diff options
Diffstat (limited to 'testing/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch')
| -rw-r--r-- | testing/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/testing/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch b/testing/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch new file mode 100644 index 000000000..29c1a27f2 --- /dev/null +++ b/testing/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch @@ -0,0 +1,48 @@ +From ff5147c9e5088c7cf5c0b6ec6bfdd3a9d2042a28 Mon Sep 17 00:00:00 2001 +From: Arran Cudbard-Bell <a.cudbardb@freeradius.org> +Date: Thu, 13 Feb 2014 13:49:54 +0000 +Subject: [PATCH] Fix potential crash with SSHA and salts > 44bytes + +--- + src/modules/rlm_pap/rlm_pap.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c +index 689acf0..1bf6d4e 100644 +--- a/src/modules/rlm_pap/rlm_pap.c ++++ b/src/modules/rlm_pap/rlm_pap.c +@@ -123,7 +123,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance) + static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + { + +- uint8_t buffer[64]; ++ uint8_t buffer[256]; + + if (min_length >= sizeof(buffer)) return; /* paranoia */ + +@@ -132,9 +132,10 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + */ + if (vp->length >= (2 * min_length)) { + size_t decoded; +- decoded = fr_hex2bin(buffer, vp->vp_strvalue, vp->length >> 1); ++ decoded = fr_hex2bin(buffer, vp->vp_strvalue, sizeof(buffer)); + if (decoded == (vp->length >> 1)) { +- RDEBUG2("Normalizing %s from hex encoding", vp->da->name); ++ RDEBUG2("Normalizing %s from hex encoding, %zu bytes -> %zu bytes", ++ vp->da->name, vp->length, decoded); + pairmemcpy(vp, buffer, decoded); + return; + } +@@ -150,7 +151,8 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + sizeof(buffer)); + if (decoded < 0) return; + if (decoded >= (ssize_t) min_length) { +- RDEBUG2("Normalizing %s from base64 encoding", vp->da->name); ++ RDEBUG2("Normalizing %s from base64 encoding, %zu bytes -> %zu bytes", ++ vp->da->name, vp->length, decoded); + pairmemcpy(vp, buffer, decoded); + return; + } +-- +1.8.5.5 + |