File CVE-2022-41861.patch of Package freeradius-server

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2022-41861.patch of Package freeradius-server

commit 0ec2b39d260e08e4c3464f6b95005821dc559c62
Author: Alan T. DeKok <aland@freeradius.org>
Date:   Mon Feb 28 10:34:15 2022 -0500

manual port of commit 5906bfa1

diff --git a/src/lib/filters.c b/src/lib/filters.c
index 4868cd385d..3f3b63daee 100644
--- a/src/lib/filters.c
+++ b/src/lib/filters.c
@@ -1205,13 +1205,19 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in
 			}
 		}
 	} else if (filter->type == RAD_FILTER_GENERIC) {
-		int count;
+		size_t count, masklen;
+
+		masklen = ntohs(filter->u.generic.len);
+		if (masklen >= sizeof(filter->u.generic.mask)) {
+			*p = '\0';
+			return;
+		}
 
 		i = snprintf(p, outlen, " %u ", (unsigned int) ntohs(filter->u.generic.offset));
 		p += i;
 
 		/* show the mask */
-		for (count = 0; count < ntohs(filter->u.generic.len); count++) {
+		for (count = 0; count < masklen; count++) {
 			i = snprintf(p, outlen, "%02x", filter->u.generic.mask[count]);
 			p += i;
 			outlen -= i;
@@ -1222,7 +1228,7 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in
 		outlen--;
 
 		/* show the value */
-		for (count = 0; count < ntohs(filter->u.generic.len); count++) {
+		for (count = 0; count < masklen; count++) {
 			i = snprintf(p, outlen, "%02x", filter->u.generic.value[count]);
 			p += i;
 			outlen -= i;

Places

File CVE-2022-41861.patch of Package freeradius-server

Places