24 Nov
2005
24 Nov
'05
6:25 a.m.
Benjamin Bennett wrote:
Null termination of reply->data seems incorrect as well.
That null termination ensures that we return with a null terminated string in reply->data. Usually it would already be null terminated, except if we hit reply->length (100 bytes in krb5-1.4.2) before the end of user-password.
I'd suggest to use the functions strlcpy and strlcat in the new code. If they aren't available on the system, we have replacement functions in the libradius in CVS head. http://www.usenix.org/events/usenix99/full_papers/millert/millert_html/index... -- Nicolas Baradakis