Bjørn Mork wrote: > Try this patch: Looking at the code, it appears the strncpy is even more wrong than just adding "+1". I've committed a different fix which should avoid other errors (like potential buffer overflows with data taken from rlm_perl).
It's only exploitable by people who can control the Perl scripts that the server runs, so it's not a real problem. But it should be fixed. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
