Hi,
On 22-09-16 12:04, David Sommerseth wrote:
> If running an OpenVPN client with --enable-pkcs11 and a server without
> and having a username and/or password with more than 128 characters,
> the authentication will fail as the server truncates the password
> to 128 bytes.
>
> This makes things easier and more predictable. Username/passwords
> can be up to 4096 bytes, regardless of the --enable-pkcs11 state.
>
> Signed-off-by: David Sommerseth <dav...@openvpn.net>
> ---
> src/openvpn/misc.h | 9 +++------
> 1 file changed, 3 insertions(+), 6 deletions(-)
>
> diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
> index b694096..31ea10e 100644
> --- a/src/openvpn/misc.h
> +++ b/src/openvpn/misc.h
> @@ -195,17 +195,14 @@ const char *hostname_randomize(const char *hostname,
> struct gc_arena *gc);
> * Get and store a username/password
> */
>
> +/* max length of username/password */
> +#define USER_PASS_LEN 4096
> +
> struct user_pass
> {
> bool defined;
> bool nocache;
>
> -/* max length of username/password */
> -# ifdef ENABLE_PKCS11
> -# define USER_PASS_LEN 4096
> -# else
> -# define USER_PASS_LEN 128
> -# endif
> char username[USER_PASS_LEN];
> char password[USER_PASS_LEN];
> };
ACK.
I've wondered about this before, but never got to sending a patch. Good
that you did get to it.
How are user/pass formatted. Are these supposed to be zero-terminated?
In that case it would make sense to add a remark to the comment that
this length includes the zero-byte.
-Steffan
------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
