Commit 3a5d0a04 authored by Linus Nordberg's avatar Linus Nordberg
Browse files

Don't risk calling _validauth() with sec == NULL.

buf2radmsg() is never called with rqauth != NULL and secret == NULL
but let's protect against future callers.

coverity: 1449519
parent 633e4b83
...@@ -308,7 +308,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, uint8_t *rqauth) { ...@@ -308,7 +308,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, uint8_t *rqauth) {
} }
} }
if (rqauth && !_validauth(buf, rqauth, secret)) { if (rqauth && secret && !_validauth(buf, rqauth, secret)) {
debug(DBG_WARN, "buf2radmsg: Invalid auth, ignoring reply"); debug(DBG_WARN, "buf2radmsg: Invalid auth, ignoring reply");
return NULL; return NULL;
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment