From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Wed, 22 Feb 2023 03:55:39 +0000 (-0600)
Subject: tacacs: Don't leak session data, and don't crash when copying pairs back
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=72e9a86f3cd5483ebf8fec99ad339fbcc41688e9;p=thirdparty%2Ffreeradius-server.git

tacacs: Don't leak session data, and don't crash when copying pairs back
---

diff --git a/src/process/tacacs/base.c b/src/process/tacacs/base.c
index 36cf0d7d1ac..5945a692029 100644
--- a/src/process/tacacs/base.c
+++ b/src/process/tacacs/base.c
@@ -817,8 +817,7 @@ RESUME(auth_get)
 		if (!packet_is_authen_start_request(packet)) goto send_reply;
 
 		MEM(session = talloc_zero(NULL, process_tacacs_session_t));
-
-		if (request_data_talloc_add(request, inst, 0, process_tacacs_session_t, session, true, false, true) < 0) {
+		if (request_data_talloc_add(request, inst, 0, process_tacacs_session_t, session, true, true, true) < 0) {
 			talloc_free(session);
 			goto send_reply;
 		}
@@ -887,12 +886,11 @@ RECV(auth_cont)
 	if (session) {
 		if (request->packet->data[2] <= session->seq_no) {
 			REDEBUG("Client sent invalid sequence number %02x, expected >%02x", request->packet->data[2], session->seq_no);
+		error:
 			return CALL_SEND_TYPE(FR_TACACS_CODE_AUTH_ERROR);
 		}
 
-		if (fr_pair_list_copy(&request->request_ctx, &request->request_pairs, &session->list) < 0) {
-			return CALL_SEND_TYPE(FR_TACACS_CODE_AUTH_ERROR);
-		}
+		if (fr_pair_list_copy(request->request_ctx, &request->request_pairs, &session->list) < 0) goto error;
 	}
 
 	return CALL_RECV(generic);