check for enough room

author Alan T. DeKok <aland@freeradius.org>

Wed, 31 Aug 2016 14:26:09 +0000 (10:26 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Wed, 31 Aug 2016 14:26:28 +0000 (10:26 -0400)
author Alan T. DeKok <aland@freeradius.org>
Wed, 31 Aug 2016 14:26:09 +0000 (10:26 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Wed, 31 Aug 2016 14:26:28 +0000 (10:26 -0400)
diff --git a/src/lib/token.c b/src/lib/token.c

index bb184df..8ae41b3 100644 (file)
--- a/src/lib/token.c
+++ b/src/lib/token.c
@@ -310,13 +310,17 @@ static FR_TOKEN getthing(char const **ptr, char *buf, int buflen, bool tok,
  
                 } else {
                         /*
-                        *      Deal with quotes and escapes, but don't mash
-                        *      escaped characters into their non-escaped
-                        *      equivalent.
+                        *      Convert backslash-quote to quote, but
+                        *      leave everything else alone.
                          */
                         if (p[1] == quote) { /* convert '\'' --> ' */
                                 p++;
                         } else {
+                               if (buflen < 2) {
+                                       fr_strerror_printf("Truncated input");
+                                       return T_INVALID;
+                               }
+
                                 *(s++) = *(p++);
                         }
                         *(s++) = *(p++);
author	Alan T. DeKok <aland@freeradius.org>
	Wed, 31 Aug 2016 14:26:09 +0000 (10:26 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Wed, 31 Aug 2016 14:26:28 +0000 (10:26 -0400)