aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libcharon/plugins/eap_md5/eap_md5.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/src/libcharon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c
index fa8092b54..b0a234527 100644
--- a/src/libcharon/plugins/eap_md5/eap_md5.c
+++ b/src/libcharon/plugins/eap_md5/eap_md5.c
@@ -147,12 +147,12 @@ METHOD(eap_method_t, process_peer, status_t,
this->identifier = in->get_identifier(in);
data = in->get_data(in);
- this->challenge = chunk_clone(chunk_skip(data, 6));
- if (data.len < 6 || this->challenge.len < *(data.ptr + 5))
+ if (data.len < 6 || data.ptr[5] + 6 > data.len)
{
DBG1(DBG_IKE, "received invalid EAP-MD5 message");
return FAILED;
}
+ this->challenge = chunk_clone(chunk_create(data.ptr + 6, data.ptr[5]));
if (hash_challenge(this, &response, this->peer, this->server) != SUCCESS)
{
return FAILED;
@@ -176,7 +176,9 @@ METHOD(eap_method_t, process_server, status_t,
chunk_t response, expected;
chunk_t data;
- if (this->identifier != in->get_identifier(in))
+ data = in->get_data(in);
+ if (this->identifier != in->get_identifier(in) ||
+ data.len < 6 || data.ptr[5] + 6 > data.len)
{
DBG1(DBG_IKE, "received invalid EAP-MD5 message");
return FAILED;
@@ -185,9 +187,7 @@ METHOD(eap_method_t, process_server, status_t,
{
return FAILED;
}
- data = in->get_data(in);
- response = chunk_skip(data, 6);
-
+ response = chunk_create(data.ptr + 6, data.ptr[5]);
if (response.len < expected.len ||
!memeq(response.ptr, expected.ptr, expected.len))
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-15 22:44:20 +0000