From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 23 May 2011 10:15:09 +0000 (+0200)
Subject: Set limits on string/octet attributes
X-Git-Tag: release_2_1_11~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=22db0162d0eb6f27a2055b488582b4a401d9514e;p=thirdparty%2Ffreeradius-server.git

Set limits on string/octet attributes
---

diff --git a/src/lib/valuepair.c b/src/lib/valuepair.c
index bda19385eea..33a8dbb0645 100644
--- a/src/lib/valuepair.c
+++ b/src/lib/valuepair.c
@@ -1420,10 +1420,20 @@ static VALUE_PAIR *pairmake_any(const char *attribute, const char *value,
 		vp->type = PW_TYPE_OCTETS;
 		/* FALL-THROUGH */
 		
-	case PW_TYPE_STRING:
 	case PW_TYPE_OCTETS:
 	case PW_TYPE_ABINARY:
 		vp->length = size >> 1;
+		if (vp->length > sizeof(vp->vp_octets)) {
+			vp->length = sizeof(vp->vp_octets);
+		}
+		break;
+
+	case PW_TYPE_STRING:
+		vp->length = size >> 1;
+		memset(&vp->vp_strvalue, 0, sizeof(vp->vp_strvalue));
+		if (vp->length >= sizeof(vp->vp_strvalue)) {
+			vp->length = sizeof(vp->vp_strvalue) - 1;
+		}
 		break;
 	}