From 3abd20bf026b1500121969f02af51cfd29ecb47b Mon Sep 17 00:00:00 2001
From: Kozlov Dmitry <dima@server>
Date: Wed, 24 Nov 2010 18:48:56 +0300
Subject: radius: fixed incorrect handling empty user password when pap
 authentication is used

---
 accel-pptpd/radius/auth.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'accel-pptpd')

diff --git a/accel-pptpd/radius/auth.c b/accel-pptpd/radius/auth.c
index 55d1858..94a8269 100644
--- a/accel-pptpd/radius/auth.c
+++ b/accel-pptpd/radius/auth.c
@@ -108,8 +108,13 @@ static uint8_t* encrypt_password(const char *passwd, const char *secret, const u
 	int i, j, chunk_cnt;
 	uint8_t b[16], c[16];
 	MD5_CTX ctx;
-	
-	chunk_cnt = (strlen(passwd) - 1) / 16 + 1;
+
+	if (strlen(passwd))
+		chunk_cnt = (strlen(passwd) - 1) / 16 + 1;
+	else {
+		*epasswd_len = 0;
+		return (uint8_t *)1;
+	}
 	
 	epasswd = _malloc(chunk_cnt * 16);
 	if (!epasswd) {
@@ -186,11 +191,13 @@ int rad_auth_pap(struct radius_pd_t *rpd, const char *username, va_list args)
 		goto out;
 
 	if (rad_packet_add_octets(req->pack, "User-Password", epasswd, epasswd_len)) {
-		_free(epasswd);
+		if (epasswd_len)
+			_free(epasswd);
 		goto out;
 	}
 
-	_free(epasswd);
+	if (epasswd_len)
+		_free(epasswd);
 
 	if (conf_sid_in_auth)
 		if (rad_packet_add_str(req->pack, "Acct-Session-Id", rpd->ppp->sessionid, PPP_SESSIONID_LEN))
-- 
cgit v1.2.3