Commit 5ca04071 authored by Linus Nordberg's avatar Linus Nordberg

Fix heap overflow in raddtlsget(), radtcpget() and radtlsget().

Patch by Stephen Röttger.
parent 42eb3c67
......@@ -239,6 +239,10 @@ unsigned char *raddtlsget(SSL *ssl, struct gqueue *rbios, int timeout) {
}
len = RADLEN(buf);
if (len < 4) {
debug(DBG_ERR, "raddtlsget: length too small");
continue;
}
rad = malloc(len);
if (!rad) {
debug(DBG_ERR, "raddtlsget: malloc failed");
......
......@@ -173,6 +173,10 @@ unsigned char *radtcpget(int s, int timeout) {
}
len = RADLEN(buf);
if (len < 4) {
debug(DBG_ERR, "radtcpget: length too small");
continue;
}
rad = malloc(len);
if (!rad) {
debug(DBG_ERR, "radtcpget: malloc failed");
......
......@@ -220,6 +220,10 @@ unsigned char *radtlsget(SSL *ssl, int timeout) {
}
len = RADLEN(buf);
if (len < 4) {
debug(DBG_ERR, "radtlsget: length too small");
continue;
}
rad = malloc(len);
if (!rad) {
debug(DBG_ERR, "radtlsget: malloc failed");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment