Be sure to NUL-terminate the decoded secret when converting from

author Todd C. Miller <Todd.Miller@courtesan.com>

Sun, 13 Jul 2014 21:23:32 +0000 (15:23 -0600)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Sun, 13 Jul 2014 21:23:32 +0000 (15:23 -0600)
author Todd C. Miller <Todd.Miller@courtesan.com>
Sun, 13 Jul 2014 21:23:32 +0000 (15:23 -0600)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Sun, 13 Jul 2014 21:23:32 +0000 (15:23 -0600)
diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c

index 8e250c53f743152ecc37cc66ce7729a3cb1764d1..cd8398ef48b9b8952d331b0be69c67c5570c27d5 100644 (file)
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -1397,13 +1397,14 @@ sudo_ldap_decode_secret(const char *secret)
          * length but padding may be missing so round up to a multiple of 4.
          */
         secret += sizeof("base64:") - 1;
-       reslen = ((strlen(secret) + 3) / 4 * 3) + 1;
-       result = sudo_emalloc(reslen);
+       reslen = ((strlen(secret) + 3) / 4 * 3);
+       result = sudo_emalloc(reslen + 1);
         len = base64_decode(secret, result, reslen);
         if (len == (size_t)-1) {
             free(result);
             result = NULL;
         }
+       result[len] = '\0';
      }
      debug_return_str((char *)result);
  }
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Sun, 13 Jul 2014 21:23:32 +0000 (15:23 -0600)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Sun, 13 Jul 2014 21:23:32 +0000 (15:23 -0600)