Skip to content
Permalink
Browse files Browse the repository at this point in the history
radius: sanity check for vendor attribute length
  • Loading branch information
xebd committed Oct 21, 2020
1 parent c8575ff commit e9d369a
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions accel-pppd/radius/packet.c
Expand Up @@ -206,6 +206,14 @@ int rad_packet_recv(int fd, struct rad_packet_t **p, struct sockaddr_in *addr)
len -= vendor->tag + vendor->len;

n -= 4 + vendor->tag + vendor->len;
if (len < 0) {
log_ppp_warn("radius:packet invalid vendor attribute len received\n");
goto out_err;
}
if (2 + len > n) {
log_ppp_warn("radius:packet: too long vendor attribute received (%i, %i)\n", id, len);
goto out_err;
}
} else
log_ppp_warn("radius:packet: vendor %i not found\n", id);
} else
Expand Down

0 comments on commit e9d369a

Please sign in to comment.