1 Fix for S-Quadra Advisory #2003-11-26
2 (http://www.s-quadra.com/advisories/Adv-20031126.txt)
3 taken from freeradius CVS - change with comment:
5 RADIUS attributes can be up to ~256 bytes long.
6 This is the pam_smb vulnerability from a while ago...
8 --- freeradius-0.9.3/src/modules/rlm_smb/smblib.c.orig 2002-08-06 18:50:33.000000000 +0200
9 +++ freeradius-0.9.3/src/modules/rlm_smb/smblib.c 2003-11-28 20:38:18.699957008 +0100
12 { struct RFCNB_Pkt *pkt;
13 int param_len, i, pkt_len, pass_len,a;
14 - char *p, pword[128];
15 + char *p, pword[256];
17 /* First we need a packet etc ... but we need to know what protocol has */
18 /* been negotiated to figure out if we can do it and what SMB format to */