From: Nick Porter <nick@portercomputing.co.uk>
Date: Tue, 11 Jul 2023 12:22:51 +0000 (+0100)
Subject: Don't decode optional attributes
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80d99e3a8881760f8019833eab9f89b443b96e2f;p=thirdparty%2Ffreeradius-server.git

Don't decode optional attributes

Certain attributes are defined as optional, and will have zero length if
they are not present.
---

diff --git a/src/process/tacacs/base.c b/src/process/tacacs/base.c
index f59bfd30a9b..662c178380c 100644
--- a/src/process/tacacs/base.c
+++ b/src/process/tacacs/base.c
@@ -563,10 +563,9 @@ RESUME(auth_start)
 			}
 
 			vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name);
-			if (vp && vp->vp_length == 0) {
+			if (!vp) {
 				RDEBUG("No User-Name, replying with Authentication-GetUser");
 				request->reply->code = FR_TACACS_CODE_AUTH_GETUSER;
-
 			} else {
 				RDEBUG("User-Name = %pV, replying with Authentication-GetPass", &vp->data);
 				request->reply->code = FR_TACACS_CODE_AUTH_GETPASS;
diff --git a/src/protocols/tacacs/decode.c b/src/protocols/tacacs/decode.c
index bc5884892ac..9d7cc98021a 100644
--- a/src/protocols/tacacs/decode.c
+++ b/src/protocols/tacacs/decode.c
@@ -623,12 +623,15 @@ ssize_t fr_tacacs_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t co
 			DECODE_FIELD_UINT8(attr_tacacs_authentication_service, pkt->authen_start.authen_service);
 
 			/*
-			 *	Decode 4 fields, based on their "length"
+			 *	Decode 3 fields, based on their "length"
+			 *	user and rem_addr are optional - indicated by zero length
 			 */
 			p = body;
-			DECODE_FIELD_STRING8(attr_tacacs_user_name, pkt->authen_start.user_len);
+			if (pkt->authen_start.user_len > 0) DECODE_FIELD_STRING8(attr_tacacs_user_name,
+										 pkt->authen_start.user_len);
 			DECODE_FIELD_STRING8(attr_tacacs_client_port, pkt->authen_start.port_len);
-			DECODE_FIELD_STRING8(attr_tacacs_remote_address, pkt->authen_start.rem_addr_len);
+			if (pkt->authen_start.rem_addr_len > 0) DECODE_FIELD_STRING8(attr_tacacs_remote_address,
+										     pkt->authen_start.rem_addr_len);
 
 			/*
 			 *	Check the length on the various
@@ -862,11 +865,13 @@ ssize_t fr_tacacs_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t co
 
 			/*
 			 *	Decode 3 fields, based on their "length"
+			 *	rem_addr is optional - indicated by zero length
 			 */
 			p = body;
 			DECODE_FIELD_STRING8(attr_tacacs_user_name, pkt->author_req.user_len);
 			DECODE_FIELD_STRING8(attr_tacacs_client_port, pkt->author_req.port_len);
-			DECODE_FIELD_STRING8(attr_tacacs_remote_address, pkt->author_req.rem_addr_len);
+			if (pkt->author_req.rem_addr_len > 0) DECODE_FIELD_STRING8(attr_tacacs_remote_address,
+										   pkt->author_req.rem_addr_len);
 
 			/*
 			 *	Decode 'arg_N' arguments (horrible format)