1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-12-26 18:19:53 +03:00

Cedar/Radius.c: Fix EAP Message buffer overflow

This commit is contained in:
domosekai 2021-07-10 08:15:03 +00:00
parent 56bd9733d6
commit 66dc5ee581

View File

@ -1069,7 +1069,8 @@ RADIUS_PACKET *EapSendPacketAndRecvResponse(EAP_CLIENT *e, RADIUS_PACKET *r)
is_finish = true;
Free(rp->Parse_EapMessage);
rp->Parse_EapMessage = Clone(e->PEAP_CurrentReceivingMsg->Buf, e->PEAP_CurrentReceivingMsg->Size);
rp->Parse_EapMessage = ZeroMalloc(sizeof(EAP_MESSAGE));
Copy(rp->Parse_EapMessage, e->PEAP_CurrentReceivingMsg->Buf, e->PEAP_CurrentReceivingMsg->Size);
rp->Parse_EapMessage_DataSize = e->PEAP_CurrentReceivingMsg->Size;
}
}
@ -1508,7 +1509,8 @@ RADIUS_PACKET *ParseRadiusPacket(void *data, UINT size)
{
if (p->Parse_EapMessage == NULL)
{
EAP_MESSAGE *eap = Clone(a.Data, a.DataSize);
EAP_MESSAGE *eap = ZeroMalloc(sizeof(EAP_MESSAGE));
Copy(eap, a.Data, a.DataSize);
p->Parse_EapMessage_DataSize = sz_tmp;
@ -1603,7 +1605,8 @@ RADIUS_PACKET *ParseRadiusPacket(void *data, UINT size)
p->Parse_EapMessage_DataSize = b->Size;
p->Parse_EapMessage_DataSize = MIN(p->Parse_EapMessage_DataSize, 1500);
p->Parse_EapMessage = Clone(b->Buf, p->Parse_EapMessage_DataSize);
p->Parse_EapMessage = ZeroMalloc(sizeof(EAP_MESSAGE));
Copy(p->Parse_EapMessage, b->Buf, p->Parse_EapMessage_DataSize);
}
FreeBuf(b);