aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_fast_pac.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2010-12-04 19:37:41 (GMT)
committerJouni Malinen <j@w1.fi>2010-12-04 19:37:41 (GMT)
commitc4d7fc90a2629500f370ccef553fd848c3c95c64 (patch)
treea057edc23baa2f561af0870464235a6d7158cfe0 /src/eap_peer/eap_fast_pac.c
parent0f3e4f2a8347930b1f31131b59157bfffa24ced6 (diff)
downloadhostap-c4d7fc90a2629500f370ccef553fd848c3c95c64.zip
hostap-c4d7fc90a2629500f370ccef553fd848c3c95c64.tar.gz
hostap-c4d7fc90a2629500f370ccef553fd848c3c95c64.tar.bz2
Fix EAP-FAST PAC file writer to avoid crash with multiple PACs
One of the pointers to the PAC buffer was not updated after realloc and if the realloc ended up returning new pointer, the *pos pointer was still pointing at the old location (i.e., freed memory at this point).
Diffstat (limited to 'src/eap_peer/eap_fast_pac.c')
-rw-r--r--src/eap_peer/eap_fast_pac.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/eap_peer/eap_fast_pac.c b/src/eap_peer/eap_fast_pac.c
index 541cce5..4037288 100644
--- a/src/eap_peer/eap_fast_pac.c
+++ b/src/eap_peer/eap_fast_pac.c
@@ -497,6 +497,7 @@ static void eap_fast_write(char **buf, char **pos, size_t *buf_len,
*buf = NULL;
return;
}
+ *pos = nbuf + (*pos - *buf);
*buf = nbuf;
*buf_len += need;
}