pluto: Fix for null-terminated XAuth secrets (as sent by Android 4).

2025-10-06 00:00:47 -04:00 · 2012-04-24 09:25:38 +02:00 · 2012-04-24 09:25:38 +02:00 · 7d85bebc49
commit 7d85bebc49
parent 5ff8fe5d48
1 changed files with 7 additions and 0 deletions
--- a/src/pluto/plugins/xauth/xauth_default_verifier.c
+++ b/src/pluto/plugins/xauth/xauth_default_verifier.c
@ -43,6 +43,13 @@ METHOD(xauth_verifier_t, verify_secret, bool,
 	if (get_xauth_secret(user, server, &xauth_secret))
 	{
 		success = chunk_equals(secret, xauth_secret);
+
+		if (!success && secret.len && secret.ptr[secret.len - 1] == 0)
+		{	/* fix for null-terminated passwords (e.g. from Android 4) */
+			secret.len--;
+			success = chunk_equals(secret, xauth_secret);
+		}
+
 		chunk_clear(&xauth_secret);
 	}
 	return success;