Enforce non-zero MPPE key length

src/radius/radius.c

@@ -803,6 +803,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
 	ppos = plain = os_malloc(plen);
 	if (plain == NULL)
 		return NULL;
+	plain[0] = 0;
 
 	while (left > 0) {
 		/* b(1) = MD5(Secret + Request-Authenticator + Salt)
@@ -827,7 +828,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
 		left -= MD5_MAC_LEN;
 	}
 
-	if (plain[0] > plen - 1) {
+	if (plain[0] == 0 || plain[0] > plen - 1) {
 		printf("Failed to decrypt MPPE key\n");
 		os_free(plain);
 		return NULL;