summaryrefslogtreecommitdiff
path: root/tls.c
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordu.net>2015-01-16 16:44:04 +0100
committerLinus Nordberg <linus@nordu.net>2015-01-16 16:44:04 +0100
commitf7835d0dcba27559b04f4f6faad26a7a19e3c3f0 (patch)
tree0f791a811a2f5a5d7d49d35ef9c0c87efb0db189 /tls.c
parent47a7af88884c9887cbe0fc19da8d8d237e1b9054 (diff)
Fix heap overflow in raddtlsget(), radtcpget() and radtlsget().
Patch by Stephen Röttger.
Diffstat (limited to 'tls.c')
-rw-r--r--tls.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/tls.c b/tls.c
index d376e73..d33fc1b 100644
--- a/tls.c
+++ b/tls.c
@@ -216,6 +216,10 @@ unsigned char *radtlsget(SSL *ssl, int timeout) {
}
len = RADLEN(buf);
+ if (len < 4) {
+ debug(DBG_ERR, "radtlsget: length too small");
+ continue;
+ }
rad = malloc(len);
if (!rad) {
debug(DBG_ERR, "radtlsget: malloc failed");