Handle PPP non-compliant success packets
Bug #1890814 reported by
Douglas Kosovic
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ppp (Debian) |
Fix Released
|
Unknown
|
|||
ppp (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
[Impact]
According to RFC2759, the format of PPP success packets is :
"S=<auth_string> M=<message>"
Recently Windows Server 2019 has started producing non-complaint PPP success packets which have a space missing before the M= characters.
PPP based (e.g. PPTP, L2TP, etc) VPN clients connecting to an affected Windows Server 2019 VPN server will get the following error message during MS-CHAPv2 authentication :
MS-CHAPv2 Success packet is badly formed
If the following upstream ppp patch is applied, it will handle the non-compliant, missing-space before M= success packets :
https:/
no longer affects: | ppp |
Changed in ppp (Debian): | |
status: | Unknown → Fix Released |
To post a comment you must log in.
macOS already handles the missing space before M=, extract from : /opensource. apple.com/ source/ ppp/ppp- 862.120. 2/Helpers/ pppd/chap_ ms.c.auto. html
https:/
//we'll allow the missing-space case from the server, even though (char*) msg, "M=", 2))
//it's non-conforming to spec!
dbglog("Rcvd non-conforming MSCHAPv2 Success packet, len=%d", len);
if(len >= 2 && !strncmp(
msg += 2;
else
{
error("MS-CHAPv2 Success packet is badly formed.");
return 0;
}