From: Alan T. DeKok <aland@freeradius.org>
Date: Tue, 12 Apr 2022 18:43:16 +0000 (-0400)
Subject: fr_tacacs_length() can return negative.  CID #1469155
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f5b1000f1f9bfc5830a2e2b9522664410b57b108;p=thirdparty%2Ffreeradius-server.git

fr_tacacs_length() can return negative.  CID #1469155
---

diff --git a/src/listen/tacacs/proto_tacacs_tcp.c b/src/listen/tacacs/proto_tacacs_tcp.c
index a0a62ebcf6b..476b3186cac 100644
--- a/src/listen/tacacs/proto_tacacs_tcp.c
+++ b/src/listen/tacacs/proto_tacacs_tcp.c
@@ -141,6 +141,8 @@ static ssize_t mod_read(fr_listen_t *li, UNUSED void **packet_ctx, fr_time_t *re
 	 *	caller that we need to read more.
 	 */
 	packet_len = fr_tacacs_length(buffer, in_buffer);
+	if (packet_len < 0) return -1;
+
 	if (in_buffer < packet_len) {
 		*leftover = in_buffer;
 		return 0;