Don't risk calling _validauth() with sec == NULL.

buf2radmsg() is never called with rqauth != NULL and secret == NULL but let's protect against future callers. coverity: 1449519
author: Linus Nordberg <linus@nordu.net> 2017-07-30 22:21:59 +0200
committer: Linus Nordberg <linus@nordu.net> 2017-08-01 18:19:13 +0200
commit: 65094f8683f95b3fd47172166fe084a8dccdc4ff (patch)
tree: 94cdf55611c812489897c1b4e072d59a5fc8b535
parent: 1e695906e679d6a4be772ea67ce8164da665ec12 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/radmsg.c b/radmsg.c
index 1a0f912..00c13c9 100644
--- a/radmsg.c
+++ b/radmsg.c
@@ -273,7 +273,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, uint8_t *rqauth) {
 	}
     }
 
-    if (rqauth && !_validauth(buf, rqauth, secret)) {
+    if (rqauth && secret && !_validauth(buf, rqauth, secret)) {
 	debug(DBG_WARN, "buf2radmsg: Invalid auth, ignoring reply");
 	return NULL;
     }
author	Linus Nordberg <linus@nordu.net>	2017-07-30 22:21:59 +0200
committer	Linus Nordberg <linus@nordu.net>	2017-08-01 18:19:13 +0200
commit	65094f8683f95b3fd47172166fe084a8dccdc4ff (patch)
tree	94cdf55611c812489897c1b4e072d59a5fc8b535
parent	1e695906e679d6a4be772ea67ce8164da665ec12 (diff)