mod_radius: copy _only_ the password

proftpd · Aug 3, 2021 · 10a227b · 10a227b
1 parent cba3a1a
commit 10a227b
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/contrib/mod_radius.c b/contrib/mod_radius.c
@@ -2324,21 +2324,26 @@ static void radius_add_passwd(radius_packet_t *packet, unsigned char type,
 
   pwlen = strlen((const char *) passwd);
 
+  /* Clear the buffers. */
+  memset(pwhash, '\0', sizeof(pwhash));
+
   if (pwlen == 0) {
     pwlen = RADIUS_PASSWD_LEN;
 
   } if ((pwlen & (RADIUS_PASSWD_LEN - 1)) != 0) {
+    /* pwlen is not a multiple of RADIUS_PASSWD_LEN, need to prepare a proper buffer */
+    memcpy(pwhash, passwd, pwlen);
 
     /* Round up the length. */
     pwlen += (RADIUS_PASSWD_LEN - 1);
 
     /* Truncate the length, as necessary. */
     pwlen &= ~(RADIUS_PASSWD_LEN - 1);
+  } else {
+    /* pwlen is a multiple of RADIUS_PASSWD_LEN, we can just use it. */
+    memcpy(pwhash, passwd, pwlen);
   }
 
-  /* Clear the buffers. */
-  memset(pwhash, '\0', sizeof(pwhash));
-  memcpy(pwhash, passwd, pwlen);
 
   /* Find the password attribute. */
   attrib = radius_get_attrib(packet, RADIUS_PASSWORD);