From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 6 Oct 2021 20:59:15 +0000 (-0400)
Subject: let's check availability before dereferencing, m'kay?
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ac5bbfbbc5dff69d0344c9aa815669e9a3fa105;p=thirdparty%2Ffreeradius-server.git

let's check availability before dereferencing, m'kay?
---

diff --git a/src/lib/util/struct.c b/src/lib/util/struct.c
index 4ff7ffa7a5b..b74876aa9e7 100644
--- a/src/lib/util/struct.c
+++ b/src/lib/util/struct.c
@@ -114,6 +114,11 @@ ssize_t fr_struct_from_network(TALLOC_CTX *ctx, fr_dcursor_t *cursor,
 	if (da_is_length_field(parent)) {
 		size_t struct_len;
 
+		if ((end - p) < 2) {
+			FR_PROTO_TRACE("Insufficient room for length header");
+			goto unknown;
+		}
+
 		struct_len = (p[0] << 8) | p[1];
 		if ((p + struct_len + 2) > end) {
 			FR_PROTO_TRACE("Length header is larger than remaining data");