From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 14 Sep 2015 12:51:09 +0000 (-0400)
Subject: For encrypted attributes, set explicit length if given
X-Git-Tag: release_3_0_10~106
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a23380840ecbfd52945e1a6dbc3c0b761babf550;p=thirdparty%2Ffreeradius-server.git

For encrypted attributes, set explicit length if given

for MS-CHAP-MPPE-Keys
---

diff --git a/src/lib/radius.c b/src/lib/radius.c
index 71f38a4df68..39143b24db6 100644
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -3504,16 +3504,25 @@ ssize_t data2vp(TALLOC_CTX *ctx,
 			buffer[253] = '\0';
 
 			/*
-			 *	Take off trailing zeros from the END.
-			 *	This allows passwords to have zeros in
-			 *	the middle of a field.
-			 *
-			 *	However, if the password has a zero at
-			 *	the end, it will get mashed by this
-			 *	code.  There's really no way around
-			 *	that.
+			 *	MS-CHAP-MPPE-Keys are 24 octets, and
+			 *	encrypted.  Since it's binary, we can't
+			 *	look for trailing zeros.
 			 */
-			while ((datalen > 0) && (buffer[datalen - 1] == '\0')) datalen--;
+			if (da->flags.length && (datalen > da->flags.length)) {
+				datalen = da->flags.length;
+			} else {
+				/*
+				 *	Take off trailing zeros from the END.
+				 *	This allows passwords to have zeros in
+				 *	the middle of a field.
+				 *
+				 *	However, if the password has a zero at
+				 *	the end, it will get mashed by this
+				 *	code.  There's really no way around
+				 *	that.
+				 */
+				while ((datalen > 0) && (buffer[datalen - 1] == '\0')) datalen--;
+			}
 			break;
 
 		/*