Guy Harris 1bc78d795c CVE-2017-13032/RADIUS: Check whether a byte exists before testing its value. ...

Reverse the test in a for loop to test the length before testing whether
we have a null byte.

This fixes a buffer over-read discovered by Bhargava Shastry.

Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't be rejected as an invalid capture.

Clean up other length tests while we're at it.

2017-09-13 12:25:44 +01:00

135 B

Raw History

View Raw