Fix heap-buffer-overflow in pap_auth_pbkdf2_parse()

author Jorge Pereira <jpereiran@gmail.com>

Tue, 14 Mar 2023 21:36:01 +0000 (18:36 -0300)

committer Alan T. DeKok <aland@freeradius.org>

Thu, 16 Mar 2023 22:46:26 +0000 (18:46 -0400)
author Jorge Pereira <jpereiran@gmail.com>
Tue, 14 Mar 2023 21:36:01 +0000 (18:36 -0300)
committer Alan T. DeKok <aland@freeradius.org>
Thu, 16 Mar 2023 22:46:26 +0000 (18:46 -0400)
diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c

index b4fbc2a3317c78aa9a89e816d08a97269f71733b..463ff66b7100bf15656efb90b55adc28e21e5e1f 100644 (file)
--- a/src/modules/rlm_pap/rlm_pap.c
+++ b/src/modules/rlm_pap/rlm_pap.c
@@ -904,7 +904,9 @@ static inline rlm_rcode_t CC_HINT(nonnull) pap_auth_pbkdf2_parse(REQUEST *reques
                 goto finish;
         }
  
-       strlcpy(hash_token, (char const *)p, (q - p) + 1);
+       memcpy(hash_token, (char const *)p, (q - p));
+       hash_token[q - p] = '\0';
+
         digest_type = fr_str2int(hash_names, hash_token, -1);
         switch (digest_type) {
         case PW_SSHA1_PASSWORD:
author	Jorge Pereira <jpereiran@gmail.com>
	Tue, 14 Mar 2023 21:36:01 +0000 (18:36 -0300)
committer	Alan T. DeKok <aland@freeradius.org>
	Thu, 16 Mar 2023 22:46:26 +0000 (18:46 -0400)