From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Fri, 20 Nov 2015 17:05:49 +0000 (-0500)
Subject: Fix buffer overflow in soh.c
X-Git-Tag: release_3_0_11~145
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=752a3e43ac33394b33ba15c243d2e8ca814e3199;p=thirdparty%2Ffreeradius-server.git

Fix buffer overflow in soh.c
---

diff --git a/src/main/soh.c b/src/main/soh.c
index ab2bad02594..754ad84e478 100644
--- a/src/main/soh.c
+++ b/src/main/soh.c
@@ -145,7 +145,6 @@ static int eapsoh_mstlv(REQUEST *request, uint8_t const *p, unsigned int data_le
 	VALUE_PAIR *vp;
 	uint8_t c;
 	int t;
-	char *q;
 
 	while (data_len > 0) {
 		c = *p++;
@@ -248,11 +247,7 @@ static int eapsoh_mstlv(REQUEST *request, uint8_t const *p, unsigned int data_le
 			vp = pair_make_request("SoH-MS-Machine-Name", NULL, T_OP_EQ);
 			if (!vp) return 0;
 
-			vp->vp_strvalue = q = talloc_array(vp, char, t);
-			vp->type = VT_DATA;
-
-			memcpy(q, p, t);
-			q[t] = 0;
+			fr_pair_value_bstrncpy(vp, p, t);
 
 			p += t;
 			data_len -= 2 + t;