From 970ce050fec53e7be839fc6b90659735197dc094 Mon Sep 17 00:00:00 2001
From: Andrew Zaborowski <andrew.zaborowski@intel.com>
Date: Thu, 21 Mar 2019 03:54:15 +0100
Subject: [PATCH] eap-mschapv2: Check hexstring parses in load_settings

load_settings is assumed to do minimum error checking to avoid crashing
on invalid input.
---
 src/eap-mschapv2.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/eap-mschapv2.c b/src/eap-mschapv2.c
index 8b9c059e..bb164544 100644
--- a/src/eap-mschapv2.c
+++ b/src/eap-mschapv2.c
@@ -539,7 +539,10 @@ static bool eap_mschapv2_load_settings(struct eap_state *eap,
 			goto error;
 
 		tmp = l_util_from_hexstring(hash_str, &len);
-		memcpy(state->password_hash, tmp, 16);
+		if (!tmp)
+			goto error;
+
+		memcpy(state->password_hash, tmp, len);
 		explicit_bzero(tmp, len);
 		l_free(tmp);
 	}