diff options
| author | Linus Nordberg <linus@nordu.net> | 2017-07-30 22:21:59 +0200 |
|---|---|---|
| committer | Linus Nordberg <linus@nordu.net> | 2017-08-01 18:25:36 +0200 |
| commit | 3a5d0a04da17b2f7aeda9a41a36c8ec3597d20d6 (patch) | |
| tree | 6cf1a03448ee2a57bcd79727a95ef52efedf871b /radmsg.c | |
| parent | 633e4b83029f4cf213c986404e28ecbd9cd8d26d (diff) | |
Don't risk calling _validauth() with sec == NULL.
buf2radmsg() is never called with rqauth != NULL and secret == NULL
but let's protect against future callers.
coverity: 1449519
Diffstat (limited to 'radmsg.c')
| -rw-r--r-- | radmsg.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -308,7 +308,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, uint8_t *rqauth) { } } - if (rqauth && !_validauth(buf, rqauth, secret)) { + if (rqauth && secret && !_validauth(buf, rqauth, secret)) { debug(DBG_WARN, "buf2radmsg: Invalid auth, ignoring reply"); return NULL; } |