From: Niko Tyni <ntyni@cc.helsinki.fi>
Date: Wed, 20 May 2009 09:11:19 +0000 (+0300)
Subject: make_passwd: only use 'inlen' bytes of the input string
X-Git-Tag: release_2_1_7~136
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=867374dace03b36de84a45553488333bc8199ecc;p=thirdparty%2Ffreeradius-server.git

make_passwd: only use 'inlen' bytes of the input string

In some situations (at least a roundtrip through the rlm_perl module)
the User-Password value pair can have extra non-null bytes at the end
so that strlen(vp->data.strvalue) > vp->length.

These extra bytes shold not be used by make_passwd to construct the
Message-Authenticator, so copy just 'inlen' bytes of the input string
before rounding up the length.
---

diff --git a/src/lib/radius.c b/src/lib/radius.c
index 679e2aeafd4..b49f0df2b1a 100644
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -438,10 +438,15 @@ static void make_passwd(uint8_t *output, int *outlen,
 	 *	If the length is zero, round it up.
 	 */
 	len = inlen;
+
+	if (len > MAX_PASS_LEN) len = MAX_PASS_LEN;
+
+	memcpy(passwd, input, len);
+	memset(passwd + len, 0, sizeof(passwd) - len);
+
 	if (len == 0) {
 		len = AUTH_PASS_LEN;
 	}
-	else if (len > MAX_PASS_LEN) len = MAX_PASS_LEN;
 
 	else if ((len & 0x0f) != 0) {
 		len += 0x0f;
@@ -449,9 +454,6 @@ static void make_passwd(uint8_t *output, int *outlen,
 	}
 	*outlen = len;
 
-	memcpy(passwd, input, len);
-	memset(passwd + len, 0, sizeof(passwd) - len);
-
 	fr_MD5Init(&context);
 	fr_MD5Update(&context, (const uint8_t *) secret, strlen(secret));
 	old = context;