1 files changed, 35 insertions, 0 deletions

diff --git a/0001-fix-172-provider-token-may-be-not-nul-terminated.patch b/0001-fix-172-provider-token-may-be-not-nul-terminated.patch
new file mode 100644
index 0000000..4170681
--- /dev/null
+++ b/0001-fix-172-provider-token-may-be-not-nul-terminated.patch
@@ -0,0 +1,35 @@
+From bef13789e0f6b8cb54015504752036f5a197d3fa Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 5 May 2022 09:01:46 +0200
+Subject: [PATCH] fix #172 provider/token may be not nul terminated
+
+---
+ yar_server.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/yar_server.c b/yar_server.c
+index 331284b..b66124e 100644
+--- a/yar_server.c
++++ b/yar_server.c
+@@ -525,8 +525,16 @@ static inline int php_yar_server_auth(zval *obj, yar_header_t *header, yar_respo
+ 	YAR_TRY {
+ 		zval auth_params[2];
+ 
+-		ZVAL_STRINGL(&auth_params[0], (char*)header->provider, MIN(strlen(header->provider), 32));
+-		ZVAL_STRINGL(&auth_params[1], (char*)header->token, MIN(strlen(header->token), 32));
++		if (memchr(header->provider, 0, 32)) {
++			ZVAL_STRINGL(&auth_params[0], (char*)header->provider, strlen((char *)header->provider));
++		} else {
++			ZVAL_STRINGL(&auth_params[0], (char*)header->provider, 32);
++		}
++		if (memchr(header->token, 0, 32)) {
++			ZVAL_STRINGL(&auth_params[1], (char*)header->token, strlen((char*)header->token));
++		} else {
++			ZVAL_STRINGL(&auth_params[1], (char*)header->token, 32);
++		}
+ 
+ #if PHP_VERSION_ID < 80000
+ 		zend_call_method_with_2_params(obj, ce, NULL, "__auth", &ret, auth_params, auth_params + 1);
+-- 
+2.35.1
+