Sophie

Sophie

distrib > Mandriva > 2007.0 > x86_64 > by-pkgid > 1083437201be55841a0dad2abb29db29 > files > 3

apache-mod_auth_radius-1.5.7-5mdv2007.0.src.rpm

This patch was taked from debian.

References:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0108

And possible:

http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-02

--- mod_auth_radius-2.0.c	2003-03-24 20:16:15.000000000 +0100
+++ mod_auth_radius-2.0.c.oden	2005-06-06 17:51:32.584188824 +0200
@@ -977,9 +977,12 @@
   }
   return attr;
 }
-#define radcpy(STRING, ATTR) {memcpy(STRING, ATTR->data, ATTR->length - 2); \
-                              (STRING)[ATTR->length - 2] = 0;}
 
+#define radcpy(STRING, ATTR) do { \
+				  unsigned char len = ATTR->length; \
+				  if (len >= 2) len-=2; \
+				  memcpy(STRING, ATTR->data, len); \
+				  (STRING)[len] = 0;} while (0)
 
 /* authentication module utility functions */
 static int

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional