Package: freeradius / 3.0.12+dfsg-5+deb9u1

fr-ad-001.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
From 41dfe9f0ca550ceb5f152ba8baf03fd6222d7119 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Wed, 5 Jul 2017 11:27:55 -0400
Subject: [PATCH] FR-AD-001 - (v3) use strncmp() instead of memcmp() for
 bounded data

---
 src/main/conffile.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: freeradius-3.0.12+dfsg/src/main/conffile.c
===================================================================
--- freeradius-3.0.12+dfsg.orig/src/main/conffile.c
+++ freeradius-3.0.12+dfsg/src/main/conffile.c
@@ -1199,7 +1199,7 @@ static char const *cf_expand_variables(c
 				ERROR("%s[%d]: Reference \"%s\" type is invalid", cf, *lineno, input);
 				return NULL;
 			}
-		} else if (memcmp(ptr, "$ENV{", 5) == 0) {
+		} else if (strncmp(ptr, "$ENV{", 5) == 0) {
 			char *env;
 
 			ptr += 5;