Ubuntu
ppp package

EAP-MSCHAPv2 is busted

Bug #1958196 reported by Eivind Naess
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ppp (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

With the introduction to ppp-2.4.9; a new feature to enable EAP-MSCHAPv2 was added. To reproduce:

1) Install network-manager-sstp (pptp should work too)
2) Create a new connection to a SSTP server using Network-Manager-Applet
3) Connect

Connection failed, when you look closer the following output occur in the logs.

nm-sstp[1490800] <info> pppd started with pid 1490814
Plugin /usr/lib/pppd/2.4.9/nm-sstp-pppd-plugin.so loaded.
using channel 67
Using interface ppp0
Connect: ppp0 <--> /dev/pts/9
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x85e48268> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 4091> <auth eap> <magic 0x17a85875> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:16.dc.45.82.30.e9.47.0c.80.5a.0a.57.b3.35.62.a4.00.00.00.00]>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x85e48268> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 4091> <auth eap> <magic 0x17a85875> <pcomp> <accomp> <endpoint [local:16.dc.45.82.30.e9.47.0c.80.5a.0a.57.b3.35.62.a4.00.00.00.00]>]
sent [LCP ConfAck id=0x1 <mru 4091> <auth eap> <magic 0x17a85875> <pcomp> <accomp> <endpoint [local:16.dc.45.82.30.e9.47.0c.80.5a.0a.57.b3.35.62.a4.00.00.00.00]>]
sent [LCP EchoReq id=0x0 magic=0x85e48268]
rcvd [EAP Request id=0x0 Identity <No message>]
sent [EAP Response id=0x0 Identity <Name "test">]
rcvd [LCP EchoRep id=0x0 magic=0x17a85875]
rcvd [EAP Request id=0x1 MSCHAPv2 Challenge <*********>, <Name "WIN-SUA9KBMR6PA">]
added response cache entry 0
sent [EAP Response id=0x1 MSCHAPv2 Response <*************>, <Name "SSTP">]
rcvd [EAP Request id=0x2 MSCHAPv2 Failure <Message "E=691 R=1 C=055D8FD22591786CA5AE9EC8798FFD4E V=3">...]
MS-CHAP authentication failed: E=691 Authentication failure
sent [EAP Response id=0x2 MSCHAPv2 Failure]
rcvd [LCP TermReq id=0x5 17 a8 58 75 00 3c cd 74 00 00 03 2c]
LCP terminated by peer (^WM-(Xu^@<M-Mt^@^@^C,)
sent [LCP TermAck id=0x5]
Script /sbin/sstpc 172.16.0.253 --cert-warn --tls-ext --nolaunchpppd --log-level 5 --ipparam nm-sstp-service-1490800 --uuid 3d925cb0-6329-4582-9f56-83cd86a6eaf5 finished (pid 1490817), status = 0xff
Modem hangup

Notice the username which is supposed to be "SSTP-TEST\\test" only shows up in the MSCHAPv2 response as "SSTP". The length of the name got truncated (I believe to the same length as the EAP-IDENTITY response, which in this case was 4 characters).

Patch is attached.

See original description
Tags: patch

Related branches

~eivnaes/ubuntu/+source/ppp:ubuntu/impish
Simon Quigley (community): Needs Resubmitting
git-ubuntu import: Pending requested
Diff: 945 lines (+889/-5)
4 files modified
debian/patches/eap-mschap-v2-namelen.patch (+13/-0)
debian/patches/expose-mppe-keys-via-api.patch (+864/-0)
debian/patches/series (+2/-0)
debian/ppp.symbols (+10/-5)
Revision history for this message
Eivind Naess (eivnaes) wrote :
description: updated
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "eap-mschap-namelen-fix.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ppp - 2.4.9-1+1ubuntu3

---------------
ppp (2.4.9-1+1ubuntu3) jammy; urgency=medium

  * d/p/eap-mschap-v2-namelen.patch: fix the length of the username when
    responding to an EAP MSCHAPv2 challenge (LP: #1958196).
  * d/p/expose-mppe-keys-via-api.patch: allow plugins to access MPPE keys to
    enable external SSTP support.
  * Thanks to Eivind Næss.

 -- Robie Basak <email address hidden> Thu, 24 Feb 2022 17:14:02 +0000

Changed in ppp (Ubuntu):
status: New → Fix Released
Revision history for this message
Eivind Naess (eivnaes) wrote :

Thank you Robie!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.