Don't use an intermediary buffer

diff --git a/src/lib/util/fuzzer.c b/src/lib/util/fuzzer.c
index 5e6b8bf707c1ed220287fec7376347acc47df18e..4a014f7c29b885af57f77442c6a9e33e820e10ae 100644 (file)
--- a/src/lib/util/fuzzer.c
+++ b/src/lib/util/fuzzer.c
@@ -41,9 +41,8 @@ static ssize_t util_decode_proto(TALLOC_CTX *ctx, UNUSED fr_pair_list_t *out, ui
        ssize_t rcode;
        fr_type_t type;
        fr_value_box_t *box;
-       uint8_t *copy;
 
-       if (data_len == 1) return data_len;
+       if (data_len < 1) return data_len;      /* We want to check zero length input too */
 
        type = data[0];
        switch (type) {
@@ -57,25 +56,7 @@ static ssize_t util_decode_proto(TALLOC_CTX *ctx, UNUSED fr_pair_list_t *out, ui
        box = fr_value_box_alloc(ctx, type, NULL, true);
        if (!box) return -1;
 
-       /*
-        *      Copy the input, and ensure that it's zero terminated.
-        */
-       copy = talloc_zero_array(box, uint8_t, data_len);
-       if (!copy) {
-               talloc_free(box);
-               return -1;
-       }
-       memcpy(copy, data + 1, data_len - 1);
-
-
-       /*
-        *      Some things in fr_value_box_from_substr() don't yet respect
-        *      data_len.  This means that if there's no zero
-        *      termination, we _know_ there will be buffer over-runs.
-        */
-       rcode = fr_value_box_from_str(box, box, type, NULL,
-                                     (char const *)copy, data_len - 1,
-                                     NULL, true);
+       rcode = fr_value_box_from_str(box, box, type, NULL, (char const *)data + 1, data_len - 1, NULL, true);
        talloc_free(box);
        return rcode;
 }