From 0ec1bf62ba82c4940346132455ae53146cd924e8 Mon Sep 17 00:00:00 2001
From: James Yonan <james@openvpn.net>
Date: Sat, 27 Jun 2015 16:34:41 -0600
Subject: [PATCH] Perform additional size-based sanitization on creds before
 passing to ManClientInstanceSend::auth_request()

---
 openvpn/server/servproto.hpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/openvpn/server/servproto.hpp b/openvpn/server/servproto.hpp
index 42fc1a8c..63809545 100644
--- a/openvpn/server/servproto.hpp
+++ b/openvpn/server/servproto.hpp
@@ -306,10 +306,13 @@ namespace openvpn {
 			       const std::string& peer_info,
 			       const AuthCert::Ptr& auth_cert)
       {
+	constexpr size_t MAX_USERNAME_SIZE = 256;
+	constexpr size_t MAX_PASSWORD_SIZE = 256;
+
 	if (get_management())
 	  {
-	    AuthCreds::Ptr auth_creds(new AuthCreds(Unicode::utf8_printable(username, Unicode::UTF8_FILTER),
-						    Unicode::utf8_printable(password, Unicode::UTF8_FILTER),
+	    AuthCreds::Ptr auth_creds(new AuthCreds(Unicode::utf8_printable(username, MAX_USERNAME_SIZE|Unicode::UTF8_FILTER),
+						    Unicode::utf8_printable(password, MAX_PASSWORD_SIZE|Unicode::UTF8_FILTER),
 						    Unicode::utf8_printable(peer_info, Unicode::UTF8_FILTER|Unicode::UTF8_PASS_FMT)));
 	    ManLink::send->auth_request(auth_creds, auth_cert, peer_addr);
 	  }