From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 16 Feb 2026 17:20:55 +0000 (-0500)
Subject: fail on invalid packet codes, instead of dereferencing NULL ptr
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=853d4b00b4d5fa963f4e0657dfb26f5437142b95;p=thirdparty%2Ffreeradius-server.git

fail on invalid packet codes, instead of dereferencing NULL ptr

this won't happen as the rest of the code is sane, but it's good
to double-check the values to be sure.
---

diff --git a/src/process/tls/base.c b/src/process/tls/base.c
index a79e5125c16..0760e3351fa 100644
--- a/src/process/tls/base.c
+++ b/src/process/tls/base.c
@@ -187,6 +187,14 @@ static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const
 	request->module = NULL;
 	fr_assert(request->proto_dict == dict_tls);
 
+	/*
+	 *	Success, failure, and notfound are not TLS packets that we 
+	 */
+	if (!request->packet->code || (request->packet->code > FR_PACKET_TYPE_VALUE_ESTABLISH_SESSION)) {
+		REDEBUG("Invalid packet code %u", request->packet->code);
+		RETURN_UNLANG_FAIL;
+	}
+
 	UPDATE_STATE(packet);
 
 	log_request_pair_list(L_DBG_LVL_1, request, NULL, &request->request_pairs, NULL);