File pam_radius-bufferoverflow-CVE-2015-9542-fix.patch of Package pam_radius.19845
Index: pam_radius-1.4.0/src/pam_radius_auth.c
===================================================================
--- pam_radius-1.4.0.orig/src/pam_radius_auth.c
+++ pam_radius-1.4.0/src/pam_radius_auth.c
@@ -528,6 +528,9 @@ static void add_password(AUTH_HDR *reque
length = MAXPASS;
}
+ memset(hashed + length, 0, sizeof(hashed) - length);
+ memcpy(hashed, password, length);
+
if (length == 0) {
length = AUTH_PASS_LEN; /* 0 maps to 16 */
} if ((length & (AUTH_PASS_LEN - 1)) != 0) {
@@ -535,9 +538,6 @@ static void add_password(AUTH_HDR *reque
length &= ~(AUTH_PASS_LEN - 1); /* chop it off */
} /* 16*N maps to itself */
- memset(hashed, 0, length);
- memcpy(hashed, password, strlen(password));
-
attr = find_attribute(request, PW_PASSWORD);
if (type == PW_PASSWORD) {