From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 18 Jan 2023 20:35:54 +0000 (-0500)
Subject: check that clients send odd sequence numbers
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=08c7554ba3e5cbc94ee4e711efb517667942cf1c;p=thirdparty%2Ffreeradius-server.git

check that clients send odd sequence numbers
---

diff --git a/src/listen/tacacs/proto_tacacs.c b/src/listen/tacacs/proto_tacacs.c
index a28a2409a11..81781435708 100644
--- a/src/listen/tacacs/proto_tacacs.c
+++ b/src/listen/tacacs/proto_tacacs.c
@@ -189,6 +189,14 @@ static int mod_decode(void const *instance, request_t *request, uint8_t *const d
 
 	client = address->radclient;
 
+	/*
+	 *	Clients start at ID 1, and go up by 2.
+	 */
+	if ((data[2] & 0x01) != 0x01) {
+		REDEBUG("Invalid sequence number %02x", data[2]);
+		return -1;
+	}
+
 	/*
 	 *	Decode the header, etc.
 	 *
@@ -212,7 +220,6 @@ static int mod_decode(void const *instance, request_t *request, uint8_t *const d
 		break;
 
 	default:
-		fr_assert(0);
 		return -1;
 	}