From 75f59aadb42ffe4214b1d5da0a68021ad7e6ad3e Mon Sep 17 00:00:00 2001
From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Wed, 3 Sep 2025 13:09:10 +0000
Subject: [PATCH] Reject eui64 ACL addresses with trailing garbage (#2157)

Also limit eui64 ACL addresses to 255 characters.
---
 src/acl/Eui64.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/acl/Eui64.cc b/src/acl/Eui64.cc
index 626eb3a48f..2e076268ee 100644
--- a/src/acl/Eui64.cc
+++ b/src/acl/Eui64.cc
@@ -42,7 +42,8 @@ aclParseEuiData(const char *t)
     Eui::Eui64 *q = new Eui::Eui64;
     debugs(28, 5, "aclParseEuiData: " << t);
 
-    if (sscanf(t, "%[0-9a-fA-F:]", buf) != 1) {
+    int n = 0;
+    if (sscanf(t, "%255[0-9a-fA-F:]%n", buf, &n) != 1 || t[n] != '\0') {
         debugs(28, DBG_CRITICAL, "ERROR: aclParseEuiData: Bad EUI-64 address: '" << t << "'");
         delete q;
         return nullptr;
-- 
2.47.3