From 5c14283a0b753a7f9f3a6eefeee46ce350c70783 Mon Sep 17 00:00:00 2001
From: Antonio Torres <antorres@redhat.com>
Date: Wed, 14 Dec 2022 14:46:55 +0100
Subject: [PATCH] Fix defect found by Covscan

Fix 'warning[-Wmaybe-uninitialized]: 'eapsim_attribute' may be used
uninitialized in this function' by reading directly the attribute list
instead of the unitialized variable.

Resolves: #2151705
Signed-off-by: Antonio Torres <antorres@redhat.com>
---
 freeradius-fix-crash-unknown-eap-sim.patch | 6 ++++--
 freeradius.spec                            | 6 +++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/freeradius-fix-crash-unknown-eap-sim.patch b/freeradius-fix-crash-unknown-eap-sim.patch
index acf1b4d..d2b7956 100644
--- a/freeradius-fix-crash-unknown-eap-sim.patch
+++ b/freeradius-fix-crash-unknown-eap-sim.patch
@@ -7,7 +7,9 @@ look that option up in the internal dictionaries. This lookup will fail, but the
 SIM code will not check for that failure. Instead, it will dereference a NULL
 pointer, and cause the server to crash.
 
-Backport of https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a
+Backport of:
+https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a
+https://github.com/FreeRADIUS/freeradius-server/commit/71128cac3ee236a88a05cc7bddd43e43a88a3089
 
 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2151705
 Signed-off-by: Antonio Torres <antorres@redhat.com>
@@ -46,7 +48,7 @@ index cf1e8a7dd92..e438a844eab 100644
  		}
  
 +		if (!attr[1]) {
-+			fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", eapsim_attribute,
++			fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", attr[0],
 +					   es_attribute_count);
 +			return 0;
 +		}
diff --git a/freeradius.spec b/freeradius.spec
index f317fdf..a0f515d 100644
--- a/freeradius.spec
+++ b/freeradius.spec
@@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 3.0.21
-Release: 36%{?dist}
+Release: 37%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: http://www.freeradius.org/
 
@@ -862,6 +862,10 @@ EOF
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
 
 %changelog
+* Wed Dec 14 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-37
+- Fix defect found by covscan
+  Resolves: #2151705
+
 * Fri Dec 09 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-36
 - Fix multiple CVEs
   Resolves: #2151705