From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 20 Apr 2022 12:49:21 +0000 (-0400)
Subject: check lengths, too
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d108abb90c479a1322d1aaf22cbea8574b7664e;p=thirdparty%2Ffreeradius-server.git

check lengths, too
---

diff --git a/src/protocols/radius/decode.c b/src/protocols/radius/decode.c
index 50797a3f0f2..803270fd5c9 100644
--- a/src/protocols/radius/decode.c
+++ b/src/protocols/radius/decode.c
@@ -633,7 +633,7 @@ redo:
 	 *	Decode consecutive ones into the same parent.
 	 */
 	p += p[1];
-	if (((p + 2) < end) && (p[0] == FR_DIGEST_ATTRIBUTES)) {
+	if (((p + 2) < end) && ((p[0] == FR_DIGEST_ATTRIBUTES) && (p[1] > 2))) {
 		goto redo;
 	}