From cb593953b52597e1d2b09c9056e1f4ab15462c7c Mon Sep 17 00:00:00 2001
From: Jaco Kroon <jaco@uls.co.za>
Date: Sat, 17 Aug 2024 05:40:49 +0200
Subject: [PATCH] plugins/radius: Avoid buffer-overrun in rc_avpair_tostr for
 PW_TYPE_DATE (#506)

Closes: #499

Signed-off-by: Jaco Kroon <jaco@uls.co.za>
---
 pppd/plugins/radius/avpair.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pppd/plugins/radius/avpair.c b/pppd/plugins/radius/avpair.c
index bbe141d..c1e6d28 100644
--- a/pppd/plugins/radius/avpair.c
+++ b/pppd/plugins/radius/avpair.c
@@ -699,6 +699,7 @@ int rc_avpair_tostr (VALUE_PAIR *pair, char *name, int ln, char *value, int lv)
 	struct in_addr  inad;
 	unsigned char         *ptr;
 	char		*str;
+	time_t tmptime;
 
 	*name = *value = '\0';
 
@@ -752,8 +753,9 @@ int rc_avpair_tostr (VALUE_PAIR *pair, char *name, int ln, char *value, int lv)
 		break;
 
 	    case PW_TYPE_DATE:
+		tmptime = pair->lvalue;
 		strftime (buffer, sizeof (buffer), "%m/%d/%y %H:%M:%S",
-			  gmtime ((time_t *) & pair->lvalue));
+			  gmtime (&tmptime));
 		strncpy(value, buffer, lv-1);
 		break;
 
-- 
2.39.5