From 6b4faf5f9189fb7213cf6392dc953bb505f83d64 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Wed, 31 Aug 2016 10:26:09 -0400
Subject: [PATCH] check for enough room

---
 src/lib/token.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/lib/token.c b/src/lib/token.c
index bb184df..8ae41b3 100644
--- a/src/lib/token.c
+++ b/src/lib/token.c
@@ -310,13 +310,17 @@ static FR_TOKEN getthing(char const **ptr, char *buf, int buflen, bool tok,
 
 		} else {
 			/*
-			 *	Deal with quotes and escapes, but don't mash
-			 *	escaped characters into their non-escaped
-			 *	equivalent.
+			 *	Convert backslash-quote to quote, but
+			 *	leave everything else alone.
 			 */
 			if (p[1] == quote) { /* convert '\'' --> ' */
 				p++;
 			} else {
+				if (buflen < 2) {
+					fr_strerror_printf("Truncated input");
+					return T_INVALID;
+				}
+
 				*(s++) = *(p++);
 			}
 			*(s++) = *(p++);
-- 
2.1.4