From 5c14283a0b753a7f9f3a6eefeee46ce350c70783 Mon Sep 17 00:00:00 2001 From: Antonio Torres Date: Wed, 14 Dec 2022 14:46:55 +0100 Subject: [PATCH] Fix defect found by Covscan Fix 'warning[-Wmaybe-uninitialized]: 'eapsim_attribute' may be used uninitialized in this function' by reading directly the attribute list instead of the unitialized variable. Resolves: #2151705 Signed-off-by: Antonio Torres --- freeradius-fix-crash-unknown-eap-sim.patch | 6 ++++-- freeradius.spec | 6 +++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/freeradius-fix-crash-unknown-eap-sim.patch b/freeradius-fix-crash-unknown-eap-sim.patch index acf1b4d..d2b7956 100644 --- a/freeradius-fix-crash-unknown-eap-sim.patch +++ b/freeradius-fix-crash-unknown-eap-sim.patch @@ -7,7 +7,9 @@ look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash. -Backport of https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a +Backport of: +https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a +https://github.com/FreeRADIUS/freeradius-server/commit/71128cac3ee236a88a05cc7bddd43e43a88a3089 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2151705 Signed-off-by: Antonio Torres @@ -46,7 +48,7 @@ index cf1e8a7dd92..e438a844eab 100644 } + if (!attr[1]) { -+ fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", eapsim_attribute, ++ fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", attr[0], + es_attribute_count); + return 0; + } diff --git a/freeradius.spec b/freeradius.spec index f317fdf..a0f515d 100644 --- a/freeradius.spec +++ b/freeradius.spec @@ -1,7 +1,7 @@ Summary: High-performance and highly configurable free RADIUS server Name: freeradius Version: 3.0.21 -Release: 36%{?dist} +Release: 37%{?dist} License: GPLv2+ and LGPLv2+ URL: http://www.freeradius.org/ @@ -862,6 +862,10 @@ EOF %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest %changelog +* Wed Dec 14 2022 Antonio Torres - 3.0.21-37 +- Fix defect found by covscan + Resolves: #2151705 + * Fri Dec 09 2022 Antonio Torres - 3.0.21-36 - Fix multiple CVEs Resolves: #2151705