From: James Jones Date: Thu, 16 Jun 2022 18:38:31 +0000 (-0500) Subject: Make room for NUL in the extreme case in xlat_config_escape(). (#4569) X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94bd9af2e00b2a51901c7a65e26929bd79e7eef9;p=thirdparty%2Ffreeradius-server.git Make room for NUL in the extreme case in xlat_config_escape(). (#4569) The VLA escaped[] can handle the probably unlikely worst case of every character from the value box requiring MIME encoding... except that a NUL is appended, so one might as well accommodate it in that worst case. --- diff --git a/src/lib/server/main_config.c b/src/lib/server/main_config.c index 4c3dd265f99..84912ca2f0a 100644 --- a/src/lib/server/main_config.c +++ b/src/lib/server/main_config.c @@ -443,7 +443,7 @@ static int xlat_config_escape(UNUSED request_t *request, fr_value_box_t *vb, UNU static char const disallowed[] = "%{}\\'\"`"; size_t outmax = vb->vb_length * 3; size_t outlen = 0; - char escaped[outmax]; + char escaped[outmax + 1]; char const *in, *end; char *out = escaped;