From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Tejas Vaykole <tejas.vaykole@calsoftinc.com>,
Nicholas Bellinger <nab@linux-iscsi.org>
Subject: [PATCH 3.4 01/26] iscsi-target: Reject mutual authentication with reflected CHAP_C
Date: Tue, 24 Jun 2014 11:50:24 -0400 [thread overview]
Message-ID: <20140624154619.565360439@linuxfoundation.org> (raw)
In-Reply-To: <20140624154619.499002156@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicholas Bellinger <nab@linux-iscsi.org>
commit 1d2b60a5545942b1376cb48c1d55843d71e3a08f upstream.
This patch adds an explicit check in chap_server_compute_md5() to ensure
the CHAP_C value received from the initiator during mutual authentication
does not match the original CHAP_C provided by the target.
This is in line with RFC-3720, section 8.2.1:
Originators MUST NOT reuse the CHAP challenge sent by the Responder
for the other direction of a bidirectional authentication.
Responders MUST check for this condition and close the iSCSI TCP
connection if it occurs.
Reported-by: Tejas Vaykole <tejas.vaykole@calsoftinc.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/target/iscsi/iscsi_target_auth.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/target/iscsi/iscsi_target_auth.c
+++ b/drivers/target/iscsi/iscsi_target_auth.c
@@ -342,6 +342,16 @@ static int chap_server_compute_md5(
goto out;
}
/*
+ * During mutual authentication, the CHAP_C generated by the
+ * initiator must not match the original CHAP_C generated by
+ * the target.
+ */
+ if (!memcmp(challenge_binhex, chap->challenge, CHAP_CHALLENGE_LENGTH)) {
+ pr_err("initiator CHAP_C matches target CHAP_C, failing"
+ " login attempt\n");
+ goto out;
+ }
+ /*
* Generate CHAP_N and CHAP_R for mutual authentication.
*/
tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
next prev parent reply other threads:[~2014-06-24 15:51 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-24 15:50 [PATCH 3.4 00/26] 3.4.95-stable review Greg Kroah-Hartman
2014-06-24 15:50 ` Greg Kroah-Hartman [this message]
2014-06-24 15:50 ` [PATCH 3.4 02/26] evm: prohibit userspace writing security.evm HMAC value Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 03/26] net: tunnels - enable module autoloading Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 04/26] net: fix inet_getid() and ipv6_select_ident() bugs Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 05/26] team: fix mtu setting Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 06/26] sctp: Fix sk_ack_backlog wrap-around problem Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 07/26] mlx4_core: Stash PCI ID driver_data in mlx4_priv structure Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 08/26] net/mlx4_core: Preserve pci_dev_data after __mlx4_remove_one() Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 09/26] netlink: rate-limit leftover bytes warning and print process name Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 10/26] USB: cdc-acm: fix write and suspend race Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 11/26] USB: cdc-acm: fix write and resume race Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 12/26] USB: cdc-acm: fix broken runtime suspend Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 13/26] USB: cdc-acm: fix runtime PM for control messages Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 14/26] USB: cdc-acm: fix shutdown and suspend race Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 15/26] USB: cdc-acm: fix I/O after failed open Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 16/26] USB: cdc-acm: fix runtime PM imbalance at shutdown Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 17/26] nohz: Fix another inconsistency between CONFIG_NO_HZ=n and nohz=off Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 18/26] ALSA: hda/realtek - Add support of ALC891 codec Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 19/26] ALSA: control: Protect user controls against concurrent access Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 20/26] ALSA: control: Fix replacing user controls Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 21/26] ALSA: control: Dont access controls outside of protected regions Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 22/26] ALSA: control: Handle numid overflow Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 23/26] ALSA: control: Make sure that id->index does not overflow Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 24/26] lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 25/26] lib/lzo: Update LZO compression to current upstream version Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 26/26] lzo: properly check for overruns Greg Kroah-Hartman
2014-06-24 19:50 ` [PATCH 3.4 00/26] 3.4.95-stable review Shuah Khan
2014-06-24 23:25 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140624154619.565360439@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nab@linux-iscsi.org \
--cc=stable@vger.kernel.org \
--cc=tejas.vaykole@calsoftinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.