1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From 26be8a680d2a6830e7be98bee10818dd8b6a426a Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Mon, 3 Jul 2017 12:35:45 -0400
Subject: [PATCH] FR-GV-207 - avoid zero-length malloc() in data2vp()
---
src/lib/radius.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Index: freeradius-2.2.5+dfsg/src/lib/radius.c
===================================================================
--- freeradius-2.2.5+dfsg.orig/src/lib/radius.c
+++ freeradius-2.2.5+dfsg/src/lib/radius.c
@@ -2440,13 +2440,15 @@ static VALUE_PAIR *data2vp(const RADIUS_
case PW_TYPE_TLV:
vp->length = length;
- vp->vp_tlv = malloc(length);
+
+ vp->vp_tlv = malloc(length ? length : 1);
if (!vp->vp_tlv) {
pairfree(&vp);
fr_strerror_printf("No memory");
return NULL;
}
- memcpy(vp->vp_tlv, data, length);
+
+ if (length) memcpy(vp->vp_tlv, data, length);
break;
case PW_TYPE_COMBO_IP:
|
