From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 23 Mar 2023 13:43:48 +0000 (-0400)
Subject: check for "too small" earlier
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea7a88273c8133b3b253a3a5d5b19bf5bb314cf3;p=thirdparty%2Ffreeradius-server.git

check for "too small" earlier

so that we don't allocate VPs, try to decode them, and then discover
that it never would have worked.
---

diff --git a/src/lib/util/struct.c b/src/lib/util/struct.c
index f09f3ea215b..1687b704f97 100644
--- a/src/lib/util/struct.c
+++ b/src/lib/util/struct.c
@@ -242,7 +242,12 @@ ssize_t fr_struct_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out,
 		 *	The child is variable sized, OR it's an array.
 		 *	Eat up the rest of the data.
 		 */
-		if (!child_length || (child->flags.array)) child_length = (end - p);
+		if (!child_length || (child->flags.array)) {
+			child_length = (end - p);
+
+		} else if ((size_t) (end - p) < child_length) {
+			goto unknown;
+		}
 
 		/*
 		 *	Magic values get the callback called.