Page MenuHomeFreeBSD

ppp: Permit CHAP challenges up to 255 bytes
ClosedPublic

Authored by jhb on May 20 2026, 7:31 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Jun 27, 12:57 AM
Unknown Object (File)
Fri, Jun 26, 7:41 AM
Unknown Object (File)
Thu, Jun 25, 10:19 PM
Unknown Object (File)
Thu, Jun 25, 5:39 PM
Unknown Object (File)
Thu, Jun 25, 11:29 AM
Unknown Object (File)
Thu, Jun 25, 10:56 AM
Unknown Object (File)
Thu, Jun 25, 2:12 AM
Unknown Object (File)
Wed, Jun 24, 10:47 PM
Subscribers

Details

Summary

RFC 1994 does not place any limit on the length of the value field in
challenge messages except that the length is a single octet which
bounds the maximum length to 255.

NB: I'm not sure why the local[] and peer[] arrays contain room for an
authentication name (AUTHLEN) in addition to a challenge value/response,
but I've just left that in place.

PR: 271955
Reported by: Robert Morris <rtm@lcs.mit.edu>

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb requested review of this revision.May 20 2026, 7:31 PM
usr.sbin/ppp/chap.c
241

The cast is required so that the single char is promoted to an unsigned int instead of a signed int when passed as the length.

des added a subscriber: des.

It's safe to drop the extra AUTHLEN from challenge.local and challenge.peer

This revision is now accepted and ready to land.Fri, Jun 5, 3:40 PM
This revision now requires review to proceed.Fri, Jun 5, 3:53 PM
This revision is now accepted and ready to land.Fri, Jun 5, 4:40 PM
This revision was automatically updated to reflect the committed changes.