rc_find_server() resets the secret by setting *secret = 0 instead of what
was likely intended: memset the entire array. In case of error, moved the
memset operation outside of the rc_find_server() function. It's only used
in one place anyway.
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
if (result == 0)
{
memset (buffer, '\0', sizeof (buffer));
- memset (secret, '\0', sizeof (secret));
error("rc_find_server: couldn't find RADIUS server %s in %s",
server_name, rc_conf_str("servers"));
return (-1);
{
if (rc_find_server (server_name, &auth_ipaddr, secret) != 0)
{
+ memset (secret, '\0', sizeof (secret));
return (ERROR_RC);
}
}