Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 27ae212c971322e7750f02c9dc0cc0c325bdc900
commit27ae212c971322e7750f02c9dc0cc0c325bdc900[log] [tgz]
authorNicholas Bellinger <nab@linux-iscsi.org>Thu Jun 05 18:08:57 2014 -0700
committerchrmhoffmann <chrmhoffmann@gmail.com>Sun Apr 05 10:20:20 2020 +0200
tree2061a6cf229798e72705eddd80dc6455905feed5
parent84a092f0383857ed0ae244934c8905a1ab916d99 [diff]
iscsi-target: Reject mutual authentication with reflected CHAP_C

commit 1d2b60a5545942b1376cb48c1d55843d71e3a08f upstream.

This patch adds an explicit check in chap_server_compute_md5() to ensure
the CHAP_C value received from the initiator during mutual authentication
does not match the original CHAP_C provided by the target.

This is in line with RFC-3720, section 8.2.1:

   Originators MUST NOT reuse the CHAP challenge sent by the Responder
   for the other direction of a bidirectional authentication.
   Responders MUST check for this condition and close the iSCSI TCP
   connection if it occurs.

Reported-by: Tejas Vaykole <tejas.vaykole@calsoftinc.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 2061a6cf229798e72705eddd80dc6455905feed5
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS