diff options
author | Chris Leech <cleech@redhat.com> | 2019-10-30 11:58:36 -0700 |
---|---|---|
committer | Chris Leech <cleech@redhat.com> | 2019-10-31 15:48:08 -0700 |
commit | ac8330aa67bdb7c785d2290ba9020272c109c601 (patch) | |
tree | 2273fc0b8db424ce33c71b0de25672037e84e7a1 | |
parent | 26bfa31349c410cacd22f9e8ea2ef4a82b221f13 (diff) | |
download | open-iscsi-ac8330aa67bdb7c785d2290ba9020272c109c601.tar.gz |
Out-of-bounds access: Overrunning array value_list
-rw-r--r-- | usr/auth.c | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -1838,6 +1838,8 @@ acl_init_chap_digests(int *value_list) { return i; } +#define MAX(a,b) ((a) > (b) ? (a) : (b)) + int acl_init(int node_type, int buf_desc_count, struct auth_buffer_desc *buff_desc) { @@ -1846,7 +1848,7 @@ acl_init(int node_type, int buf_desc_count, struct auth_buffer_desc *buff_desc) struct auth_str_block *send_str_blk; struct auth_large_binary *recv_chap_challenge; struct auth_large_binary *send_chap_challenge; - int value_list[3]; + int value_list[MAX(AUTH_METHOD_MAX_COUNT, AUTH_CHAP_ALG_MAX_COUNT)]; if (buf_desc_count != 5 || !buff_desc) return AUTH_STATUS_ERROR; |