afpd: fix out of bounds write

author Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>

Sat, 9 Feb 2013 10:57:46 +0000 (11:57 +0100)

committer Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>

Sat, 9 Feb 2013 10:57:46 +0000 (11:57 +0100)
author Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
Sat, 9 Feb 2013 10:57:46 +0000 (11:57 +0100)
committer Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
Sat, 9 Feb 2013 10:57:46 +0000 (11:57 +0100)
diff --git a/etc/afpd/auth.c b/etc/afpd/auth.c

index 7569cfefa7be0dabb190dc5ef7774749e9f8746b..5246d4360f39e34925693de82c058704067d00ef 100644 (file)
--- a/etc/afpd/auth.c
+++ b/etc/afpd/auth.c
@@ -912,7 +912,7 @@ int afp_changepw(AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rb
          if ( ibuf[0] != '\0' || ibuf[1] != '\0')
              return AFPERR_PARAM;
          ibuf += 2;
-        len = MIN(sizeof(username), strlen(obj->username));
+        len = MIN(sizeof(username) - 1, strlen(obj->username));
          memcpy(username, obj->username, len);
          username[ len ] = '\0';
      }
author	Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
	Sat, 9 Feb 2013 10:57:46 +0000 (11:57 +0100)
committer	Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
	Sat, 9 Feb 2013 10:57:46 +0000 (11:57 +0100)