EAP-TTLS/PAP: User-Password obfuscation for zero length password
The password in User-Password AVP is padded to a multiple of 16 bytes on EAP-TTLS/PAP. But when the password length is zero, no padding is added. It doesn't cause connectivity issue. In fact, I could connect with hostapd RADIUS server with zero length password. I think it's better for obfuscation to pad the 16 bytes data when the password length is zero with this patch.
This commit is contained in:
parent
3484a18a13
commit
bab31499fd
1 changed files with 1 additions and 1 deletions
|
@ -846,7 +846,7 @@ static int eap_ttls_phase2_request_pap(struct eap_sm *sm,
|
||||||
/* User-Password; in RADIUS, this is encrypted, but EAP-TTLS encrypts
|
/* User-Password; in RADIUS, this is encrypted, but EAP-TTLS encrypts
|
||||||
* the data, so no separate encryption is used in the AVP itself.
|
* the data, so no separate encryption is used in the AVP itself.
|
||||||
* However, the password is padded to obfuscate its length. */
|
* However, the password is padded to obfuscate its length. */
|
||||||
pad = (16 - (password_len & 15)) & 15;
|
pad = password_len == 0 ? 16 : (16 - (password_len & 15)) & 15;
|
||||||
pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_USER_PASSWORD, 0, 1,
|
pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_USER_PASSWORD, 0, 1,
|
||||||
password_len + pad);
|
password_len + pad);
|
||||||
os_memcpy(pos, password, password_len);
|
os_memcpy(pos, password, password_len);
|
||||||
|
|
Loading…
Reference in a new issue