From: Luke Howard <lukeh@padl.com>
Date: Fri, 8 Oct 2010 20:41:11 +0000 (+0200)
Subject: fix octet string length check
X-Git-Tag: vm/20110310~164
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=commitdiff_plain;h=7dd469c469f2a9492c21972fb1578b3c8ed79bb5

fix octet string length check
---

diff --git a/util_radius.cpp b/util_radius.cpp
index 7beb175..b8f58d0 100644
--- a/util_radius.cpp
+++ b/util_radius.cpp
@@ -685,10 +685,14 @@ avpImport(rs_handle *rh,
         break;
     case PW_TYPE_STRING:
         /* check enough room to NUL terminate */
-        if (p[0] >= MAX_STRING_LEN)
+        if (p[0] == MAX_STRING_LEN)
             goto fail;
+        else
         /* fallthrough */
     default:
+        if (p[0] > MAX_STRING_LEN)
+            goto fail;
+
         vp->length = (uint32_t)p[0];
         memcpy(vp->vp_octets, p + 1, vp->length);