From e94d70ce2536120dbb2cb3d9495e1ea1357a4ff5 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Thu, 6 Sep 2012 11:25:45 +0200
Subject: [PATCH] Double-check that we don't over-run the buffer

---
 src/lib/vqp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/lib/vqp.c b/src/lib/vqp.c
index b60c84d..3ceb20c 100644
--- a/src/lib/vqp.c
+++ b/src/lib/vqp.c
@@ -651,6 +651,8 @@ int vqp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original)
 	 */
 	for (i = 0; i < VQP_MAX_ATTRIBUTES; i++) {
 		if (!vps[i]) break;
+		if ((ptr - packet->data) >= packet->data_len) break;
+
 		vp = vps[i];
 
 		debug_pair(vp);
-- 
2.1.4