1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Description: Fix RADIUS Packet Authentication use-after-free
The BLASTRadius vulnerability mitigation introduced a use-after-free
in the RadiusPacket::authenticateReceivedPacket method.
This fix prevents use-after-free by assigning the string to a
variable before relying on the c_str result.
Author: Martin Rampersad <martin.rampersad@emkal.ca>
Last-Update: 2025-10-20
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/RadiusClass/RadiusPacket.cpp
+++ b/RadiusClass/RadiusPacket.cpp
@@ -706,7 +706,8 @@
int RadiusPacket::authenticateReceivedPacket(RadiusServer *server)
{
- const char *secret = server->getSharedSecret().c_str();
+ string secretString = server->getSharedSecret();
+ const char *secret = secretString.c_str();
gcry_md_hd_t context;
int res;
|
