summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
14c1a77)
Increase AUTH_STRING_LEN and add extra checks in rc_avpair_gen()
to make sure that we can not overflow pair->strvalue.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
{
attribute = *ptr++;
attrlen = *ptr++;
{
attribute = *ptr++;
attrlen = *ptr++;
- attrlen -= 2;
- if (attrlen < 0)
+ if (attrlen < 2 || attrlen > length)
{
error("rc_avpair_gen: received attribute with invalid length");
break;
}
{
error("rc_avpair_gen: received attribute with invalid length");
break;
}
/* Handle vendor-specific specially */
if (attribute == PW_VENDOR_SPECIFIC) {
/* Handle vendor-specific specially */
if (attribute == PW_VENDOR_SPECIFIC) {
#define AUTH_VECTOR_LEN 16
#define AUTH_PASS_LEN (3 * 16) /* multiple of 16 */
#define AUTH_ID_LEN 64
#define AUTH_VECTOR_LEN 16
#define AUTH_PASS_LEN (3 * 16) /* multiple of 16 */
#define AUTH_ID_LEN 64
-#define AUTH_STRING_LEN 128 /* maximum of 253 */
+#define AUTH_STRING_LEN 253 /* maximum of 253 */