*response_code = 0; /* Initialise to keep the rest of the code happy */
+ /*
+ * Check the session ID here, because we've lost the original packet.
+ */
+ if (h->session_id != fr_nbo_to_uint32(data + 4)) {
+ REDEBUG("Session ID %08x does not match expected number %08x",
+ fr_nbo_to_uint32(data + 4), h->session_id);
+ }
+
/*
* Decode the attributes, in the context of the reply.
* This only fails if the packet is strangely malformed,
* Decode a TACACS+ packet
*/
ssize_t fr_tacacs_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *buffer, size_t buffer_len,
- UNUSED const uint8_t *original, char const * const secret, size_t secret_len)
+ const uint8_t *original, char const * const secret, size_t secret_len)
{
fr_tacacs_packet_t const *pkt;
fr_pair_t *vp;
return -1;
}
+ /*
+ * Check that the session IDs are correct.
+ */
+ if (original && (memcmp(original + 4, buffer + 4, 4) != 0)) {
+ fr_strerror_printf("Session ID %08x does not match expected number %08x",
+ fr_nbo_to_uint32(buffer + 4), fr_nbo_to_uint32(original + 4));
+ return -1;
+ }
+
/*
* Call the struct encoder to do the actual work.
*/
projects / thirdparty / freeradius-server.git / commitdiff
