Re: fix segfault on radiusd(8)

Ricardo Mestre Wed, 01 Aug 2018 05:28:51 -0700

:facepalm: let's forget I sent the previous patch.

OK?


Index: radiusd.c
===================================================================
RCS file: /cvs/src/usr.sbin/radiusd/radiusd.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 radiusd.c
--- radiusd.c   13 Jun 2017 05:40:22 -0000      1.20
+++ radiusd.c   1 Aug 2018 12:26:26 -0000
@@ -1066,7 +1066,8 @@ radiusd_module_stop(struct radiusd_modul
 {
        module->stopped = true;
 
-       freezero(module->secret, strlen(module->secret));
+       if (module->secret != NULL)
+               freezero(module->secret, strlen(module->secret));
        module->secret = NULL;
 
        if (module->fd >= 0) {

On 14:12 Wed 01 Aug     , Sebastien Marie wrote:
> if I didn't mess, module is a `struct radiusd_module', and `secret'
> member is defined as `char *'. I expect sizeof(module->secret) to be
> always 8 (on amd64): the size of the pointer.
> 
> as the variable is dynamically allocated, you should really use strlen()
> and checking for NULL before zeroing it.
> 
> -- 
> Sebastien Marie

Re: fix segfault on radiusd(8)

Reply via email to