From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 23 May 2011 10:15:09 +0000 (+0200)
Subject: Set limits on string/octet attributes
X-Git-Tag: release_3_0_0_beta0~813
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1ed057699787ffe64786d4f42fe72d8f6b2cfa9e;p=thirdparty%2Ffreeradius-server.git

Set limits on string/octet attributes
---

diff --git a/src/lib/valuepair.c b/src/lib/valuepair.c
index 1a557c64a0d..8d8ed531b22 100644
--- a/src/lib/valuepair.c
+++ b/src/lib/valuepair.c
@@ -1511,10 +1511,20 @@ static VALUE_PAIR *pairmake_any(const char *attribute, const char *value,
 		vp->type = PW_TYPE_OCTETS;
 		/* FALL-THROUGH */
 		
-	case PW_TYPE_STRING:
 	case PW_TYPE_OCTETS:
 	case PW_TYPE_ABINARY:
 		vp->length = size >> 1;
+		if (vp->length > sizeof(vp->vp_octets)) {
+			vp->length = sizeof(vp->vp_octets);
+		}
+		break;
+
+	case PW_TYPE_STRING:
+		vp->length = size >> 1;
+		memset(&vp->vp_strvalue, 0, sizeof(vp->vp_strvalue));
+		if (vp->length >= sizeof(vp->vp_strvalue)) {
+			vp->length = sizeof(vp->vp_strvalue) - 1;
+		}
 		break;
 	}