Don't risk calling _validauth() with sec == NULL.

buf2radmsg() is never called with rqauth != NULL and secret == NULL but let's protect against future callers. coverity: 1449519
mariux64 · Aug 1, 2017 · 3a5d0a0 · 3a5d0a0
1 parent 633e4b8
commit 3a5d0a0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/radmsg.c b/radmsg.c
@@ -308,7 +308,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, uint8_t *rqauth) {
 	}
     }
 
-    if (rqauth && !_validauth(buf, rqauth, secret)) {
+    if (rqauth && secret && !_validauth(buf, rqauth, secret)) {
 	debug(DBG_WARN, "buf2radmsg: Invalid auth, ignoring reply");
 	return NULL;
     }