3 files changed, 12 insertions, 0 deletions

diff --git a/dtls.c b/dtls.c
index 2586b8f..8f8c90a 100644
--- a/dtls.c
+++ b/dtls.c
@@ -235,6 +235,10 @@ unsigned char *raddtlsget(SSL *ssl, struct gqueue *rbios, int timeout) {
         }
 
 	len = RADLEN(buf);
+	if (len < 4) {
+	    debug(DBG_ERR, "raddtlsget: length too small");
+	    continue;
+	}
 	rad = malloc(len);
 	if (!rad) {
 	    debug(DBG_ERR, "raddtlsget: malloc failed");
diff --git a/tcp.c b/tcp.c
index 0ad574c..a2f8e7c 100644
--- a/tcp.c
+++ b/tcp.c
@@ -169,6 +169,10 @@ unsigned char *radtcpget(int s, int timeout) {
 	}
 
 	len = RADLEN(buf);
+	if (len < 4) {
+	    debug(DBG_ERR, "radtcpget: length too small");
+	    continue;
+	}
 	rad = malloc(len);
 	if (!rad) {
 	    debug(DBG_ERR, "radtcpget: malloc failed");
diff --git a/tls.c b/tls.c
index d376e73..d33fc1b 100644
--- a/tls.c
+++ b/tls.c
@@ -216,6 +216,10 @@ unsigned char *radtlsget(SSL *ssl, int timeout) {
 	}
 
 	len = RADLEN(buf);
+	if (len < 4) {
+	    debug(DBG_ERR, "radtlsget: length too small");
+	    continue;
+	}
 	rad = malloc(len);
 	if (!rad) {
 	    debug(DBG_ERR, "radtlsget: malloc failed");