diff options
| author | Linus Nordberg <linus@nordu.net> | 2015-01-16 16:44:04 +0100 |
|---|---|---|
| committer | Linus Nordberg <linus@nordu.net> | 2015-01-16 16:51:14 +0100 |
| commit | 5ca04071b14af6261c797551bcf26a3851ebbae8 (patch) | |
| tree | 1eb8003b5aee3af2278ae505b78f5e213dda4839 /tls.c | |
| parent | 42eb3c67e5ee5e0a0e8b5175a001bc5822c3a919 (diff) | |
Fix heap overflow in raddtlsget(), radtcpget() and radtlsget().
Patch by Stephen Röttger.
Diffstat (limited to 'tls.c')
| -rw-r--r-- | tls.c | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -220,6 +220,10 @@ unsigned char *radtlsget(SSL *ssl, int timeout) { } len = RADLEN(buf); + if (len < 4) { + debug(DBG_ERR, "radtlsget: length too small"); + continue; + } rad = malloc(len); if (!rad) { debug(DBG_ERR, "radtlsget: malloc failed"); |