Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix RADIUS client with out-of-memory and missing shared secret

It was possible for an out-of-memory code path to trigger NULL pointer
dereference when preparing a RADIUS accounting report.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
214457de15
commit
0d787f0242
1 changed files with 4 additions and 2 deletions
Split View Show Diff Stats
  1. 4 2
      src/radius/radius_client.c

+ 4 - 2
src/radius/radius_client.c
View File 

@@ -658,7 +658,8 @@ int radius_client_send(struct radius_client_data *radius,
 
 	}
 
 
 	if (msg_type == RADIUS_ACCT || msg_type == RADIUS_ACCT_INTERIM) {
 
-		if (conf->acct_server == NULL || radius->acct_sock < 0) {
 
+		if (conf->acct_server == NULL || radius->acct_sock < 0 ||
 
+		    conf->acct_server->shared_secret == NULL) {
 
 			hostapd_logger(radius->ctx, NULL,
 
 				       HOSTAPD_MODULE_RADIUS,
 
 				       HOSTAPD_LEVEL_INFO,
 
@@ -672,7 +673,8 @@ int radius_client_send(struct radius_client_data *radius,
 
 		s = radius->acct_sock;
 
 		conf->acct_server->requests++;
 
 	} else {
 
-		if (conf->auth_server == NULL || radius->auth_sock < 0) {
 
+		if (conf->auth_server == NULL || radius->auth_sock < 0 ||
 
+		    conf->auth_server->shared_secret == NULL) {
 
 			hostapd_logger(radius->ctx, NULL,
 
 				       HOSTAPD_MODULE_RADIUS,
 
 				       HOSTAPD_LEVEL_INFO,