From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 13 Apr 2022 15:52:24 +0000 (-0400)
Subject: bound "len".  CID #1503923
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f474f3210d08a9d88202596642678aaa210af40e;p=thirdparty%2Ffreeradius-server.git

bound "len".  CID #1503923

after rounding up, and adding room for the headers
---

diff --git a/src/protocols/radius/encode.c b/src/protocols/radius/encode.c
index 2f503e6df13..f689d08ecec 100644
--- a/src/protocols/radius/encode.c
+++ b/src/protocols/radius/encode.c
@@ -174,6 +174,7 @@ static ssize_t encode_tunnel_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *in,
 	fr_dbuff_set_to_start(&work_dbuff);
 
 	len = encrypted_len + 2;	/* account for the salt */
+	if (len > RADIUS_MAX_STRING_LENGTH) len = RADIUS_MAX_STRING_LENGTH;
 
 	/*
 	 *	Copy the password over, and fill the remainder with random data.