From 53611ee129ab91c60f61a591b32e46bfac39abf7 Mon Sep 17 00:00:00 2001
From: David Sommerseth <dazo@users.sourceforge.net>
Date: Sun, 4 Oct 2009 23:13:06 +0200
Subject: Restrict input data length for plug-in arguments from openvpn

This only affects functions related to MAC address and certificate depth
---
 database/sqlite/edb-sqlite.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'database/sqlite/edb-sqlite.c')

diff --git a/database/sqlite/edb-sqlite.c b/database/sqlite/edb-sqlite.c
index 25d5a10..80966e5 100644
--- a/database/sqlite/edb-sqlite.c
+++ b/database/sqlite/edb-sqlite.c
@@ -602,8 +602,8 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha
         DEBUG(ctx, 20, "Function call: eDBregister_vpnmacaddr(ctx, '%s', '%s')",
               session->sessionkey, macaddr);
 
-        if( macaddr == NULL ) {
-                eurephia_log(ctx, LOG_FATAL, 0, "No MAC address was given to save");
+        if( (macaddr == NULL) && (strlen_nullsafe(macaddr) > 18) ) {
+                eurephia_log(ctx, LOG_FATAL, 0, "Invalid MAC address");
                 return 0;
         }
 
-- 
cgit