Don't risk calling _validauth() with sec == NULL.

buf2radmsg() is never called with rqauth != NULL and secret == NULL but let's protect against future callers. coverity: 1449519

Don't risk calling _validauth() with sec == NULL.
buf2radmsg() is never called with rqauth != NULL and secret == NULL but let's protect against future callers. coverity: 1449519
3a5d0a04 · Linus Nordberg · 633e4b83 · 3a5d0a04
Commit 3a5d0a04 authored Jul 30, 2017 by Linus Nordberg
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

radmsg.c radmsg.c +1 -1

No files found.
--- a/radmsg.c
+++ b/radmsg.c
@@ -308,7 +308,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, uint8_t *rqauth) {
 	}
    }

-    if (rqauth && !_validauth(buf, rqauth, secret)) {
+    if (rqauth && secret && !_validauth(buf, rqauth, secret)) {
 	debug(DBG_WARN, "buf2radmsg: Invalid auth, ignoring reply");
 	return NULL;
    }