Bug#801763: uninitialised variable create crash

fuxfwgc4a2i1gr fuxfwgc4a2i1gr at gmail.com
Wed Oct 14 11:02:56 UTC 2015 

Package: libfreeradius-client2
Version: 1.1.6-7

libfreeradius_client.so.2.0.0:00007FF222D1DB8C call    near ptr unk_7FF222D1C6E0
libfreeradius_client.so.2.0.0:00007FF222D1DB91 test    rax, rax
libfreeradius_client.so.2.0.0:00007FF222D1DB94 jz      short loc_7FF222D1DBA0
libfreeradius_client.so.2.0.0:00007FF222D1DB96 cmp     dword ptr [rax+2Ch], 6
libfreeradius_client.so.2.0.0:00007FF222D1DB9A jz      loc_7FF222D1E2B3
libfreeradius_client.so.2.0.0:00007FF222D1DBA0
libfreeradius_client.so.2.0.0:00007FF222D1DBA0 loc_7FF222D1DBA0:                       ; CODE XREF: rc_send_server+64j
libfreeradius_client.so.2.0.0:00007FF222D1DBA0 mov     rsi, [r14+18h] < ----------------------------- THIS CHECK COMPLETELY NOT HAVE ANY SENSE BECAUSE DATA ALWAYS RANDOM. Check description below
libfreeradius_client.so.2.0.0:00007FF222D1DBA4 test    rsi, rsi       <-------/
libfreeradius_client.so.2.0.0:00007FF222D1DBA7 jz      loc_7FF222D1E228 <----/
libfreeradius_client.so.2.0.0:00007FF222D1DBAD lea     rdx, [rsp+41B8h+var_4088]
libfreeradius_client.so.2.0.0:00007FF222D1DBB5 mov     [rsp+41B8h+var_4198], rdx
libfreeradius_client.so.2.0.0:00007FF222D1DBBA mov     rdi, [rsp+41B8h+var_4198]
libfreeradius_client.so.2.0.0:00007FF222D1DBBF mov     edx, 30h
libfreeradius_client.so.2.0.0:00007FF222D1DBC4 call    near ptr unk_7FF222D1C130
libfreeradius_client.so.2.0.0:00007FF222D1DBC9
libfreeradius_client.so.2.0.0:00007FF222D1DBC9 loc_7FF222D1DBC9:                       ; CODE XREF: rc_send_server+705j
libfreeradius_client.so.2.0.0:00007FF222D1DBC9 mov     rcx, [rsp+41B8h+var_4198]
libfreeradius_client.so.2.0.0:00007FF222D1DBCE mov     rsi, [rsp+41B8h+var_4190]
libfreeradius_client.so.2.0.0:00007FF222D1DBD3 lea     rdx, [rsp+41B8h+var_4174]
libfreeradius_client.so.2.0.0:00007FF222D1DBD8 mov     rdi, [rsp+41B8h+var_4188]
libfreeradius_client.so.2.0.0:00007FF222D1DBDD call    near ptr unk_7FF222D1C240
libfreeradius_client.so.2.0.0:00007FF222D1DBE2 test    eax, eax

When rc_send_server executed from rc_aaa then 
if(data->secret != NULL) will always give Strange and unexpected results because data->secret not initialized in rc_aaa.
If not to do initialisation then i think your application constantly will crash in moment of usage rc_auth. 

I suggest to initialize in rc_aaa ( buildreq.c )
data.secret = NULL; after line data.receive_pairs = NULL;

More information about the Pkg-voip-maintainers mailing list