]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a63ab15)
more checks for corner cases and invalid data
authorAlan T. DeKok <aland@freeradius.org>
Thu, 26 Feb 2026 18:46:33 +0000 (13:46 -0500)
committerAlan T. DeKok <aland@freeradius.org>
Thu, 26 Feb 2026 20:09:36 +0000 (15:09 -0500)
src/modules/rlm_cache/drivers/rlm_cache_rbtree/rlm_cache_rbtree.c patch | blob | blame | history
src/modules/rlm_pap/rlm_pap.c patch | blob | blame | history

diff --git a/src/modules/rlm_cache/drivers/rlm_cache_rbtree/rlm_cache_rbtree.c b/src/modules/rlm_cache/drivers/rlm_cache_rbtree/rlm_cache_rbtree.c
index c2fe0e2eb0987db582fd865c8139735e48a67c0d..00142de497df21f2421a41b6da51698e91880de2 100644 (file)
--- a/src/modules/rlm_cache/drivers/rlm_cache_rbtree/rlm_cache_rbtree.c
+++ b/src/modules/rlm_cache/drivers/rlm_cache_rbtree/rlm_cache_rbtree.c
@@ -332,7 +332,7 @@ static int mod_instantiate(module_inst_ctx_t const *mctx)
                ERROR("Failed to create cache");
        error:
                talloc_free(mutable);
-               goto error;
+               return -1;
        }
 
        /*
diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
index 632c90b783e8d40950670331dcbccc99f129570e..a4d1862ce93451f510621ed7b09a718d3473faae 100644 (file)
--- a/src/modules/rlm_pap/rlm_pap.c
+++ b/src/modules/rlm_pap/rlm_pap.c
@@ -588,6 +588,7 @@ static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse_digest(unla
                }
                if (slen != sizeof(iterations)) {
                        REDEBUG("Decoded Password.PBKDF2 iterations component is wrong size");
+                       goto finish;
                }
 
                iterations = ntohl(iterations);
@@ -621,7 +622,7 @@ static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse_digest(unla
 
        p = q + 1;
 
-       if ((q - p) == 0) {
+       if ((end - p) == 0) {
                REDEBUG("Password.PBKDF2 hash component too short");
                goto finish;
        }
@@ -766,6 +767,10 @@ static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2(unlang_result_t *
                         */
                        if (*p == '{') {
                                q = memchr(p, '}', end - p);
+                               if (!q) {
+                                       REDEBUG("Password.PBKDF2 is missing '}");
+                                       RETURN_UNLANG_INVALID;
+                               }
                                p = q + 1;
                        }
                        return pap_auth_pbkdf2_parse(p_result, request, p, end - p,
Mirror of https://github.com/FreeRADIUS/freeradius-server.git