From eb7e5e3a8781c966e91262cfbd84de2dc2b475d4 Mon Sep 17 00:00:00 2001
From: Erik Boasson <eb@ilities.com>
Date: Tue, 7 Apr 2020 10:27:39 +0200
Subject: [PATCH] Disallow junk after optional terminator in string/binprop
 compare

Signed-off-by: Erik Boasson <eb@ilities.com>
---
 .../builtin_plugins/authentication/src/authentication.c     | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/security/builtin_plugins/authentication/src/authentication.c b/src/security/builtin_plugins/authentication/src/authentication.c
index 14eb2c3..127357a 100644
--- a/src/security/builtin_plugins/authentication/src/authentication.c
+++ b/src/security/builtin_plugins/authentication/src/authentication.c
@@ -529,8 +529,10 @@ static bool str_octseq_equal (const char *str, const DDS_Security_OctetSeq *bins
   for (i = 0; str[i] && i < binstr->_length; i++)
     if ((unsigned char) str[i] != binstr->_buffer[i])
       return false;
-  /* allow zero-termination in binstr */
-  return (str[i] == 0 && (i == binstr->_length || binstr->_buffer[i] == 0));
+  /* allow zero-termination in binstr, but disallow anything other than a single \0 */
+  return (str[i] == 0 &&
+          (i == binstr->_length ||
+           (i+1 == binstr->_length && binstr->_buffer[i] == 0)));
 }
 
 static AuthenticationAlgoKind_t get_dsign_algo_from_octseq(const DDS_Security_OctetSeq *name)