From nobody Wed Jun 10 13:52:32 2026
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gb6fS4HHMz6gS95
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Wed, 10 Jun 2026 13:52:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4gb6fS2fWfz3PKb
	for <dev-commits-src-all@FreeBSD.org>; Wed, 10 Jun 2026 13:52:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1781099552;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7CtIjc9fzgxbQgm9SdRV8otU7Vcb2GukHNWZP5avcpU=;
	b=rPC7XkD0D7Rtq/eF+PC3fUH2IwEklibpcFnqilKK7b1jozUy8tJyn4AkK0r3E3DjFqbouN
	5/v/sYF2qLJ0YXrAw5yxQm3dRmuAUHgIbqTy7mKNwR721MrGwDGeQAgsPF3/XxRgsTy7so
	3+hWVVsBBEM9bT6+xe0SKKHQ0ANOfzjsrbW+qHTXmdzfyV5d0iDWDKCZ3QJz+M1sfoZUXr
	6zhZYb1z7qY66JKvsYoS/8UVLr/XwwWlkqwOKtY8C6Pwz84tGzmNywK/n+MMrOmip1Oqe6
	N+sflK4xNUlSZu1ni71WcXUmyEv2tc7L0VPE7PtOJ2WHU7+jVQGIguc+dYr+7Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781099552; a=rsa-sha256; cv=none;
	b=f+HzOgQpkxBob76tK0tdL6DjJIdoA8MMRTlv2bqLgjtoPWkOxbQsJfcELsqEQJKgpXFrKo
	TP469cPQDpzbsKro5G6WZKlX5Q63Zf9+8BJ2W1QlUuqmTLSu+xqlIqkVtnyEo3zsq8Hp4y
	pJaaSrkW6wPjAajZcrEusNptTCiYMOI71PlAPyl3epB++l7QwpIJ/Y7sfg12qPGxWAJEF3
	7vgWKJh15oudbxghKjtgPN7ERc/VuGTBao1/USBs2Z4q2cLxgnaRD/uVy3Z95ecQV0rHKs
	XiD+vCW6b8dElfiE+lU5eH8PZ0sE7Zp1pz33qlUpQEYA8gJQwa6Npy9otOkxnQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1781099552;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7CtIjc9fzgxbQgm9SdRV8otU7Vcb2GukHNWZP5avcpU=;
	b=t0HnmM60Rgf5whqFQCBGtV+V5IanTpuXhO3ucUisn56ghU1Qypr020FU6J1ulIrOemeG6f
	7OndY4QDy99C4M023c0WXqc5p94T8v6zXdN+Im/ZUcgLezFRtMamwXdb8YtbkyVEIM7Oc2
	XS1J4cuR2ukeHC1oeFnvsLMEAnwfalNQVG2PhHI9WZPVSDFHScClF5g9gFDkdhpo15bmpD
	UElnENHILzadq4cLxSAXzp4xDMaU5XIMwK6r8QpFnxkGKYTBAMODtDtmrCMFSqj2vERyIg
	PpA3tIOrOFVgXUQf9/XEGrWHl2lVtRSZu+4/vS2ZMve8JDzUZIHX78+jVOJUKg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gb6fS26M3z1Ms4
	for <dev-commits-src-all@FreeBSD.org>; Wed, 10 Jun 2026 13:52:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 1d7cd
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Wed, 10 Jun 2026 13:52:32 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Subject: git: 7e971892dfc5 - main - ppp: Permit CHAP challenges up to 255 bytes
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
List-Id: <dev-commits-src-all.FreeBSD.org>
List-Post: <mailto:dev-commits-src-all@FreeBSD.org>
List-Help: <mailto:dev-commits-src-all+help@FreeBSD.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@FreeBSD.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@FreeBSD.org>
List-Owner: <mailto:postmaster@FreeBSD.org>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jhb
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 7e971892dfc5aac20bd62be7817941dbaed55f42
Auto-Submitted: auto-generated
Date: Wed, 10 Jun 2026 13:52:32 +0000
Message-Id: <6a296c20.1d7cd.55f12157@gitrepo.freebsd.org>

The branch main has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=7e971892dfc5aac20bd62be7817941dbaed55f42

commit 7e971892dfc5aac20bd62be7817941dbaed55f42
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2026-06-10 13:44:10 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2026-06-10 13:44:10 +0000

    ppp: Permit CHAP challenges up to 255 bytes
    
    RFC 1994 does not place any limit on the length of the value field in
    challenge messages except that the length is a single octet which
    bounds the maximum length to 255.
    
    NB: I'm not sure why the local[] and peer[] arrays contain room for an
    authentication name (AUTHLEN) in addition to a challenge value/response,
    but I've just left that in place.
    
    PR:             271955
    Reported by:    Robert Morris <rtm@lcs.mit.edu>
    Reviewed by:    des
    Differential Revision:  https://reviews.freebsd.org/D57138
---
 usr.sbin/ppp/chap.c | 4 ++--
 usr.sbin/ppp/chap.h | 4 ++--
 usr.sbin/ppp/defs.h | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/usr.sbin/ppp/chap.c b/usr.sbin/ppp/chap.c
index 9cefa6db71ce..1129aa7fb2a3 100644
--- a/usr.sbin/ppp/chap.c
+++ b/usr.sbin/ppp/chap.c
@@ -238,7 +238,7 @@ chap_BuildAnswer(char *name, char *key, u_char id, char *challenge
     MD5Init(&MD5context);
     MD5Update(&MD5context, &id, 1);
     MD5Update(&MD5context, key, klen);
-    MD5Update(&MD5context, challenge + 1, *challenge);
+    MD5Update(&MD5context, challenge + 1, (u_char)*challenge);
     MD5Final(digest, &MD5context);
 
     memcpy(digest + 16, name, nlen);
@@ -913,7 +913,7 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
               if (myans == NULL)
                 key = NULL;
               else {
-                if (!chap_Cmp(myans + 1, *myans, ans + 1, alen
+                if (!chap_Cmp(myans + 1, (u_char)*myans, ans + 1, alen
 #ifndef NODES
                               , p->link.lcp.want_authtype, lanman
 #endif
diff --git a/usr.sbin/ppp/chap.h b/usr.sbin/ppp/chap.h
index f697167ab165..993ed3f060f7 100644
--- a/usr.sbin/ppp/chap.h
+++ b/usr.sbin/ppp/chap.h
@@ -48,8 +48,8 @@ struct chap {
   } child;
   struct authinfo auth;
   struct {
-    u_char local[CHAPCHALLENGELEN + AUTHLEN];	/* I invented this one */
-    u_char peer[CHAPCHALLENGELEN + AUTHLEN];	/* Peer gave us this one */
+    u_char local[CHAPCHALLENGELEN + 1 + AUTHLEN]; /* I invented this one */
+    u_char peer[CHAPCHALLENGELEN + 1 + AUTHLEN];  /* Peer gave us this one */
   } challenge;
 #ifndef NODES
   unsigned NTRespSent : 1;		/* Our last response */
diff --git a/usr.sbin/ppp/defs.h b/usr.sbin/ppp/defs.h
index c76cbd8ad9cb..31f2577a6c23 100644
--- a/usr.sbin/ppp/defs.h
+++ b/usr.sbin/ppp/defs.h
@@ -58,7 +58,7 @@
 #define DEVICE_LEN SCRIPT_LEN	/* Size of individual devices */
 #define AUTHLEN 100 		/* Size of authname/authkey */
 #define CHAPDIGESTLEN 100	/* Maximum chap digest */
-#define CHAPCHALLENGELEN 48	/* Maximum chap challenge */
+#define CHAPCHALLENGELEN 255	/* Maximum chap challenge */
 #define CHAPAUTHRESPONSELEN 48	/* Maximum chap authresponse (chap81) */
 #define MAXARGS 40		/* How many args per config line */
 #define NCP_IDLE_TIMEOUT 180	/* Drop all links */