From: Catalina Pineros <catalina.pineros@inkbridge.io>
Date: Tue, 10 Mar 2026 13:56:24 +0000 (-0400)
Subject: overflow check correction, typo in error message
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=afa005d3f72bfc6538d5b9632ef3723f755ab5ef;p=thirdparty%2Ffreeradius-server.git

overflow check correction, typo in error message

when parsing string (   static int read_string(rlm_isc_dhcp_tokenizer_t *state)   )
if string is of size 255,
then '/0' is added at position 256, which is an overflow error
so ((size_t) (q - state->string) >= sizeof(state->string) -1 )  necessary to preserve space for the null terminator,

copy-paste mistake.

(found by claude code)
---

diff --git a/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c b/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c
index 9c7c1275310..2faf1679b5b 100644
--- a/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c
+++ b/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c
@@ -313,7 +313,7 @@ static int read_string(rlm_isc_dhcp_tokenizer_t *state)
 			}
 		}
 
-		if ((size_t) (q - state->string) >= sizeof(state->string)) {
+		if ((size_t) (q - state->string) >= sizeof(state->string) - 1) {
 			fr_strerror_const("string is too long");
 			return -1;
 		}
@@ -1686,7 +1686,7 @@ static int parse_filename(UNUSED rlm_isc_dhcp_tokenizer_t *state, rlm_isc_dhcp_i
 static int parse_server_name(UNUSED rlm_isc_dhcp_tokenizer_t *state, rlm_isc_dhcp_info_t *info)
 {
 	if (info->argv[0]->vb_length > member_size(dhcp_packet_t, sname)) {
-		fr_strerror_const("filename is too long");
+		fr_strerror_const("server name is too long");
 		return -1;
 	}