projects
/
freeradius.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
140bd7d
)
Don't leak on malformed packets
author
Alan T. DeKok
<aland@freeradius.org>
Wed, 19 Oct 2011 15:30:35 +0000
(17:30 +0200)
committer
Alan T. DeKok
<aland@freeradius.org>
Wed, 19 Oct 2011 15:30:35 +0000
(17:30 +0200)
src/lib/radius.c
patch
|
blob
|
history
diff --git
a/src/lib/radius.c
b/src/lib/radius.c
index
69c315b
..
824f70b
100644
(file)
--- a/
src/lib/radius.c
+++ b/
src/lib/radius.c
@@
-779,6
+779,9
@@
static uint8_t *vp2data(const RADIUS_PACKET *packet,
* always fits.
*/
case FLAG_ENCRYPT_ASCEND_SECRET:
+#ifndef NDEBUG
+ if (data == array) return NULL;
+#endif
make_secret(ptr, packet->vector, secret, data);
len = AUTH_VECTOR_LEN;
break;
@@
-859,7
+862,10
@@
static VALUE_PAIR *rad_vp2tlv(VALUE_PAIR *vps)
}
length = (end - ptr);
- if (length > 255) return NULL;
+ if (length > 255) {
+ pairfree(&tlv);
+ return NULL;
+ }
/*
* Pack the attribute.