From 3a5d0a04da17b2f7aeda9a41a36c8ec3597d20d6 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Sun, 30 Jul 2017 22:21:59 +0200 Subject: Don't risk calling _validauth() with sec == NULL. buf2radmsg() is never called with rqauth != NULL and secret == NULL but let's protect against future callers. coverity: 1449519 --- radmsg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radmsg.c b/radmsg.c index 7f6dd9d..7ff094b 100644 --- a/radmsg.c +++ b/radmsg.c @@ -308,7 +308,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, uint8_t *rqauth) { } } - if (rqauth && !_validauth(buf, rqauth, secret)) { + if (rqauth && secret && !_validauth(buf, rqauth, secret)) { debug(DBG_WARN, "buf2radmsg: Invalid auth, ignoring reply"); return NULL; } -- cgit v1.1