26 Jan
2007
26 Jan
'07
4:37 a.m.
Bjørn Mork wrote:
Try this patch:
Looking at the code, it appears the strncpy is even more wrong than just adding "+1". I've committed a different fix which should avoid other errors (like potential buffer overflows with data taken from rlm_perl). It's only exploitable by people who can control the Perl scripts that the server runs, so it's not a real problem. But it should be fixed. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog