When 'sender_addr' is NULL, krb5_rd_safe_basic() calls
krb5_address_compare() which throws a NULL pointer exception.

krb5_address_compare() checks to ensure that message->r_address and
recv_addr are not NULL before calling krb5_address_compare() but does
not check the state of sender_addr and message->s_address.

'sender_addr' will be NULL if krb5_rd_safe() is called without
generating address bindings for the auth_context.