We can only decode attributes of 256 bytes or less

diff --git a/src/lib/radius.c b/src/lib/radius.c
index 9dce8b8..d8c4ebc 100644 (file)
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -3443,7 +3443,13 @@ static ssize_t data2vp(RADIUS_PACKET *packet,
         *      Decrypt the attribute.
         */
        if (secret && packet && (da->flags.encrypt != FLAG_ENCRYPT_NONE)) {
-               if (data == start) memcpy(buffer, data, attrlen);
+               if (data == start) {
+                       if (attrlen < sizeof(buffer)) {
+                               memcpy(buffer, data, attrlen);
+                       } else {
+                               memcpy(buffer, data, sizeof(buffer));
+                       }
+               }
                data = buffer;
 
                switch (da->flags.encrypt) { /* can't be tagged */