Length check in UA authorization

git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@205 91ce42f0-d328-0410-95d8-f526ca767f89

diff --git a/bacula/src/dird/authenticate.c b/bacula/src/dird/authenticate.c
index 81cf4538a4d5a91678be6236b9c2aba19afa35b8..1b251797b3a83b9956aa3ab0c9b7f7638acb386f 100644 (file)
--- a/bacula/src/dird/authenticate.c
+++ b/bacula/src/dird/authenticate.c
@@ -126,11 +126,11 @@ int authenticate_file_daemon(JCR *jcr)
  */
 int authenticate_user_agent(BSOCK *ua)
 {
-   char name[128];
+   char name[MAXSTRING];
    int ok = 0;
 
-
-   if (sscanf(ua->msg, "Hello %127s calling\n", name) != 1) {
+   if (ua->msglen > MAXSTRING ||
+       sscanf(ua->msg, "Hello %127s calling\n", name) != 1) {
       ua->msg[100] = 0;              /* terminate string */
       Emsg1(M_ERROR, 0, _("Authentication failure: %s"), ua->msg);
       return 0;