Don't leak on malformed packets

author Alan T. DeKok <aland@freeradius.org>

Wed, 19 Oct 2011 15:30:35 +0000 (17:30 +0200)

committer Alan T. DeKok <aland@freeradius.org>

Wed, 19 Oct 2011 15:30:35 +0000 (17:30 +0200)
author Alan T. DeKok <aland@freeradius.org>
Wed, 19 Oct 2011 15:30:35 +0000 (17:30 +0200)
committer Alan T. DeKok <aland@freeradius.org>
Wed, 19 Oct 2011 15:30:35 +0000 (17:30 +0200)
diff --git a/src/lib/radius.c b/src/lib/radius.c

index 69c315b..824f70b 100644 (file)
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -779,6 +779,9 @@ static uint8_t *vp2data(const RADIUS_PACKET *packet,
                  *      always fits.
                  */
         case FLAG_ENCRYPT_ASCEND_SECRET:
+#ifndef NDEBUG
+               if (data == array) return NULL;
+#endif
                 make_secret(ptr, packet->vector, secret, data);
                 len = AUTH_VECTOR_LEN;
                 break;
@@ -859,7 +862,10 @@ static VALUE_PAIR *rad_vp2tlv(VALUE_PAIR *vps)
                 }
  
                 length = (end - ptr);
-               if (length > 255) return NULL;
+               if (length > 255) {
+                       pairfree(&tlv);
+                       return NULL;
+               }
  
                 /*
                  *      Pack the attribute.
author	Alan T. DeKok <aland@freeradius.org>
	Wed, 19 Oct 2011 15:30:35 +0000 (17:30 +0200)
committer	Alan T. DeKok <aland@freeradius.org>
	Wed, 19 Oct 2011 15:30:35 +0000 (17:30 +0200)