Commit 3a5d0a04 authored by Linus Nordberg's avatar Linus Nordberg

Don't risk calling _validauth() with sec == NULL.

buf2radmsg() is never called with rqauth != NULL and secret == NULL
but let's protect against future callers.

coverity: 1449519
parent 633e4b83
......@@ -308,7 +308,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, uint8_t *rqauth) {
}
}
if (rqauth && !_validauth(buf, rqauth, secret)) {
if (rqauth && secret && !_validauth(buf, rqauth, secret)) {
debug(DBG_WARN, "buf2radmsg: Invalid auth, ignoring reply");
return NULL;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment