Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

Verify CHAP/MSCHAPv2 return code

Check the return code in some (but not yet all) places where the
functions from ms_funcs.c are used.
Jouni Malinen il y a 15 ans
Parent
ce78b289c4
commit
c5f6ad5766
5 fichiers modifiés avec 56 ajouts et 27 suppressions
Vue séparée Afficher les stats Diff
  1. 2 1
      hostapd/nt_password_hash.c
  2. 20 8
      src/eap_peer/eap_leap.c
  3. 9 4
      src/eap_peer/eap_mschapv2.c
  4. 9 4
      src/eap_peer/eap_ttls.c
  5. 16 10
      src/eap_server/eap_mschapv2.c

+ 2 - 1
hostapd/nt_password_hash.c
Voir le fichier 

@@ -43,7 +43,8 @@ int main(int argc, char *argv[])
 
 		password = buf;
 
 	}
 
 
-	nt_password_hash((u8 *) password, strlen(password), password_hash);
 
+	if (nt_password_hash((u8 *) password, strlen(password), password_hash))
 
+		return -1;
 
 	for (i = 0; i < sizeof(password_hash); i++)
 
 		printf("%02x", password_hash[i]);
 
 	printf("\n");

+ 20 - 8
src/eap_peer/eap_leap.c
Voir le fichier 

@@ -233,10 +233,16 @@ static struct wpabuf * eap_leap_process_response(struct eap_sm *sm, void *priv,
 
 	os_memcpy(data->ap_response, pos, LEAP_RESPONSE_LEN);
 
 
 	if (pwhash) {
 
-		hash_nt_password_hash(password, pw_hash_hash);
 
+		if (hash_nt_password_hash(password, pw_hash_hash)) {
 
+			ret->ignore = TRUE;
 
+			return NULL;
 
+		}
 
 	} else {
 
-		nt_password_hash(password, password_len, pw_hash);
 
-		hash_nt_password_hash(pw_hash, pw_hash_hash);
 
+		if (nt_password_hash(password, password_len, pw_hash) ||
 
+		    hash_nt_password_hash(pw_hash, pw_hash_hash)) {
 
+			ret->ignore = TRUE;
 
+			return NULL;
 
+		}
 
 	}
 
 	challenge_response(data->ap_challenge, pw_hash_hash, expected);
 
 
@@ -345,11 +351,17 @@ static u8 * eap_leap_getKey(struct eap_sm *sm, void *priv, size_t *len)
 
 	if (key == NULL)
 
 		return NULL;
 
 
-	if (pwhash)
 
-		hash_nt_password_hash(password, pw_hash_hash);
 
-	else {
 
-		nt_password_hash(password, password_len, pw_hash);
 
-		hash_nt_password_hash(pw_hash, pw_hash_hash);
 
+	if (pwhash) {
 
+		if (hash_nt_password_hash(password, pw_hash_hash)) {
 
+			os_free(key);
 
+			return NULL;
 
+		}
 
+	} else {
 
+		if (nt_password_hash(password, password_len, pw_hash) ||
 
+		    hash_nt_password_hash(pw_hash, pw_hash_hash)) {
 
+			os_free(key);
 
+			return NULL;
 
+		}
 
 	}
 
 	wpa_hexdump_key(MSG_DEBUG, "EAP-LEAP: pw_hash_hash",
 
 			pw_hash_hash, 16);

+ 9 - 4
src/eap_peer/eap_mschapv2.c
Voir le fichier 

@@ -209,10 +209,15 @@ static struct wpabuf * eap_mschapv2_challenge_reply(
 
 			   "in Phase 1");
 
 		auth_challenge = data->auth_challenge;
 
 	}
 
-	mschapv2_derive_response(identity, identity_len, password,
 
-				 password_len, pwhash, auth_challenge,
 
-				 peer_challenge, r->nt_response,
 
-				 data->auth_response, data->master_key);
 
+	if (mschapv2_derive_response(identity, identity_len, password,
 
+				     password_len, pwhash, auth_challenge,
 
+				     peer_challenge, r->nt_response,
 
+				     data->auth_response, data->master_key)) {
 
+		wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to derive "
 
+			   "response");
 
+		wpabuf_free(resp);
 
+		return NULL;
 
+	}
 
 	data->auth_response_valid = 1;
 
 	data->master_key_valid = 1;

+ 9 - 4
src/eap_peer/eap_ttls.c
Voir le fichier 

@@ -691,10 +691,15 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
 
 	pos += EAP_TTLS_MSCHAPV2_CHALLENGE_LEN;
 
 	os_memset(pos, 0, 8); /* Reserved, must be zero */
 
 	pos += 8;
 
-	mschapv2_derive_response(identity, identity_len, password,
 
-				 password_len, pwhash, challenge,
 
-				 peer_challenge, pos, data->auth_response,
 
-				 data->master_key);
 
+	if (mschapv2_derive_response(identity, identity_len, password,
 
+				     password_len, pwhash, challenge,
 
+				     peer_challenge, pos, data->auth_response,
 
+				     data->master_key)) {
 
+		wpabuf_free(msg);
 
+		wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
 
+			   "response");
 
+		return -1;
 
+	}
 
 	data->auth_response_valid = 1;
 
 
 	eap_ttlsv1_permute_inner(sm, data);

+ 16 - 10
src/eap_server/eap_mschapv2.c
Voir le fichier 

@@ -295,6 +295,7 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
 
 	u8 expected[24];
 
 	const u8 *username, *user;
 
 	size_t username_len, user_len;
 
+	int res;
 
 
 	pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
 
 			       &len);
 
@@ -372,17 +373,22 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
 
 			  username, username_len);
 
 
 	if (sm->user->password_hash) {
 
-		generate_nt_response_pwhash(data->auth_challenge,
 
-					    peer_challenge,
 
-					    username, username_len,
 
-					    sm->user->password,
 
-					    expected);
 
+		res = generate_nt_response_pwhash(data->auth_challenge,
 
+						  peer_challenge,
 
+						  username, username_len,
 
+						  sm->user->password,
 
+						  expected);
 
 	} else {
 
-		generate_nt_response(data->auth_challenge, peer_challenge,
 
-				     username, username_len,
 
-				     sm->user->password,
 
-				     sm->user->password_len,
 
-				     expected);
 
+		res = generate_nt_response(data->auth_challenge,
 
+					   peer_challenge,
 
+					   username, username_len,
 
+					   sm->user->password,
 
+					   sm->user->password_len,
 
+					   expected);
 
+	}
 
+	if (res) {
 
+		data->state = FAILURE;
 
+		return;
 
 	}
 
 
 	if (os_memcmp(nt_response, expected, 24) == 0) {