Description: Fix RADIUS Packet Authentication use-after-free
 The BLASTRadius vulnerability mitigation introduced a use-after-free
 in the RadiusPacket::authenticateReceivedPacket method.
 This fix prevents use-after-free by assigning the string to a
 variable before relying on the c_str result.
Author: Martin Rampersad <martin.rampersad@emkal.ca>
Last-Update: 2025-10-20
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/RadiusClass/RadiusPacket.cpp
+++ b/RadiusClass/RadiusPacket.cpp
@@ -706,7 +706,8 @@
 
 int	RadiusPacket::authenticateReceivedPacket(RadiusServer *server)
 {
-	const char *secret = server->getSharedSecret().c_str();
+	string secretString = server->getSharedSecret();
+	const char *secret = secretString.c_str();
 	gcry_md_hd_t	context;
 	int res;
 	
