From 22b24dc6ceb93dca800c687e72bba89fe68a78ee Mon Sep 17 00:00:00 2001
From: Guillaume Nault <g.nault@alphalink.fr>
Date: Wed, 21 Feb 2018 17:55:53 +0100
Subject: ppp: fix use-after-free in ppp_auth_failed()

The 'username' variable can be freed at the beginning of the function.
We have to use ppp->ses.username instead.

Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
---
 accel-pppd/ppp/ppp_auth.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'accel-pppd/ppp/ppp_auth.c')

diff --git a/accel-pppd/ppp/ppp_auth.c b/accel-pppd/ppp/ppp_auth.c
index 27138748..0eaac35a 100644
--- a/accel-pppd/ppp/ppp_auth.c
+++ b/accel-pppd/ppp/ppp_auth.c
@@ -364,8 +364,8 @@ void __export ppp_auth_failed(struct ppp_t *ppp, char *username)
 			_free(username);
 		ppp->ses.terminate_cause = TERM_AUTH_ERROR;
 		pthread_rwlock_unlock(&ses_lock);
-		log_ppp_info1("%s: authentication failed\n", username);
-		log_info1("%s: authentication failed\n", username);
+		log_ppp_info1("%s: authentication failed\n", ppp->ses.username);
+		log_info1("%s: authentication failed\n", ppp->ses.username);
 		triton_event_fire(EV_SES_AUTH_FAILED, ppp);
 	} else
 		log_ppp_info1("authentication failed\n");
-- 
cgit v1.2.3