jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix RADIUS client with out-of-memory and missing shared secret

Browse source 
It was possible for an out-of-memory code path to trigger NULL pointer
dereference when preparing a RADIUS accounting report.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-01-19 01:34:07 +02:00
parent 214457de15
commit 0d787f0242
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/radius/radius_client.c
View file

@ -658,7 +658,8 @@ int radius_client_send(struct radius_client_data *radius,
} }
if (msg_type == RADIUS_ACCT || msg_type == RADIUS_ACCT_INTERIM) { if (msg_type == RADIUS_ACCT || msg_type == RADIUS_ACCT_INTERIM) {
if (conf->acct_server == NULL || radius->acct_sock < 0) { if (conf->acct_server == NULL || radius->acct_sock < 0 ||
conf->acct_server->shared_secret == NULL) {
hostapd_logger(radius->ctx, NULL, hostapd_logger(radius->ctx, NULL,
HOSTAPD_MODULE_RADIUS, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_INFO, HOSTAPD_LEVEL_INFO,
@ -672,7 +673,8 @@ int radius_client_send(struct radius_client_data *radius,
s = radius->acct_sock; s = radius->acct_sock;
conf->acct_server->requests++; conf->acct_server->requests++;
} else { } else {
if (conf->auth_server == NULL || radius->auth_sock < 0) { if (conf->auth_server == NULL || radius->auth_sock < 0 ||
conf->auth_server->shared_secret == NULL) {
hostapd_logger(radius->ctx, NULL, hostapd_logger(radius->ctx, NULL,
HOSTAPD_MODULE_RADIUS, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_INFO, HOSTAPD_LEVEL_INFO,