--- xsupplicant-1.0.1/src/eap.c.memory-leak	2006-10-26 10:18:10.000000000 -0600
+++ xsupplicant-1.0.1/src/eap.c	2006-10-26 10:21:09.000000000 -0600
@@ -315,6 +315,12 @@ void eap_do_notify(struct interface_data
   // So, take the EAP length value, and subtract 5 to account for the EAP
   // header.
 
+  if (ntohs(myeap->eap_length) <= sizeof(struct eap_header))
+    {
+      debug_printf(DEBUG_NORMAL, "EAP notification message is a runt!\n");
+      return;
+    }
+
   // This will allocate 5 bytes more than we should need.
   myval = malloc(ntohs(myeap->eap_length));
   if (myval == NULL)
@@ -326,9 +332,11 @@ void eap_do_notify(struct interface_data
 
   memset(myval, 0x00, ntohs(myeap->eap_length));
   
-  Strncpy(myval, (char *) &inframe[OFFSET_TO_DATA], (ntohs(myeap->eap_length)-5));
+  Strncpy(myval, (char *) &inframe[OFFSET_TO_DATA],
+         (ntohs(myeap->eap_length)-sizeof(struct eap_header)));
 
   debug_printf(DEBUG_NORMAL, "EAP Notification : %s\n", myval);
+  FREE(myval);
 }
 
 /*******************************************