projects / freeradius.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ec08b30)
FR-GV-207 - avoid zero-length malloc() in data2vp()
authorAlan T. DeKok <aland@freeradius.org>
Mon, 3 Jul 2017 16:35:45 +0000 (12:35 -0400)
committerAlan T. DeKok <aland@freeradius.org>
Mon, 17 Jul 2017 12:22:44 +0000 (08:22 -0400)
src/lib/radius.c patch | blob | history

diff --git a/src/lib/radius.c b/src/lib/radius.c
index ade05c5..7fdc863 100644 (file)
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -2444,13 +2444,15 @@ static VALUE_PAIR *data2vp(const RADIUS_PACKET *packet,
 
        case PW_TYPE_TLV:
                vp->length = length;
-               vp->vp_tlv = malloc(length);
+
+               vp->vp_tlv = malloc(length ? length : 1);
                if (!vp->vp_tlv) {
                        pairfree(&vp);
                        fr_strerror_printf("No memory");
                        return NULL;
                }
-               memcpy(vp->vp_tlv, data, length);
+
+               if (length) memcpy(vp->vp_tlv, data, length);
                break;
 
        case PW_TYPE_COMBO_IP:
Unnamed repository; edit this file 'description' to name the repository.