From: Jouni Malinen <j@w1.fi>
Date: Sun, 18 Jan 2015 23:34:07 +0000 (+0200)
Subject: Fix RADIUS client with out-of-memory and missing shared secret
X-Git-Tag: hostap_2_4~366
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0d787f024261c22dc5db06dd61469d89a5cf41e6;p=thirdparty%2Fhostap.git

Fix RADIUS client with out-of-memory and missing shared secret

It was possible for an out-of-memory code path to trigger NULL pointer
dereference when preparing a RADIUS accounting report.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c
index 1382c53b1..34f568532 100644
--- a/src/radius/radius_client.c
+++ b/src/radius/radius_client.c
@@ -658,7 +658,8 @@ int radius_client_send(struct radius_client_data *radius,
 	}
 
 	if (msg_type == RADIUS_ACCT || msg_type == RADIUS_ACCT_INTERIM) {
-		if (conf->acct_server == NULL || radius->acct_sock < 0) {
+		if (conf->acct_server == NULL || radius->acct_sock < 0 ||
+		    conf->acct_server->shared_secret == NULL) {
 			hostapd_logger(radius->ctx, NULL,
 				       HOSTAPD_MODULE_RADIUS,
 				       HOSTAPD_LEVEL_INFO,
@@ -672,7 +673,8 @@ int radius_client_send(struct radius_client_data *radius,
 		s = radius->acct_sock;
 		conf->acct_server->requests++;
 	} else {
-		if (conf->auth_server == NULL || radius->auth_sock < 0) {
+		if (conf->auth_server == NULL || radius->auth_sock < 0 ||
+		    conf->auth_server->shared_secret == NULL) {
 			hostapd_logger(radius->ctx, NULL,
 				       HOSTAPD_MODULE_RADIUS,
 				       HOSTAPD_LEVEL_INFO,