Commits

Chia-chi Yeh  committed e859c5e

mtpd: Build L2TP challenge from /dev/urandom to improve the security.

Also make it return CHALLENGE_FAILED when the response is incorrect.

  • Participants
  • Parent commits a777654

Comments (0)

Files changed (1)

 static uint16_t state;
 static int acknowledged;
 
+#define RANDOM_DEVICE   "/dev/urandom"
 #define CHALLENGE_SIZE  32
 
 static char *secret;
     add_attribute_u16(WINDOW_SIZE, htons(1));
 
     if (argc >= 3) {
-        int i;
-        for (i = 0; i < CHALLENGE_SIZE; ++i) {
-            challenge[i] = random();
+        FILE *fp = fopen(RANDOM_DEVICE, "r");
+        if (!fp || fread(challenge, 1, CHALLENGE_SIZE, fp) != CHALLENGE_SIZE) {
+            log_print(FATAL, "Cannot read %s", RANDOM_DEVICE);
+            exit(SYSTEM_ERROR);
         }
+        fclose(fp);
+
         add_attribute_raw(CHALLENGE, challenge, CHALLENGE_SIZE);
         secret = argv[2];
         secret_length = strlen(argv[2]);
                 log_print(DEBUG, "Received SCCRP without %s", tunnel ?
                           "valid challenge response" : "assigned tunnel");
                 log_print(ERROR, "Protocol error");
-                return -PROTOCOL_ERROR;
+                return tunnel ? -CHALLENGE_FAILED : -PROTOCOL_ERROR;
             }
             break;