf, len) != vp->length) ||
(rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) {
REDEBUG("LM digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
/*
* Sanity check the value of NS-MTA-MD5-Password
*/
- if (fr_hex2bin(digest, vp->vp_strvalue, 32) != 16) {
+ if (fr_hex2bin(digest, sizeof(digest), vp->vp_strvalue, vp->length) != 16) {
REDEBUG("\"known good\" NS-MTA-MD5-Password has invalid value");
return RLM_MODULE_INVALID;
}
memcpy(p, &vp->vp_octets[32], 32);
p += 32;
- fr_MD5Init(&md5_context);
- fr_MD5Update(&md5_context, (uint8_t *) buff2, p - buff2);
- fr_MD5Final(buff, &md5_context);
+ fr_md5_init(&md5_context);
+ fr_md5_update(&md5_context, (uint8_t *) buff2, p - buff2);
+ fr_md5_final(buff, &md5_context);
}
if (rad_digest_cmp(digest, buff, 16) != 0) {