Add safety check for mod_post_auth

author Arran Cudbard-Bell <a.cudbardb@freeradius.org>

Wed, 25 Aug 2021 20:51:45 +0000 (15:51 -0500)

committer Arran Cudbard-Bell <a.cudbardb@freeradius.org>

Wed, 25 Aug 2021 20:51:45 +0000 (15:51 -0500)
author Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Wed, 25 Aug 2021 20:51:45 +0000 (15:51 -0500)
committer Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Wed, 25 Aug 2021 20:51:45 +0000 (15:51 -0500)
diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c

index a20c80796ae85fe6e7bca53fc69bc794d726340d..feef54d62ff4604745376397c1d6cbe665c9b250 100644 (file)
--- a/src/modules/rlm_eap/rlm_eap.c
+++ b/src/modules/rlm_eap/rlm_eap.c
@@ -973,6 +973,16 @@ static unlang_action_t mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *
                 RETURN_MODULE_NOOP;
         }
  
+       /*
+        *      This should never happen, but we may be here
+        *      because there was an unexpected error in the
+        *      EAP module.
+        */
+       if (!fr_cond_assert(eap_session->this_round) || !fr_cond_assert(eap_session->this_round->request)) {
+               eap_session_destroy(&eap_session);              /* Free the EAP session, and dissociate it from the request */
+               RETURN_MODULE_FAIL;
+       }
+
         /*
          *      Already set to failure, assume something else
          *      added EAP-Message with a failure code, do nothing.
author	Arran Cudbard-Bell <a.cudbardb@freeradius.org>
	Wed, 25 Aug 2021 20:51:45 +0000 (15:51 -0500)
committer	Arran Cudbard-Bell <a.cudbardb@freeradius.org>
	Wed, 25 Aug 2021 20:51:45 +0000 (15:51 -0500)