PAM Module Patch and Feature
Frank Cusack
fcusack at fcusack.com
Tue Mar 20 03:34:34 CET 2007
On March 19, 2007 7:23:16 PM -0700 Frank Cusack <fcusack at fcusack.com> wrote:
>> @@ -1176,6 +1198,9 @@
>> goto error;
>> }
>>
>> + if (a_reply->length < 2 || a_state->length < 2)
>> + goto error;
>> +
>> memcpy(challenge, a_reply->data, a_reply->length - 2);
>> challenge[a_reply->length - 2] = 0;
>>
>
> What's this bit about? Doesn't the length check done just above this
> addition make this superfluous?
Ah, nevermind.
> Also, I worked
> from the Debian source version which includes a patch for CVE-2005-0108:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0108
A version of that fix is already in cvs, and the diff is fuzzy enough that
it still applied.
-frank
More information about the Freeradius-Devel
mailing list