FR-AD-001 - (v3) use strncmp() instead of memcmp() for bounded data

author Alan T. DeKok <aland@freeradius.org>

Wed, 5 Jul 2017 15:27:55 +0000 (11:27 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Mon, 17 Jul 2017 12:34:35 +0000 (08:34 -0400)
author Alan T. DeKok <aland@freeradius.org>
Wed, 5 Jul 2017 15:27:55 +0000 (11:27 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Mon, 17 Jul 2017 12:34:35 +0000 (08:34 -0400)
diff --git a/src/main/conffile.c b/src/main/conffile.c

index 5f4c722..3b63455 100644 (file)
--- a/src/main/conffile.c
+++ b/src/main/conffile.c
@@ -1199,7 +1199,7 @@ static char const *cf_expand_variables(char const *cf, int *lineno,
                                 ERROR("%s[%d]: Reference \"%s\" type is invalid", cf, *lineno, input);
                                 return NULL;
                         }
-               } else if (memcmp(ptr, "$ENV{", 5) == 0) {
+               } else if (strncmp(ptr, "$ENV{", 5) == 0) {
                         char *env;
  
                         ptr += 5;
author	Alan T. DeKok <aland@freeradius.org>
	Wed, 5 Jul 2017 15:27:55 +0000 (11:27 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Mon, 17 Jul 2017 12:34:35 +0000 (08:34 -0400)