From: David Disseldorp <ddiss@suse.de>
To: target-devel@vger.kernel.org
Cc: linux-scsi@vger.kernel.org, David Disseldorp <ddiss@suse.de>
Subject: [PATCH 2/2] scsi: target: fix auth when CHAP_N carries a hex/b64 prefix
Date: Tue, 2 Jun 2026 21:43:58 +1000 [thread overview]
Message-ID: <20260602115840.26490-3-ddiss@suse.de> (raw)
In-Reply-To: <20260602115840.26490-1-ddiss@suse.de>
Attempting to authenticate using a CHAP username with a '0x' or '0b'
prefix currently fails. This is due to extract_param()'s behaviour of
stripping these prefixes, and the subsequent (type == HEX) error-path.
I believe this behaviour is contrary to the RFC 3720 specification,
which states:
5.1. Text Format
...
text-value: A string of zero or more characters that consist of
letters, digits, dot, minus, plus, commercial at, underscore,
slash, left bracket, right bracket, or colon.
11.1.4. Challenge Handshake Authentication Protocol (CHAP)
...
CHAP_A=<A> CHAP_I=<I> CHAP_C=<C>
Where A is one of A1,A2... that were proposed by the initiator.
In the third step, the initiator MUST continue with:
CHAP_N=<N> CHAP_R=<R>
...
Where N, (A,A1,A2), I, C, and R are (correspondingly) the Name,
Algorithm, Identifier, Challenge, and Response as defined in
[RFC1994], N is a text string, A,A1,A2, and I are numbers, and C and
R are large-binary-values ...
"N is a text string" implies that any hex or base64 encoding prefix
should not be interpreted or stripped. Fix this by using the new
extract_param_str() helper function to obtain the CHAP_N value as-is.
Reported-by: Sashiko (gemini/gemini-3.1-pro-preview)
Link: https://sashiko.dev/#/patchset/20260521151121.808477-1-hossu.alexandru%40gmail.com
Signed-off-by: David Disseldorp <ddiss@suse.de>
---
drivers/target/iscsi/iscsi_target_auth.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c
index a3ad2d244dbee..6f21075e58416 100644
--- a/drivers/target/iscsi/iscsi_target_auth.c
+++ b/drivers/target/iscsi/iscsi_target_auth.c
@@ -303,12 +303,8 @@ static int chap_server_compute_hash(
/*
* Extract CHAP_N.
*/
- if (extract_param(nr_in_ptr, "CHAP_N", MAX_CHAP_N_SIZE, chap_n,
- &type) < 0) {
- pr_err("Could not find CHAP_N.\n");
- goto out;
- }
- if (type == HEX) {
+ ret = extract_param_str(nr_in_ptr, "CHAP_N", MAX_CHAP_N_SIZE, chap_n);
+ if (ret < 0) {
pr_err("Could not find CHAP_N.\n");
goto out;
}
--
2.51.0
next prev parent reply other threads:[~2026-06-02 11:59 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-02 11:43 [PATCH 0/2] scsi: target: fix CHAP_N handling David Disseldorp
2026-06-02 11:43 ` [PATCH 1/2] scsi: target: add extract_param_str() helper David Disseldorp
2026-06-03 16:30 ` Lee Duncan
2026-06-02 11:43 ` David Disseldorp [this message]
2026-06-03 16:30 ` [PATCH 2/2] scsi: target: fix auth when CHAP_N carries a hex/b64 prefix Lee Duncan
2026-06-02 16:42 ` [PATCH 0/2] scsi: target: fix CHAP_N handling John Garry
2026-06-02 23:19 ` David Disseldorp
2026-06-03 8:24 ` John Garry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260602115840.26490-3-ddiss@suse.de \
--to=ddiss@suse.de \
--cc=linux-scsi@vger.kernel.org \
--cc=target-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox