projects / freeradius.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bb9edb5)
When s = cl->shortname we try to copy a string of arbitrary length
authornbk <nbk>
Fri, 9 Nov 2007 23:49:49 +0000 (23:49 +0000)
committernbk <nbk>
Fri, 9 Nov 2007 23:49:49 +0000 (23:49 +0000)
to a 64 bytes long buffer.

Bug found by Primoz Bratanic <primoz@slo-tech.com>

src/modules/rlm_unix/rlm_unix.c patch | blob | history

diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c
index 89833f8..1313f55 100644 (file)
--- a/src/modules/rlm_unix/rlm_unix.c
+++ b/src/modules/rlm_unix/rlm_unix.c
@@ -532,7 +532,7 @@ static int unix_accounting(void *instance, REQUEST *request)
         *      We use the tty field to store the terminal servers' port
         *      and address so that the tty field is unique.
         */
-       sprintf(buf, "%03d:%s", nas_port, s);
+       snprintf(buf, sizeof(buf), "%03d:%s", nas_port, s);
        strlcpy(ut.ut_line, buf, sizeof(ut.ut_line));
 
        /*
Unnamed repository; edit this file 'description' to name the repository.