Fix defect found by Covscan

Fix 'warning[-Wmaybe-uninitialized]: 'eapsim_attribute' may be used
uninitialized in this function' by reading directly the attribute list
instead of the unitialized variable.

Resolves: #2151705
Signed-off-by: Antonio Torres <antorres@redhat.com>
This commit is contained in:
Antonio Torres 2022-12-14 14:46:55 +01:00
parent b29a675c94
commit 5c14283a0b
No known key found for this signature in database
GPG Key ID: 359FAF777296F653
2 changed files with 9 additions and 3 deletions

View File

@ -7,7 +7,9 @@ look that option up in the internal dictionaries. This lookup will fail, but the
SIM code will not check for that failure. Instead, it will dereference a NULL
pointer, and cause the server to crash.
Backport of https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a
Backport of:
https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a
https://github.com/FreeRADIUS/freeradius-server/commit/71128cac3ee236a88a05cc7bddd43e43a88a3089
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2151705
Signed-off-by: Antonio Torres <antorres@redhat.com>
@ -46,7 +48,7 @@ index cf1e8a7dd92..e438a844eab 100644
}
+ if (!attr[1]) {
+ fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", eapsim_attribute,
+ fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", attr[0],
+ es_attribute_count);
+ return 0;
+ }

View File

@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server
Name: freeradius
Version: 3.0.21
Release: 36%{?dist}
Release: 37%{?dist}
License: GPLv2+ and LGPLv2+
URL: http://www.freeradius.org/
@ -862,6 +862,10 @@ EOF
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
%changelog
* Wed Dec 14 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-37
- Fix defect found by covscan
Resolves: #2151705
* Fri Dec 09 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-36
- Fix multiple CVEs
Resolves: #2151705