aboutsummaryrefslogtreecommitdiffstats
path: root/main/freeradius/CVE-2014-2015.patch
blob: fbd5ff083316a4dada8d0a1f65aee4e5f3275c23 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
From 0d606cfc29ab2e91764854e733d4525e6c667eb9 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Thu, 13 Feb 2014 09:29:35 -0500
Subject: [PATCH] Increase buffer size.  Use output buffer size as limit for
 hex2bin

---
 src/modules/rlm_pap/rlm_pap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
index 8ef2152..1492a44 100644
--- a/src/modules/rlm_pap/rlm_pap.c
+++ b/src/modules/rlm_pap/rlm_pap.c
@@ -247,7 +247,7 @@ static int base64_decode (const char *src, uint8_t *dst)
 static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
 {
 	size_t decoded;
-	uint8_t buffer[64];
+	uint8_t buffer[256];
 
 	if (min_length >= sizeof(buffer)) return; /* paranoia */
 
@@ -255,7 +255,7 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
 	 *	Hex encoding.
 	 */
 	if (vp->length >= (2 * min_length)) {
-		decoded = fr_hex2bin(vp->vp_strvalue, buffer, vp->length >> 1);
+		decoded = fr_hex2bin(vp->vp_strvalue, buffer, sizeof(buffer));
 		if (decoded == (vp->length >> 1)) {
 			RDEBUG2("Normalizing %s from hex encoding", vp->name);
 			memcpy(vp->vp_octets, buffer, decoded);
-- 
1.8.5.5