negotiate_wrapper: Search buffer with strchr instead of memchr (#2176)

Previously, memchr would search tainted data.

diff --git a/src/auth/negotiate/wrapper/negotiate_wrapper.cc b/src/auth/negotiate/wrapper/negotiate_wrapper.cc
index fcf1c31defd3b9fe01913c2346ee336a09c2df83..b91601a132b9ef39ed50aa6615224c73facd9f34 100644 (file)
--- a/src/auth/negotiate/wrapper/negotiate_wrapper.cc
+++ b/src/auth/negotiate/wrapper/negotiate_wrapper.cc
@@ -132,7 +132,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT)
             fprintf(stdout, "BH input error\n");
             return 0;
         }
-        c = static_cast<char*>(memchr(buf, '\n', sizeof(buf) - 1));
+        c = strchr(buf, '\n');
         if (c) {
             *c = '\0';
             length = c - buf;
@@ -225,7 +225,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT)
                 return 0;
             }
 
-            if (!memchr(tbuff, '\n', sizeof(tbuff) - 1)) {
+            if (!strchr(tbuff, '\n')) {
                 fprintf(stderr, "%s| %s: Oversized NTLM helper response\n",
                         LogTime(), PROGRAM);
                 return 0;
@@ -264,7 +264,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT)
                 return 0;
             }
 
-            if (!memchr(buff, '\n', sizeof(buff) - 1)) {
+            if (!strchr(buff, '\n')) {
                 fprintf(stderr, "%s| %s: Oversized Kerberos helper response\n",
                         LogTime(), PROGRAM);
                 return 0;