aboutsummaryrefslogtreecommitdiffstats
path: root/src/radius
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-01-18 23:34:07 (GMT)
committerJouni Malinen <j@w1.fi>2015-01-19 00:35:43 (GMT)
commit0d787f024261c22dc5db06dd61469d89a5cf41e6 (patch)
treeae1bd4df5c02e5b7ed8a185930a263bc17466cb1 /src/radius
parent214457de158611f2584a01ada50f3e6359b0854c (diff)
downloadhostap-0d787f024261c22dc5db06dd61469d89a5cf41e6.zip
hostap-0d787f024261c22dc5db06dd61469d89a5cf41e6.tar.gz
hostap-0d787f024261c22dc5db06dd61469d89a5cf41e6.tar.bz2
Fix RADIUS client with out-of-memory and missing shared secret
It was possible for an out-of-memory code path to trigger NULL pointer dereference when preparing a RADIUS accounting report. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/radius')
-rw-r--r--src/radius/radius_client.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c
index 1382c53..34f5685 100644
--- a/src/radius/radius_client.c
+++ b/src/radius/radius_client.c
@@ -658,7 +658,8 @@ int radius_client_send(struct radius_client_data *radius,
}
if (msg_type == RADIUS_ACCT || msg_type == RADIUS_ACCT_INTERIM) {
- if (conf->acct_server == NULL || radius->acct_sock < 0) {
+ if (conf->acct_server == NULL || radius->acct_sock < 0 ||
+ conf->acct_server->shared_secret == NULL) {
hostapd_logger(radius->ctx, NULL,
HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_INFO,
@@ -672,7 +673,8 @@ int radius_client_send(struct radius_client_data *radius,
s = radius->acct_sock;
conf->acct_server->requests++;
} else {
- if (conf->auth_server == NULL || radius->auth_sock < 0) {
+ if (conf->auth_server == NULL || radius->auth_sock < 0 ||
+ conf->auth_server->shared_secret == NULL) {
hostapd_logger(radius->ctx, NULL,
HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_INFO,