From efb2667c252985004598625d357d3f4db7418964 Mon Sep 17 00:00:00 2001 From: Paul Mackerras Date: Sat, 18 Mar 2023 18:14:04 +1100 Subject: [PATCH] radius: Fix list traversal in rc_avpair_insert In rc_avpair_insert, if the list element "p" is non-NULL but not actually in the list "a", we can end up with this_node being NULL and being dereferenced. By changing the while test to this_node->next we avoid having this_node being NULL; the loop will terminate when this_node == p or this_node->next == NULL, which is what we want. Signed-off-by: Paul Mackerras --- pppd/plugins/radius/avpair.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pppd/plugins/radius/avpair.c b/pppd/plugins/radius/avpair.c index 9b5c39c..bbe141d 100644 --- a/pppd/plugins/radius/avpair.c +++ b/pppd/plugins/radius/avpair.c @@ -426,7 +426,7 @@ void rc_avpair_insert (VALUE_PAIR **a, VALUE_PAIR *p, VALUE_PAIR *b) else /* look for the "p" entry in the "a" list (or run to end) */ { this_node = *a; - while (this_node != (VALUE_PAIR *) NULL) + while (this_node->next != (VALUE_PAIR *) NULL) { if (this_node == p) { -- 2.39.2