A NPD bug in print-radius.c

[wurongxin1987]

To report a security issue please send an e-mail to [email protected].

To report bugs and other problems, contribute patches, request a feature, provide generic feedback etc please see the file CONTRIBUTING in the tcpdump source tree root.

In the source file print-radius.c, in the function print_attr_time, it seems that the variable attr_time is some data obtained from network and will be used for constructing the ctime data. The function ctime which is a glibc library may potentially return a null pointer (e.g., invalidate number of attr_time may lead to return null pointer). Then, the newly generated ctime data will be passed to the function strlcpy and be dereferenced at Line 56.