From 3a5d0a04da17b2f7aeda9a41a36c8ec3597d20d6 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordu.net>
Date: Sun, 30 Jul 2017 22:21:59 +0200
Subject: Don't risk calling _validauth() with sec == NULL.

buf2radmsg() is never called with rqauth != NULL and secret == NULL
but let's protect against future callers.

coverity: 1449519
---
 radmsg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'radmsg.c')

diff --git a/radmsg.c b/radmsg.c
index 7f6dd9d..7ff094b 100644
--- a/radmsg.c
+++ b/radmsg.c
@@ -308,7 +308,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, uint8_t *rqauth) {
 	}
     }
 
-    if (rqauth && !_validauth(buf, rqauth, secret)) {
+    if (rqauth && secret && !_validauth(buf, rqauth, secret)) {
 	debug(DBG_WARN, "buf2radmsg: Invalid auth, ignoring reply");
 	return NULL;
     }
-- 
cgit v1.1