From: Alan T. DeKok <aland@freeradius.org>
Date: Tue, 18 Nov 2025 20:37:03 +0000 (-0500)
Subject: move to using explicit include list when checking for valid types
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b0379e64b2bfc40adc5aa408d72dbb60d049461;p=thirdparty%2Ffreeradius-server.git

move to using explicit include list when checking for valid types
---

diff --git a/src/protocols/der/base.c b/src/protocols/der/base.c
index 04b067b7413..562bebad6b3 100644
--- a/src/protocols/der/base.c
+++ b/src/protocols/der/base.c
@@ -691,25 +691,27 @@ static bool type_parse(fr_type_t *type_p,fr_dict_attr_t **da_p, char const *name
 		fr_strerror_const("Cannot use 'tlv' in DER.  Please use 'sequence'");
 		return false;
 
-	case FR_TYPE_IFID:
-	case FR_TYPE_COMBO_IP_PREFIX:
-	case FR_TYPE_ETHERNET:
-	case FR_TYPE_FLOAT32:
-	case FR_TYPE_FLOAT64:
-	case FR_TYPE_VSA:
-	case FR_TYPE_VENDOR:
-	case FR_TYPE_VALUE_BOX:
-	case FR_TYPE_VOID:
-	case FR_TYPE_MAX:
+	default:
+	invalid_type:
 		fr_strerror_printf("Cannot use type '%s' in the DER dictionaries",
 				   fr_type_to_str(*type_p));
 		return false;
 
 		/*
-		 *	We allow integers for now.  They may be
+		 *	We allow all integer types.  They may be
 		 *	internal, or they may be inside of a struct.
 		 */
-	default:
+	case FR_TYPE_NULL:
+	case FR_TYPE_INTEGER:
+	case FR_TYPE_VARIABLE_SIZE:
+	case FR_TYPE_IPV4_ADDR:
+	case FR_TYPE_IPV4_PREFIX:
+	case FR_TYPE_IPV6_ADDR:
+	case FR_TYPE_IPV6_PREFIX:
+	case FR_TYPE_COMBO_IP_ADDR:
+	case FR_TYPE_STRUCT:
+	case FR_TYPE_GROUP:
+	case FR_TYPE_ATTR:
 		break;
 	}
 
@@ -728,6 +730,7 @@ static bool type_parse(fr_type_t *type_p,fr_dict_attr_t **da_p, char const *name
 	fr_type = fr_table_value_by_str(type_table, name, FR_TYPE_MAX);
 	if (fr_type == FR_TYPE_MAX) {
 		flags->der_type = fr_type_to_der_tag_default(*type_p);
+		if (!flags->der_type) goto invalid_type;
 		return true;
 	}
 
diff --git a/src/tests/unit/protocols/der/dictionary.test b/src/tests/unit/protocols/der/dictionary.test
index 7b64ebe9632..bcff5e1a3ba 100644
--- a/src/tests/unit/protocols/der/dictionary.test
+++ b/src/tests/unit/protocols/der/dictionary.test
@@ -183,5 +183,5 @@ ATTRIBUTE option0					0 integer class=private
 ATTRIBUTE option1					1 integer class=private
 END Test-Choice
 
-DEFINE	Test-Attr					attribute
-VALUE	Test-Attr	Test-TLV			@.Test-TLV
+#DEFINE	Test-Attr					attribute
+#VALUE	Test-Attr	Test-TLV			@.Test-TLV