From 36ffb590e96972184863917dae772c6a5d71e99d Mon Sep 17 00:00:00 2001
From: Jorge Pereira <jpereiran@gmail.com>
Date: Tue, 14 Mar 2023 18:36:01 -0300
Subject: [PATCH] Fix heap-buffer-overflow in pap_auth_pbkdf2_parse()

==3061536==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6100000053f9 at pc 0x7f3eb4ff6bbe bp 0x7fff630b7770 sp 0x7fff630b7768
READ of size 1 at 0x6100000053f9 thread T0
    #0 0x7f3eb4ff6bbd in strlcpy /home/jpereira/Devel/FreeRADIUS/freeradius-server-v3.2.x.git-linux/src/lib/strlcpy.c:56:10
---
 src/modules/rlm_pap/rlm_pap.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
index b4fbc2a331..463ff66b71 100644
--- a/src/modules/rlm_pap/rlm_pap.c
+++ b/src/modules/rlm_pap/rlm_pap.c
@@ -904,7 +904,9 @@ static inline rlm_rcode_t CC_HINT(nonnull) pap_auth_pbkdf2_parse(REQUEST *reques
 		goto finish;
 	}
 
-	strlcpy(hash_token, (char const *)p, (q - p) + 1);
+	memcpy(hash_token, (char const *)p, (q - p));
+	hash_token[q - p] = '\0';
+
 	digest_type = fr_str2int(hash_names, hash_token, -1);
 	switch (digest_type) {
 	case PW_SSHA1_PASSWORD:
-- 
2.47.2