Ticket #712: 0001-Have-the-same-username-password-length-regardless-of.patch

File 0001-Have-the-same-username-password-length-regardless-of.patch, 1.3 KB (added by David Sommerseth, 4 years ago)

PATCH] Have the same username/password length regardless of PKCS#11 enablement

  • src/openvpn/misc.h

    From f514b9d2ed9865be191b18d53c466098823208d8 Mon Sep 17 00:00:00 2001
    From: David Sommerseth <davids@openvpn.net>
    Date: Thu, 22 Sep 2016 12:01:37 +0200
    Subject: [PATCH] Have the same username/password length regardless of PKCS#11
     enablement
    
    If running an OpenVPN client with --enable-pkcs11 and a server without
    and having a username and/or password with more than 128 characters,
    the authentication will fail as the server truncates the password
    to 128 bytes.
    
    This makes things easier and more predictable.  Username/passwords
    can be up to 4096 bytes, regardless of the --enable-pkcs11 state.
    
    Signed-off-by: David Sommerseth <davids@openvpn.net>
    ---
     src/openvpn/misc.h | 9 +++------
     1 file changed, 3 insertions(+), 6 deletions(-)
    
    diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
    index b694096..31ea10e 100644
    a b const char *hostname_randomize(const char *hostname, struct gc_arena *gc); 
    195195 * Get and store a username/password
    196196 */
    197197
     198/* max length of username/password */
     199#define USER_PASS_LEN 4096
     200
    198201struct user_pass
    199202{
    200203  bool defined;
    201204  bool nocache;
    202205
    203 /* max length of username/password */
    204 # ifdef ENABLE_PKCS11
    205 #   define USER_PASS_LEN 4096
    206 # else
    207 #   define USER_PASS_LEN 128
    208 # endif
    209206  char username[USER_PASS_LEN];
    210207  char password[USER_PASS_LEN];
    211208};