Out-of-bounds access: Overrunning array value_list

author: Chris Leech <cleech@redhat.com> 2019-10-30 11:58:36 -0700
committer: Chris Leech <cleech@redhat.com> 2019-10-31 15:48:08 -0700
commit: ac8330aa67bdb7c785d2290ba9020272c109c601 (patch)
tree: 2273fc0b8db424ce33c71b0de25672037e84e7a1
parent: 26bfa31349c410cacd22f9e8ea2ef4a82b221f13 (diff)
download: open-iscsi-ac8330aa67bdb7c785d2290ba9020272c109c601.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/usr/auth.c b/usr/auth.c
index afb4ea3..1ffb258 100644
--- a/usr/auth.c
+++ b/usr/auth.c
@@ -1838,6 +1838,8 @@ acl_init_chap_digests(int *value_list) {
 	return i;
 }
 
+#define MAX(a,b) ((a) > (b) ? (a) : (b))
+
 int
 acl_init(int node_type, int buf_desc_count, struct auth_buffer_desc *buff_desc)
 {
@@ -1846,7 +1848,7 @@ acl_init(int node_type, int buf_desc_count, struct auth_buffer_desc *buff_desc)
 	struct auth_str_block *send_str_blk;
 	struct auth_large_binary *recv_chap_challenge;
 	struct auth_large_binary *send_chap_challenge;
-	int value_list[3];
+	int value_list[MAX(AUTH_METHOD_MAX_COUNT, AUTH_CHAP_ALG_MAX_COUNT)];
 
 	if (buf_desc_count != 5 || !buff_desc)
 		return AUTH_STATUS_ERROR;
author	Chris Leech <cleech@redhat.com>	2019-10-30 11:58:36 -0700
committer	Chris Leech <cleech@redhat.com>	2019-10-31 15:48:08 -0700
commit	ac8330aa67bdb7c785d2290ba9020272c109c601 (patch)
tree	2273fc0b8db424ce33c71b0de25672037e84e7a1
parent	26bfa31349c410cacd22f9e8ea2ef4a82b221f13 (diff)
download	open-iscsi-ac8330aa67bdb7c785d2290ba9020272c109c601.tar.gz