diff options
| -rw-r--r-- | lib/libradius/radlib.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/libradius/radlib.c b/lib/libradius/radlib.c index acca95da6f66..e679b95089b0 100644 --- a/lib/libradius/radlib.c +++ b/lib/libradius/radlib.c @@ -949,7 +949,12 @@ rad_get_attr(struct rad_handle *h, const void **value, size_t *lenp) } type = h->in[h->in_pos++]; len = h->in[h->in_pos++]; - if (len < 2 || h->in_pos + len > h->in_len) { + if (len < 2) { + generr(h, "Malformed attribute in response"); + return -1; + } + len -= 2; + if (h->in_pos + len > h->in_len) { generr(h, "Malformed attribute in response"); return -1; } |