diff options
author | Jouni Malinen <j@w1.fi> | 2015-01-18 23:34:07 (GMT) |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2015-01-19 00:35:43 (GMT) |
commit | 0d787f024261c22dc5db06dd61469d89a5cf41e6 (patch) | |
tree | ae1bd4df5c02e5b7ed8a185930a263bc17466cb1 /src/radius | |
parent | 214457de158611f2584a01ada50f3e6359b0854c (diff) | |
download | hostap-0d787f024261c22dc5db06dd61469d89a5cf41e6.zip hostap-0d787f024261c22dc5db06dd61469d89a5cf41e6.tar.gz hostap-0d787f024261c22dc5db06dd61469d89a5cf41e6.tar.bz2 |
Fix RADIUS client with out-of-memory and missing shared secret
It was possible for an out-of-memory code path to trigger NULL pointer
dereference when preparing a RADIUS accounting report.
Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/radius')
-rw-r--r-- | src/radius/radius_client.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c index 1382c53..34f5685 100644 --- a/src/radius/radius_client.c +++ b/src/radius/radius_client.c @@ -658,7 +658,8 @@ int radius_client_send(struct radius_client_data *radius, } if (msg_type == RADIUS_ACCT || msg_type == RADIUS_ACCT_INTERIM) { - if (conf->acct_server == NULL || radius->acct_sock < 0) { + if (conf->acct_server == NULL || radius->acct_sock < 0 || + conf->acct_server->shared_secret == NULL) { hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, HOSTAPD_LEVEL_INFO, @@ -672,7 +673,8 @@ int radius_client_send(struct radius_client_data *radius, s = radius->acct_sock; conf->acct_server->requests++; } else { - if (conf->auth_server == NULL || radius->auth_sock < 0) { + if (conf->auth_server == NULL || radius->auth_sock < 0 || + conf->auth_server->shared_secret == NULL) { hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, HOSTAPD_LEVEL_INFO, |