From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Tue, 27 Jun 2023 21:09:11 +0000 (-0400)
Subject: xlat: Make xlat_eval_compiled binary safe
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1be695a698956866d2f5374a44723f8e1ae41508;p=thirdparty%2Ffreeradius-server.git

xlat: Make xlat_eval_compiled binary safe
---

diff --git a/src/lib/unlang/xlat_eval.c b/src/lib/unlang/xlat_eval.c
index db37245f7b0..e59b2c91096 100644
--- a/src/lib/unlang/xlat_eval.c
+++ b/src/lib/unlang/xlat_eval.c
@@ -1454,11 +1454,18 @@ static ssize_t _xlat_eval_compiled(TALLOC_CTX *ctx, char **out, size_t outlen, r
 		return slen;
 	}
 
+	if ((size_t)slen >= outlen) {
+		fr_strerror_const("Insufficient output buffer space");
+		return -1;
+	}
+
 	/*
 	 *	Otherwise copy the talloced buffer to the fixed one.
 	 */
-	strlcpy(*out, buff, outlen);
+	memcpy(*out, buff, slen);
+	(*out)[slen] = '\0';
 	talloc_free(buff);
+
 	return slen;
 }