From da884aaaadc39bdafee7977498fd3c78dfbcaa1d Mon Sep 17 00:00:00 2001
From: Fabian Mauchle <fabian.mauchle@switch.ch>
Date: Fri, 31 Jul 2020 15:43:09 +0200
Subject: [PATCH] fix coverity issues

---
 radmsg.c      | 2 +-
 radsecproxy.c | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/radmsg.c b/radmsg.c
index 6828f0d..5f49237 100644
--- a/radmsg.c
+++ b/radmsg.c
@@ -296,7 +296,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, int secret_len, uint8_t
     while (p - buf + 2 <= len) {
 	t = *p++;
         l = *p++;
-	if (l < 2) {
+	if (l < 2 || l > 255) {
 	    debug(DBG_WARN, "buf2radmsg: invalid attribute length %d", l);
 	    radmsg_free(msg);
 	    return NULL;
diff --git a/radsecproxy.c b/radsecproxy.c
index b281e21..8d53d6e 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -3046,7 +3046,8 @@ int radsecproxy_main(int argc, char **argv) {
     sigaddset(&sigset, SIGHUP);
     sigaddset(&sigset, SIGPIPE);
     pthread_sigmask(SIG_BLOCK, &sigset, NULL);
-    pthread_create(&sigth, &pthread_attr, sighandler, NULL);
+    if (pthread_create(&sigth, &pthread_attr, sighandler, NULL))
+        debugx(1, DBG_ERR, "pthread_create failed: sighandler");
 
     for (entry = list_first(srvconfs); entry; entry = list_next(entry)) {
 	srvconf = (struct clsrvconf *)entry->data;