Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
Subject: krb5_rd_safe_basic() throws exception when sender_addr is NULL
X-RT-Original-Encoding: iso-8859-1
Content-Length: 430

When 'sender_addr' is NULL, krb5_rd_safe_basic() calls
krb5_address_compare() which throws a NULL pointer exception.

krb5_address_compare() checks to ensure that message->r_address and
recv_addr are not NULL before calling krb5_address_compare() but does
not check the state of sender_addr and message->s_address.

'sender_addr' will be NULL if krb5_rd_safe() is called without
generating address bindings for the auth_context.