check that clients send odd sequence numbers

diff --git a/src/listen/tacacs/proto_tacacs.c b/src/listen/tacacs/proto_tacacs.c
index a28a2409a11289910d0041a6c7508f8581eafd7d..81781435708df2077e7751b5348b3a40577fcad0 100644 (file)
--- a/src/listen/tacacs/proto_tacacs.c
+++ b/src/listen/tacacs/proto_tacacs.c
@@ -189,6 +189,14 @@ static int mod_decode(void const *instance, request_t *request, uint8_t *const d
 
        client = address->radclient;
 
+       /*
+        *      Clients start at ID 1, and go up by 2.
+        */
+       if ((data[2] & 0x01) != 0x01) {
+               REDEBUG("Invalid sequence number %02x", data[2]);
+               return -1;
+       }
+
        /*
         *      Decode the header, etc.
         *
@@ -212,7 +220,6 @@ static int mod_decode(void const *instance, request_t *request, uint8_t *const d
                break;
 
        default:
-               fr_assert(0);
                return -1;
        }