From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Mon, 4 Nov 2019 13:53:32 +0000 (-0600)
Subject: Take a pass through and add MEM() where it should be used, and remove it from the... 
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f77be0d3352c990f36e5dba34b3f2269dec7c9ae;p=thirdparty%2Ffreeradius-server.git

Take a pass through and add MEM() where it should be used, and remove it from the protocol encoder/decoders and utilities

It may be useful to set a size limit on the context we pass to the decoders to prevent an attacker exploiting a logic bug.  In this case we want the decoder to handle the memory allocation failure gracefully.
---

diff --git a/src/bin/radclient.c b/src/bin/radclient.c
index 57ba92dd331..71338b8c253 100644
--- a/src/bin/radclient.c
+++ b/src/bin/radclient.c
@@ -226,8 +226,7 @@ static int mschapv1_encode(RADIUS_PACKET *packet, VALUE_PAIR **request,
 	fr_pair_delete_by_da(&packet->vps, attr_ms_chap_challenge);
 	fr_pair_delete_by_da(&packet->vps, attr_ms_chap_response);
 
-	challenge = fr_pair_afrom_da(packet, attr_ms_chap_challenge);
-	if (!challenge) return 0;
+	MEM(challenge = fr_pair_afrom_da(packet, attr_ms_chap_challenge));
 
 	fr_pair_add(request, challenge);
 	challenge->vp_length = 8;
@@ -236,11 +235,7 @@ static int mschapv1_encode(RADIUS_PACKET *packet, VALUE_PAIR **request,
 		p[i] = fr_rand();
 	}
 
-	reply = fr_pair_afrom_da(packet, attr_ms_chap_response);
-	if (!reply) {
-		return 0;
-	}
-
+	MEM(reply = fr_pair_afrom_da(packet, attr_ms_chap_response));
 	fr_pair_add(request, reply);
 	reply->vp_length = 50;
 	reply->vp_octets = p = talloc_array(reply, uint8_t, reply->vp_length);
diff --git a/src/bin/radsnmp.c b/src/bin/radsnmp.c
index f02b3d7d3f9..7883056ea49 100644
--- a/src/bin/radsnmp.c
+++ b/src/bin/radsnmp.c
@@ -306,11 +306,7 @@ static ssize_t radsnmp_pair_from_oid(TALLOC_CTX *ctx, radsnmp_conf_t *conf, fr_c
 		da = parent;
 	}
 
-	vp = fr_pair_afrom_da(ctx, da);
-	if (!vp) {
-		fr_strerror_printf("Failed allocating OID attribute");
-		return -(slen);
-	}
+	MEM(vp = fr_pair_afrom_da(ctx, da));
 
 	/*
 	 *	VALUE_PAIRs with no value need a 1 byte value buffer.
@@ -358,11 +354,7 @@ static ssize_t radsnmp_pair_from_oid(TALLOC_CTX *ctx, radsnmp_conf_t *conf, fr_c
 		goto error;
 	}
 
-	vp = fr_pair_afrom_da(ctx, attr_freeradius_snmp_type);
-	if (!vp) {
-		slen = -(slen);
-		goto error;
-	}
+	MEM(vp = fr_pair_afrom_da(ctx, attr_freeradius_snmp_type));
 	vp->vp_uint32 = type;
 
 	fr_cursor_append(cursor, vp);
@@ -752,11 +744,7 @@ static int radsnmp_send_recv(radsnmp_conf_t *conf, int fd)
 		 *	Now add an attribute indicating what the
 		 *	SNMP operation was
 		 */
-		vp = fr_pair_afrom_da(request, attr_freeradius_snmp_operation);
-		if (!vp) {
-			ERROR("Failed allocating SNMP operation attribute");
-			return EXIT_FAILURE;
-		}
+		MEM(vp = fr_pair_afrom_da(request, attr_freeradius_snmp_operation));
 		vp->vp_uint32 = (unsigned int)command;	/* Commands must match dictionary */
 		fr_cursor_append(&cursor, vp);
 
diff --git a/src/lib/eap/base.c b/src/lib/eap/base.c
index 241462b8979..09cf8308715 100644
--- a/src/lib/eap/base.c
+++ b/src/lib/eap/base.c
@@ -137,11 +137,7 @@ VALUE_PAIR *eap_packet_to_vp(RADIUS_PACKET *packet, eap_packet_raw_t const *eap)
 		size = total;
 		if (size > 253) size = 253;
 
-		vp = fr_pair_afrom_da(packet, attr_eap_message);
-		if (!vp) {
-			fr_pair_list_free(&head);
-			return NULL;
-		}
+		MEM(vp = fr_pair_afrom_da(packet, attr_eap_message));
 		fr_pair_value_memcpy(vp, ptr, size, false);
 
 		fr_cursor_append(&out, vp);
diff --git a/src/lib/eap/chbind.c b/src/lib/eap/chbind.c
index ec598d0660a..3a5f26be779 100644
--- a/src/lib/eap/chbind.c
+++ b/src/lib/eap/chbind.c
@@ -297,8 +297,7 @@ VALUE_PAIR *eap_chbind_packet2vp(RADIUS_PACKET *packet, chbind_packet_t *chbind)
 
 	if (!chbind) return NULL; /* don't produce garbage */
 
-	vp = fr_pair_afrom_da(packet, attr_eap_channel_binding_message);
-	if (!vp) return NULL;
+	MEM(vp = fr_pair_afrom_da(packet, attr_eap_channel_binding_message));
 	fr_pair_value_memcpy(vp, (uint8_t *) chbind, talloc_array_length((uint8_t *)chbind), false);
 
 	return vp;
diff --git a/src/lib/ldap/map.c b/src/lib/ldap/map.c
index 35ff8b30172..c0025882072 100644
--- a/src/lib/ldap/map.c
+++ b/src/lib/ldap/map.c
@@ -27,9 +27,6 @@ RCSID("$Id$")
 
 USES_APPLE_DEPRECATED_API
 
-#define LOG_PREFIX "%s - "
-#define LOG_PREFIX_ARGS handle_config->name
-
 #include <freeradius-devel/server/rad_assert.h>
 #include <freeradius-devel/ldap/base.h>
 
@@ -153,8 +150,7 @@ int fr_ldap_map_getvalue(TALLOC_CTX *ctx, VALUE_PAIR **out, REQUEST *request, vp
 		for (i = 0; i < self->count; i++) {
 			if (!self->values[i]->bv_len) continue;
 
-			vp = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
-			rad_assert(vp);
+			MEM(vp = fr_pair_afrom_da(ctx, map->lhs->tmpl_da));
 
 			if (fr_pair_value_from_str(vp, self->values[i]->bv_val,
 						   self->values[i]->bv_len, '\0', true) < 0) {
diff --git a/src/lib/server/map.c b/src/lib/server/map.c
index d2d3182af7e..2ba8c512216 100644
--- a/src/lib/server/map.c
+++ b/src/lib/server/map.c
@@ -877,11 +877,7 @@ static int map_exec_to_vp(TALLOC_CTX *ctx, VALUE_PAIR **out, REQUEST *request, v
 	{
 		VALUE_PAIR *vp;
 
-		vp = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
-		if (!vp) {
-			REDEBUG("Out of memory");
-			return -1;
-		}
+		MEM(vp = fr_pair_afrom_da(ctx, map->lhs->tmpl_da));
 		vp->op = map->op;
 		vp->tag = map->lhs->tmpl_tag;
 		if (fr_pair_value_from_str(vp, answer, -1, '"', false) < 0) {
@@ -1606,9 +1602,7 @@ static inline VALUE_PAIR *map_list_mod_to_vp(TALLOC_CTX *ctx, vp_tmpl_t const *a
 {
 	VALUE_PAIR *vp;
 
-	vp = fr_pair_afrom_da(ctx, attr->tmpl_da);
-	if (!vp) return NULL;
-
+	MEM(vp = fr_pair_afrom_da(ctx, attr->tmpl_da));
 	vp->tag = attr->tmpl_tag;
 
 	if (fr_value_box_copy(vp, &vp->data, value) < 0) {
@@ -2149,8 +2143,7 @@ int map_to_vp(TALLOC_CTX *ctx, VALUE_PAIR **out, REQUEST *request, vp_map_t cons
 		rad_assert(map->lhs->tmpl_da);	/* We need to know which attribute to create */
 		rad_assert(map->rhs->tmpl_xlat != NULL);
 
-		n = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
-		if (!n) return -1;
+		MEM(n = fr_pair_afrom_da(ctx, map->lhs->tmpl_da));
 
 		/*
 		 *	We do the debug printing because xlat_aeval_compiled
@@ -2186,8 +2179,7 @@ int map_to_vp(TALLOC_CTX *ctx, VALUE_PAIR **out, REQUEST *request, vp_map_t cons
 		rad_assert(tmpl_is_attr(map->lhs));
 		rad_assert(map->lhs->tmpl_da);	/* We need to know which attribute to create */
 
-		n = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
-		if (!n) return -1;
+		MEM(n = fr_pair_afrom_da(ctx, map->lhs->tmpl_da));
 
 		str = NULL;
 		slen = xlat_aeval(request, &str, request, map->rhs->name, NULL, NULL);
@@ -2212,8 +2204,7 @@ int map_to_vp(TALLOC_CTX *ctx, VALUE_PAIR **out, REQUEST *request, vp_map_t cons
 		rad_assert(tmpl_is_attr(map->lhs));
 		rad_assert(map->lhs->tmpl_da);	/* We need to know which attribute to create */
 
-		n = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
-		if (!n) return -1;
+		MEM(n = fr_pair_afrom_da(ctx, map->lhs->tmpl_da));
 
 		if (fr_pair_value_from_str(n, map->rhs->name, -1, '\0', false) < 0) {
 			rcode = 0;
@@ -2249,8 +2240,7 @@ int map_to_vp(TALLOC_CTX *ctx, VALUE_PAIR **out, REQUEST *request, vp_map_t cons
 
 			(void) fr_cursor_init(&to, out);
 			for (; vp; vp = fr_cursor_current(&from)) {
-				n = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
-				if (!n) return -1;
+				MEM(n = fr_pair_afrom_da(ctx, map->lhs->tmpl_da));
 
 				if (fr_value_box_cast(n, &n->data,
 						      map->lhs->tmpl_da->type, map->lhs->tmpl_da, &vp->data) < 0) {
@@ -2289,8 +2279,7 @@ int map_to_vp(TALLOC_CTX *ctx, VALUE_PAIR **out, REQUEST *request, vp_map_t cons
 		rad_assert(map->lhs->tmpl_da);
 		rad_assert(tmpl_is_attr(map->lhs));
 
-		n = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
-		if (!n) return -1;
+		MEM(n = fr_pair_afrom_da(ctx, map->lhs->tmpl_da));
 
 		if (map->lhs->tmpl_da->type == map->rhs->tmpl_value_type) {
 			if (fr_value_box_copy(n, &n->data, &map->rhs->tmpl_value) < 0) {
diff --git a/src/lib/server/module.c b/src/lib/server/module.c
index b72d3e5dcd6..6f90b128a58 100644
--- a/src/lib/server/module.c
+++ b/src/lib/server/module.c
@@ -631,7 +631,6 @@ bool module_section_type_set(REQUEST *request, fr_dict_attr_t const *type_da, fr
 		return false;
 
 	default:
-		MEM(0);
 		return false;
 	}
 }
diff --git a/src/lib/server/password.c b/src/lib/server/password.c
index cd07c8b8bf6..6ff832896f2 100644
--- a/src/lib/server/password.c
+++ b/src/lib/server/password.c
@@ -568,12 +568,12 @@ static VALUE_PAIR *password_process_sha3(TALLOC_CTX *ctx, REQUEST *request, VALU
 
 	switch (known_good->vp_length) {
 	case SHA224_DIGEST_LENGTH:
-		out = fr_pair_afrom_da(ctx, attr_sha3_224_password);
+		MEM(out = fr_pair_afrom_da(ctx, attr_sha3_224_password));
 		fr_pair_value_copy(out, known_good);
 		return out;
 
 	case SHA256_DIGEST_LENGTH:
-		out = fr_pair_afrom_da(ctx, attr_sha3_256_password);
+		MEM(out = fr_pair_afrom_da(ctx, attr_sha3_256_password));
 		fr_pair_value_copy(out, known_good);
 		return out;
 
@@ -583,12 +583,12 @@ static VALUE_PAIR *password_process_sha3(TALLOC_CTX *ctx, REQUEST *request, VALU
 		return out;
 
 	case SHA512_DIGEST_LENGTH:
-		out = fr_pair_afrom_da(ctx, attr_sha3_512_password);
+		MEM(out = fr_pair_afrom_da(ctx, attr_sha3_512_password));
 		fr_pair_value_copy(out, known_good);
 		return out;
 
 	default:
-		out = password_normify(ctx, request, known_good);
+		MEM(out = password_normify(ctx, request, known_good));
 		if (!out) return NULL;
 
 		normalised = password_process_sha3(ctx, request, out);
@@ -679,7 +679,7 @@ do_header:
 		if (!fr_cond_assert(known_good->da->attr < NUM_ELEMENTS(password_info))) return NULL;
 		info = &password_info[attr];
 
-		new = fr_pair_afrom_da(ctx, *(info->da));
+		MEM(new = fr_pair_afrom_da(ctx, *(info->da)));
 		switch ((*(info->da))->type) {
 		case FR_TYPE_OCTETS:
 			fr_pair_value_memcpy(new, (uint8_t const *)p, end - p, true);
@@ -739,7 +739,7 @@ do_header:
 	}
 
 bad_header:
-	new = fr_pair_afrom_da(request, def);
+	MEM(new = fr_pair_afrom_da(request, def));
 	fr_pair_value_bstrncpy(new, p, end - p);
 
 	return new;
diff --git a/src/lib/server/snmp.c b/src/lib/server/snmp.c
index e240035ec6a..ac843347af4 100644
--- a/src/lib/server/snmp.c
+++ b/src/lib/server/snmp.c
@@ -600,9 +600,7 @@ static ssize_t snmp_process_index(fr_cursor_t *out, REQUEST *request,
 			return -(depth);
 		}
 
-		vp = fr_pair_afrom_da(request->reply, da);
-		if (!vp) return 0;
-
+		MEM(vp = fr_pair_afrom_da(request->reply, da));
 		vp->vp_uint32 = i;
 		fr_cursor_prepend(out, vp);
 
@@ -811,13 +809,11 @@ static ssize_t snmp_process_leaf(fr_cursor_t *out, REQUEST *request,
 		 */
 		if (map_p->get(request->reply, &data, map_p, snmp_ctx) < 0) goto error;
 
-		vp = fr_pair_afrom_da(request->reply, map_p->da);
-		if (!vp) return 0;
+		MEM(vp = fr_pair_afrom_da(request->reply, map_p->da));
 		fr_value_box_steal(vp, &vp->data, &data);
 		fr_cursor_append(out, vp);
 
-		vp = fr_pair_afrom_da(request->reply, attr_snmp_type);
-		if (!vp) return 0;
+		MEM(vp = fr_pair_afrom_da(request->reply, attr_snmp_type));
 		vp->vp_uint32 = map_p->type;
 		fr_cursor_append(out, vp);
 	}
@@ -828,8 +824,7 @@ static ssize_t snmp_process_leaf(fr_cursor_t *out, REQUEST *request,
 		ssize_t ret;
 
 		if (!map_p->set || (map_p->type == FR_FREERADIUS_SNMP_TYPE_OBJECT)) {
-			vp = fr_pair_afrom_da(request->reply, attr_snmp_failure);
-			if (!vp) return 0;
+			MEM(vp = fr_pair_afrom_da(request->reply, attr_snmp_failure));
 			vp->vp_uint32 = FR_FREERADIUS_SNMP_FAILURE_VALUE_NOT_WRITABLE;
 			fr_cursor_append(out, vp);
 			return 0;
@@ -843,9 +838,7 @@ static ssize_t snmp_process_leaf(fr_cursor_t *out, REQUEST *request,
 		case FR_FREERADIUS_SNMP_FAILURE_VALUE_WRONG_LENGTH:
 		case FR_FREERADIUS_SNMP_FAILURE_VALUE_WRONG_VALUE:
 		case FR_FREERADIUS_SNMP_FAILURE_VALUE_INCONSISTENT_VALUE:
-			vp = fr_pair_afrom_da(request->reply, attr_snmp_failure);
-			if (!vp) break;
-
+			MEM(vp = fr_pair_afrom_da(request->reply, attr_snmp_failure));
 			vp->vp_uint32 = -(ret);
 			fr_cursor_append(out, vp);
 			break;
diff --git a/src/lib/server/tmpl.c b/src/lib/server/tmpl.c
index 17e8c322bf4..50502d53bb3 100644
--- a/src/lib/server/tmpl.c
+++ b/src/lib/server/tmpl.c
@@ -1396,9 +1396,7 @@ int tmpl_cast_to_vp(VALUE_PAIR **out, REQUEST *request,
 
 	*out = NULL;
 
-	vp = fr_pair_afrom_da(request, cast);
-	if (!vp) return -1;
-
+	MEM(vp = fr_pair_afrom_da(request, cast));
 	if (tmpl_is_data(vpt)) {
 		VP_VERIFY(vp);
 		rad_assert(vp->vp_type == vpt->tmpl_value_type);
@@ -2581,11 +2579,7 @@ int tmpl_find_or_add_vp(VALUE_PAIR **out, REQUEST *request, vp_tmpl_t const *vpt
 
 		RADIUS_LIST_AND_CTX(ctx, head, request, vpt->tmpl_request, vpt->tmpl_list);
 
-		vp = fr_pair_afrom_da(ctx, vpt->tmpl_da);
-		if (!vp) {
-			REDEBUG("Failed allocating attribute %s", vpt->tmpl_da->name);
-			return -1;
-		}
+		MEM(vp = fr_pair_afrom_da(ctx, vpt->tmpl_da));
 		*out = vp;
 	}
 		return 0;
diff --git a/src/lib/server/xlat_builtin.c b/src/lib/server/xlat_builtin.c
index 29804d6595f..77f75fc63f5 100644
--- a/src/lib/server/xlat_builtin.c
+++ b/src/lib/server/xlat_builtin.c
@@ -1715,12 +1715,7 @@ static ssize_t xlat_func_explode(TALLOC_CTX *ctx, char **out, size_t outlen,
 				continue;
 			}
 
-			nvp = fr_pair_afrom_da(talloc_parent(vp), vp->da);
-			if (!nvp) {
-				fr_pair_list_free(&head);
-				talloc_free(vpt);
-				return -1;
-			}
+			MEM(nvp = fr_pair_afrom_da(talloc_parent(vp), vp->da));
 			nvp->tag = vp->tag;
 
 			switch (vp->vp_type) {
diff --git a/src/lib/tls/cache.c b/src/lib/tls/cache.c
index 816b4d41af2..500cf16a586 100644
--- a/src/lib/tls/cache.c
+++ b/src/lib/tls/cache.c
@@ -282,12 +282,7 @@ int tls_cache_write(REQUEST *request, tls_session_t *tls_session)
 	/*
 	 *	Put the SSL data into an attribute.
 	 */
-	vp = fr_pair_afrom_da(request->state_ctx, attr_tls_session_data);
-	if (!vp) {
-		RPEDEBUG("Failed allocating &Session-Data");
-		return -1;
-	}
-
+	MEM(vp = fr_pair_afrom_da(request->state_ctx, attr_tls_session_data));
 	fr_pair_value_memcpy(vp, tls_session->session_blob, talloc_array_length(tls_session->session_blob), false);
 	RINDENT();
 	RDEBUG2("&session-state:%pP", vp);
diff --git a/src/lib/util/all.mk b/src/lib/util/all.mk
index fc7ee180581..0f8bc19ffaa 100644
--- a/src/lib/util/all.mk
+++ b/src/lib/util/all.mk
@@ -64,7 +64,7 @@ SOURCES		:= \
 
 HEADERS		:= $(subst src/lib/,,$(wildcard src/lib/util/*.h))
 
-SRC_CFLAGS	:= -D_LIBRADIUS -I$(top_builddir)/src
+SRC_CFLAGS	:= -D_LIBRADIUS -DNO_ASSERT -I$(top_builddir)/src
 
 # System libraries discovered by our top level configure script, links things
 # like pthread and the regexp libraries.
diff --git a/src/lib/util/debug.h b/src/lib/util/debug.h
index 69eca6d65d4..ea9b60d298c 100644
--- a/src/lib/util/debug.h
+++ b/src/lib/util/debug.h
@@ -29,7 +29,11 @@ extern "C" {
 #include <freeradius-devel/missing.h>
 #include <freeradius-devel/util/fring.h>
 
-#define MEM(x) do { if (!(x)) { ERROR("%s[%u] OUT OF MEMORY", __FILE__, __LINE__); _fr_exit_now(__FILE__, __LINE__, EXIT_FAILURE); } } while (0)
+#ifdef NO_ASSERT
+# define MEM(x) error "Use of MEM() not allowed in this source file.  Deal with memory allocation failure gracefully"
+#else
+# define MEM(x) do { if (!(x)) { ERROR("%s[%u] OUT OF MEMORY", __FILE__, __LINE__); _fr_exit_now(__FILE__, __LINE__, EXIT_FAILURE); } } while (0)
+#endif
 
 typedef enum {
 	DEBUGGER_STATE_UNKNOWN_NO_PTRACE	= -3,	//!< We don't have ptrace so can't check.
diff --git a/src/lib/util/dl.c b/src/lib/util/dl.c
index bbca5b36321..b5b3e2eb3a5 100644
--- a/src/lib/util/dl.c
+++ b/src/lib/util/dl.c
@@ -252,7 +252,7 @@ int dl_symbol_init(dl_loader_t *dl_loader, dl_t const *dl)
  * @param[in] dl_loader	Tree of dynamically loaded libraries, and callbacks.
  * @param[in] dl	to search for symbols in.
  */
-static void dl_symbol_free(dl_loader_t *dl_loader, dl_t const *dl)
+static int dl_symbol_free(dl_loader_t *dl_loader, dl_t const *dl)
 {
 	dl_symbol_free_t	*free;
 	fr_cursor_t		cursor;
@@ -264,7 +264,9 @@ static void dl_symbol_free(dl_loader_t *dl_loader, dl_t const *dl)
 		if (free->symbol) {
 			char *sym_name = NULL;
 
-			MEM(sym_name = talloc_typed_asprintf(NULL, "%s_%s", dl->name, free->symbol));
+			sym_name = talloc_typed_asprintf(NULL, "%s_%s", dl->name, free->symbol);
+			if (!sym_name) return -1;
+
 			sym = dlsym(dl->handle, sym_name);
 			talloc_free(sym_name);
 
@@ -273,6 +275,8 @@ static void dl_symbol_free(dl_loader_t *dl_loader, dl_t const *dl)
 
 		free->func(dl, sym, free->ctx);
 	}
+
+	return 0;
 }
 
 /** Register a callback to execute when a dl with a particular symbol is first loaded
@@ -301,7 +305,9 @@ int dl_symbol_init_cb_register(dl_loader_t *dl_loader, unsigned int priority,
 
 	dl_symbol_init_cb_unregister(dl_loader, symbol, func);
 
-	MEM(n = talloc(dl_loader, dl_symbol_init_t));
+	n = talloc(dl_loader, dl_symbol_init_t);
+	if (!n) return -1;
+
 	n->priority = priority;
 	n->symbol = symbol;
 	n->func = func;
@@ -359,7 +365,9 @@ int dl_symbol_free_cb_register(dl_loader_t *dl_loader, unsigned int priority,
 
 	dl_symbol_free_cb_unregister(dl_loader, symbol, func);
 
-	MEM(n = talloc(dl_loader, dl_symbol_free_t));
+	n = talloc(dl_loader, dl_symbol_free_t);
+	if (!n) return -1;
+
 	n->priority = priority;
 	n->symbol = symbol;
 	n->func = func;
diff --git a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
index cca6edf10ed..07a53882474 100644
--- a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
+++ b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
@@ -588,7 +588,7 @@ static FR_CODE eap_fast_eap_payload(REQUEST *request, eap_session_t *eap_session
 	 * Add the tunneled attributes to the fake request.
 	 */
 
-	request->packet->vps = fr_pair_afrom_da(fake->packet, attr_eap_message);
+	MEM(request->packet->vps = fr_pair_afrom_da(fake->packet, attr_eap_message));
 	fr_pair_value_memcpy(request->packet->vps, tlv_eap_payload->vp_octets, tlv_eap_payload->vp_length, false);
 
 	RDEBUG2("Got tunneled request");
diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
index 3d48ce55999..e2359314a3a 100644
--- a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
+++ b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
@@ -271,11 +271,7 @@ static VALUE_PAIR *eap_peap_inner_to_pairs(UNUSED REQUEST *request, RADIUS_PACKE
 
 	if (data_len > 65535) return NULL; /* paranoia */
 
-	vp = fr_pair_afrom_da(packet, attr_eap_message);
-	if (!vp) {
-		return NULL;
-	}
-
+	MEM(vp = fr_pair_afrom_da(packet, attr_eap_message));
 	total = data_len;
 	if (total > 249) total = 249;
 
@@ -293,12 +289,7 @@ static VALUE_PAIR *eap_peap_inner_to_pairs(UNUSED REQUEST *request, RADIUS_PACKE
 	fr_cursor_init(&cursor, &head);
 	fr_cursor_append(&cursor, vp);
 	while (total < data_len) {
-		vp = fr_pair_afrom_da(packet, attr_eap_message);
-		if (!vp) {
-			fr_pair_list_free(&head);
-			return NULL;
-		}
-
+		MEM(vp = fr_pair_afrom_da(packet, attr_eap_message));
 		fr_pair_value_memcpy(vp, data + total, (data_len - total), false);
 
 		total += vp->vp_length;
@@ -543,8 +534,7 @@ rlm_rcode_t eap_peap_process(REQUEST *request, eap_session_t *eap_session, tls_s
 		/*
 		 *	Save it for later.
 		 */
-		t->username = fr_pair_afrom_da(t, attr_user_name);
-		rad_assert(t->username != NULL);
+		MEM(t->username = fr_pair_afrom_da(t, attr_user_name));
 		t->username->vp_tainted = true;
 
 		fr_pair_value_bstrncpy(t->username, data + 1, data_len - 1);
@@ -726,7 +716,7 @@ rlm_rcode_t eap_peap_process(REQUEST *request, eap_session_t *eap_session, tls_s
 		 *	EAP-Identity packet.
 		 */
 		if ((data[0] == FR_EAP_METHOD_IDENTITY) && (data_len > 1)) {
-			t->username = fr_pair_afrom_da(t, attr_user_name);
+			MEM(t->username = fr_pair_afrom_da(t, attr_user_name));
 			rad_assert(t->username != NULL);
 			t->username->vp_tainted = true;
 
diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
index c77f7ef6e99..45cb3a4afdd 100644
--- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
@@ -652,8 +652,7 @@ FR_CODE eap_ttls_process(REQUEST *request, eap_session_t *eap_session, tls_sessi
 				/*
 				 *	Create & remember a User-Name
 				 */
-				t->username = fr_pair_afrom_da(t, attr_user_name);
-				rad_assert(t->username != NULL);
+				MEM(t->username = fr_pair_afrom_da(t, attr_user_name));
 				t->username->vp_tainted = true;
 
 				fr_pair_value_bstrncpy(t->username, vp->vp_octets + 5, vp->vp_length - 5);
diff --git a/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c b/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c
index e3fbe5e3b44..95575162a9b 100644
--- a/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c
+++ b/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c
@@ -1010,13 +1010,7 @@ static int parse_option(rlm_isc_dhcp_info_t *parent, rlm_isc_dhcp_tokenizer_t *s
 		return -1;
 	}
 
-	vp = fr_pair_afrom_da(parent, da);
-	if (!vp) {
-		fr_strerror_printf("out of memory");
-		talloc_free(value);
-		return -1;
-	}
-
+	MEM(vp = fr_pair_afrom_da(parent, da));
 	(void) fr_pair_cursor_init(&cursor, &parent->options);
 
 	/*
@@ -1050,8 +1044,7 @@ static int parse_option(rlm_isc_dhcp_info_t *parent, rlm_isc_dhcp_tokenizer_t *s
 		rcode = read_token(state, T_DOUBLE_QUOTED_STRING, MAYBE_SEMICOLON, false);
 		if (rcode <= 0) return rcode;
 
-		vp = fr_pair_afrom_da(parent, da);
-		if (!vp) return -1;
+		MEM(vp = fr_pair_afrom_da(parent, da));
 
 		rcode = fr_pair_value_from_str(vp, state->token, state->token_len, '\0', false);
 		if (rcode < 0) return rcode;
@@ -1787,8 +1780,7 @@ static int apply_fixed_ip(rlm_isc_dhcp_t *inst, REQUEST *request)
 
 		if (info->cmd->type != ISC_FIXED_ADDRESS) continue;
 
-		vp = fr_pair_afrom_da(request->reply->vps, attr_your_ip_address);
-		if (!vp) return -1;
+		MEM(vp = fr_pair_afrom_da(request->reply->vps, attr_your_ip_address));
 
 		rcode = fr_value_box_copy(vp, &(vp->data), info->argv[0]);
 		if (rcode < 0) return rcode;
diff --git a/src/modules/rlm_json/rlm_json.c b/src/modules/rlm_json/rlm_json.c
index ea58af2aebc..35bf8e3f2bc 100644
--- a/src/modules/rlm_json/rlm_json.c
+++ b/src/modules/rlm_json/rlm_json.c
@@ -224,18 +224,14 @@ static int _json_map_proc_get_value(TALLOC_CTX *ctx, VALUE_PAIR **out, REQUEST *
 	for (fr_cursor_init(&cursor, out), value = head;
 	     value;
 	     fr_cursor_append(&cursor, vp), value = value->next) {
-		vp = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
-		if (!vp) {
-		error:
-			talloc_free(*out);
-			return -1;
-		}
+		MEM(vp = fr_pair_afrom_da(ctx, map->lhs->tmpl_da));
 		vp->op = map->op;
 
 		if (fr_value_box_steal(vp, &vp->data, value) < 0) {
 			RPEDEBUG("Copying data to attribute failed");
 			talloc_free(vp);
-			goto error;
+			talloc_free(*out);
+			return -1;
 		}
 	}
 	return 0;
diff --git a/src/modules/rlm_mruby/rlm_mruby.c b/src/modules/rlm_mruby/rlm_mruby.c
index ba3013911fe..63da659c585 100644
--- a/src/modules/rlm_mruby/rlm_mruby.c
+++ b/src/modules/rlm_mruby/rlm_mruby.c
@@ -376,12 +376,7 @@ static void add_vp_tuple(TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR **vps, mr
 			continue;
 		}
 
-		if (!(vp = fr_pair_afrom_da(ctx, dst->tmpl_da))) {
-			ERROR("Failed to create attribute %s", ckey);
-			talloc_free(dst);
-			continue;
-		}
-
+		MEM(vp = fr_pair_afrom_da(ctx, dst->tmpl_da));
 		talloc_free(dst);
 
 		vp->op = op;
diff --git a/src/modules/rlm_python/rlm_python.c b/src/modules/rlm_python/rlm_python.c
index bb966aff93c..dc6739f8e72 100644
--- a/src/modules/rlm_python/rlm_python.c
+++ b/src/modules/rlm_python/rlm_python.c
@@ -376,13 +376,8 @@ static void mod_vptuple(TALLOC_CTX *ctx, rlm_python_t const *inst, REQUEST *requ
 			continue;
 		}
 
-		vp = fr_pair_afrom_da(ctx, dst->tmpl_da);
+		MEM(vp = fr_pair_afrom_da(ctx, dst->tmpl_da));
 		talloc_free(dst);
-		if (!vp) {
-			ERROR("%s - Failed to create attribute %s:%s", funcname, list_name, s1);
-			continue;
-		}
-
 
 		vp->op = op;
 		if (fr_pair_value_from_str(vp, s2, -1, '\0', false) < 0) {
diff --git a/src/modules/rlm_radius/rlm_radius_udp.c b/src/modules/rlm_radius/rlm_radius_udp.c
index 56a61c71c28..806fc2ca0c7 100644
--- a/src/modules/rlm_radius/rlm_radius_udp.c
+++ b/src/modules/rlm_radius/rlm_radius_udp.c
@@ -2055,7 +2055,7 @@ static int conn_write(fr_io_connection_t *c, fr_io_request_t *u)
 		attr[1] = 6;
 		memcpy(attr + 2, &c->inst->parent->proxy_state, 4);
 
-		vp = fr_pair_afrom_da(u, attr_proxy_state);
+		MEM(vp = fr_pair_afrom_da(u, attr_proxy_state));
 		fr_pair_value_memcpy(vp, attr + 2, 4, true);
 		fr_pair_add(&u->extra, vp);
 
@@ -2148,7 +2148,7 @@ static int conn_write(fr_io_connection_t *c, fr_io_request_t *u)
 	if (msg) {
 		VALUE_PAIR *vp;
 
-		vp = fr_pair_afrom_da(u, attr_message_authenticator);
+		MEM(vp = fr_pair_afrom_da(u, attr_message_authenticator));
 		fr_pair_value_memcpy(vp, msg + 2, 16, true);
 		fr_pair_add(&u->extra, vp);
 
diff --git a/src/modules/rlm_rest/rest.c b/src/modules/rlm_rest/rest.c
index 19584cbbb61..2ac2f35c051 100644
--- a/src/modules/rlm_rest/rest.c
+++ b/src/modules/rlm_rest/rest.c
@@ -714,9 +714,10 @@ static int rest_decode_plain(rlm_rest_t const *inst, UNUSED rlm_rest_section_t c
  *	- Number of VALUE_PAIRs processed.
  *	- -1 on unrecoverable error.
  */
-static int rest_decode_post(UNUSED rlm_rest_t const *instance, UNUSED rlm_rest_section_t const *section,
+static int rest_decode_post(rlm_rest_t const *instance, UNUSED rlm_rest_section_t const *section,
 			    REQUEST *request, void *handle, char *raw, size_t rawlen)
 {
+	rlm_rest_t const	*inst = instance;
 	rlm_rest_handle_t	*randle = handle;
 	CURL			*candle = randle->candle;
 
@@ -812,7 +813,7 @@ static int rest_decode_post(UNUSED rlm_rest_t const *instance, UNUSED rlm_rest_s
 
 		rad_assert(expanded);
 
-		vp = fr_pair_afrom_da(ctx, da);
+		MEM(vp = fr_pair_afrom_da(ctx, da));
 		if (!vp) {
 			REDEBUG("Failed creating valuepair");
 			talloc_free(expanded);
@@ -866,24 +867,25 @@ static int rest_decode_post(UNUSED rlm_rest_t const *instance, UNUSED rlm_rest_s
  *	- #VALUE_PAIR just created.
  *	- NULL on error.
  */
-static VALUE_PAIR *json_pair_alloc_leaf(UNUSED rlm_rest_t const *instance, UNUSED rlm_rest_section_t const *section,
+static VALUE_PAIR *json_pair_alloc_leaf(rlm_rest_t const *instance, UNUSED rlm_rest_section_t const *section,
 				        TALLOC_CTX *ctx, REQUEST *request,
 				        fr_dict_attr_t const *da, json_flags_t *flags, json_object *leaf)
 {
-	char const	*value;
-	char		*expanded = NULL;
-	int 		ret;
+	rlm_rest_t const	*inst = instance;
+	char const		*value;
+	char			*expanded = NULL;
+	int 			ret;
 
-	VALUE_PAIR	*vp;
+	VALUE_PAIR		*vp;
 
-	fr_value_box_t	src;
+	fr_value_box_t		src;
 
 	if (fr_json_object_is_type(leaf, json_type_null)) {
 		RDEBUG3("Got null value for attribute \"%s\" (skipping)", da->name);
 		return NULL;
 	}
 
-	vp = fr_pair_afrom_da(ctx, da);
+	MEM(vp = fr_pair_afrom_da(ctx, da));
 	if (!vp) {
 		RWDEBUG("Failed creating valuepair for attribute \"%s\" (skipping)", da->name);
 		talloc_free(expanded);
diff --git a/src/modules/rlm_sigtran/client.c b/src/modules/rlm_sigtran/client.c
index d780e365fff..3b17be1fcfd 100644
--- a/src/modules/rlm_sigtran/client.c
+++ b/src/modules/rlm_sigtran/client.c
@@ -313,17 +313,17 @@ static rlm_rcode_t sigtran_client_map_resume(UNUSED void *instance, UNUSED void
 
 				RDEBUG2("SIM auth vector %i", i);
 				RINDENT();
-				vp = fr_pair_afrom_da(request, attr_eap_aka_sim_rand);
+				MEM(vp = fr_pair_afrom_da(request, attr_eap_aka_sim_rand));
 				fr_pair_value_memsteal(vp, vec->sim.rand, true);
 				RDEBUG2("&control:%pP", vp);
 				fr_cursor_append(&cursor, vp);
 
-				vp = fr_pair_afrom_da(request, attr_eap_aka_sim_sres);
+				MEM(vp = fr_pair_afrom_da(request, attr_eap_aka_sim_sres));
 				fr_pair_value_memsteal(vp, vec->sim.sres, true);
 				RDEBUG2("&control:%pP", vp);
 				fr_cursor_append(&cursor, vp);
 
-				vp = fr_pair_afrom_da(request, attr_eap_aka_sim_kc);
+				MEM(vp = fr_pair_afrom_da(request, attr_eap_aka_sim_kc));
 				fr_pair_value_memsteal(vp, vec->sim.kc, true);
 				RDEBUG2("&control:%pP", vp);
 				fr_cursor_append(&cursor, vp);
@@ -341,27 +341,27 @@ static rlm_rcode_t sigtran_client_map_resume(UNUSED void *instance, UNUSED void
 
 				RDEBUG2("UMTS auth vector %i", i);
 				RINDENT();
-				vp = fr_pair_afrom_da(request, attr_eap_aka_sim_rand);
+				MEM(vp = fr_pair_afrom_da(request, attr_eap_aka_sim_rand));
 				fr_pair_value_memsteal(vp, vec->umts.rand, true);
 				RDEBUG2("&control:%pP", vp);
 				fr_cursor_append(&cursor, vp);
 
-				vp = fr_pair_afrom_da(request, attr_eap_aka_sim_xres);
+				MEM(vp = fr_pair_afrom_da(request, attr_eap_aka_sim_xres));
 				fr_pair_value_memsteal(vp, vec->umts.xres, true);
 				RDEBUG2("&control:%pP", vp);
 				fr_cursor_append(&cursor, vp);
 
-				vp = fr_pair_afrom_da(request, attr_eap_aka_sim_ck);
+				MEM(vp = fr_pair_afrom_da(request, attr_eap_aka_sim_ck));
 				fr_pair_value_memsteal(vp, vec->umts.ck, true);
 				RDEBUG2("&control:%pP", vp);
 				fr_cursor_append(&cursor, vp);
 
-				vp = fr_pair_afrom_da(request, attr_eap_aka_sim_ik);
+				MEM(vp = fr_pair_afrom_da(request, attr_eap_aka_sim_ik));
 				fr_pair_value_memsteal(vp, vec->umts.ik, true);
 				RDEBUG2("&control:%pP", vp);
 				fr_cursor_append(&cursor, vp);
 
-				vp = fr_pair_afrom_da(request, attr_eap_aka_sim_autn);
+				MEM(vp = fr_pair_afrom_da(request, attr_eap_aka_sim_autn));
 				fr_pair_value_memsteal(vp, vec->umts.authn, true);
 				RDEBUG2("&control:%pP", vp);
 				fr_cursor_append(&cursor, vp);
diff --git a/src/modules/rlm_soh/rlm_soh.c b/src/modules/rlm_soh/rlm_soh.c
index 67b110a8c26..45348ffa4ac 100644
--- a/src/modules/rlm_soh/rlm_soh.c
+++ b/src/modules/rlm_soh/rlm_soh.c
@@ -172,8 +172,8 @@ static rlm_rcode_t CC_HINT(nonnull) mod_post_auth(void *instance, UNUSED void *t
 
 					RDEBUG2("SoH adding NAP marker to DHCP reply");
 					/* client probe; send "NAP" in the reply */
-					vp = fr_pair_afrom_da(request->reply, attr_dhcp_vendor);
-					p = talloc_array(vp, uint8_t, 5);
+					MEM(vp = fr_pair_afrom_da(request->reply, attr_dhcp_vendor));
+					MEM(p = talloc_array(vp, uint8_t, 5));
 					p[0] = 220;
 					p[1] = 3;
 					p[4] = 'N';
diff --git a/src/modules/rlm_stats/rlm_stats.c b/src/modules/rlm_stats/rlm_stats.c
index fda09e22f77..e535e46780e 100644
--- a/src/modules/rlm_stats/rlm_stats.c
+++ b/src/modules/rlm_stats/rlm_stats.c
@@ -312,9 +312,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_stats(void *instance, void *thread, REQU
 		da = fr_dict_attr_by_name(dict_radius, buffer);
 		if (!da) continue;
 
-		vp = fr_pair_afrom_da(request->reply, da);
-		if (!vp) return RLM_MODULE_FAIL;
-
+		MEM(vp = fr_pair_afrom_da(request->reply, da));
 		vp->vp_uint64 = local_stats[i];
 
 		fr_cursor_append(&cursor, vp);
diff --git a/src/modules/rlm_unpack/rlm_unpack.c b/src/modules/rlm_unpack/rlm_unpack.c
index 9dbb2279b6a..34b9d958b21 100644
--- a/src/modules/rlm_unpack/rlm_unpack.c
+++ b/src/modules/rlm_unpack/rlm_unpack.c
@@ -164,8 +164,7 @@ static ssize_t unpack_xlat(UNUSED TALLOC_CTX *ctx, char **out, size_t outlen,
 		goto nothing;
 	}
 
-	cast = fr_pair_afrom_da(request, da);
-	if (!cast) goto nothing;
+	MEM(cast = fr_pair_afrom_da(request, da));
 
 	memcpy(&(cast->data), input + offset, dict_attr_sizes[type][0]);
 
diff --git a/src/protocols/dhcpv4/all.mk b/src/protocols/dhcpv4/all.mk
index d358dd3f5b4..6972fda7ba2 100644
--- a/src/protocols/dhcpv4/all.mk
+++ b/src/protocols/dhcpv4/all.mk
@@ -13,7 +13,7 @@ SOURCES		:= base.c \
 		   raw.c \
 		   udp.c
 
-SRC_CFLAGS	:= -I$(top_builddir)/src
+SRC_CFLAGS	:= -I$(top_builddir)/src -DNO_ASSERT
 TGT_LDLIBS	:= $(PCAP_LIBS)
 TGT_LDFLAGS     := $(PCAP_LDFLAGS)
 TGT_PREREQS	:= libfreeradius-util.a
diff --git a/src/protocols/dhcpv6/all.mk b/src/protocols/dhcpv6/all.mk
index 9b2284171c3..79b1ed54bb2 100644
--- a/src/protocols/dhcpv6/all.mk
+++ b/src/protocols/dhcpv6/all.mk
@@ -9,4 +9,5 @@ SOURCES		:= base.c \
 		   decode.c \
 		   encode.c
 
+SRC_CFLAGS	:= -DNO_ASSERT
 TGT_PREREQS	:= libfreeradius-util.a
diff --git a/src/protocols/dhcpv6/decode.c b/src/protocols/dhcpv6/decode.c
index 02b1440cba6..fa9a33cac3e 100644
--- a/src/protocols/dhcpv6/decode.c
+++ b/src/protocols/dhcpv6/decode.c
@@ -254,7 +254,7 @@ static ssize_t decode_array(TALLOC_CTX *ctx, fr_cursor_t *cursor, fr_dict_t cons
 		p += 2;
 		slen = decode_value(ctx, cursor, dict, parent, p, element_len , decoder_ctx);
 		if (slen < 0) return slen;
-		p += slen;		
+		p += slen;
 	}
 
 	return data_len;
diff --git a/src/protocols/ethernet/all.mk b/src/protocols/ethernet/all.mk
index b180ae08f1c..7dabbdb852d 100644
--- a/src/protocols/ethernet/all.mk
+++ b/src/protocols/ethernet/all.mk
@@ -7,4 +7,5 @@ TARGET		:= libfreeradius-ethernet.a
 
 SOURCES		:= ethernet.c
 
+SRC_CFLAGS	:= -DNO_ASSERT
 TGT_PREREQS	:= $(LIBFREERADIUS_SERVER) libfreeradius-io.a libfreeradius-util.a
diff --git a/src/protocols/radius/all.mk b/src/protocols/radius/all.mk
index 7948ebb5410..424d1065acc 100644
--- a/src/protocols/radius/all.mk
+++ b/src/protocols/radius/all.mk
@@ -12,6 +12,6 @@ SOURCES		:= base.c \
 		   packet.c \
 		   tcp.c
 
-SRC_CFLAGS	:= -D_LIBRADIUS -I$(top_builddir)/src
+SRC_CFLAGS	:= -D_LIBRADIUS -DNO_ASSERT -I$(top_builddir)/src
 
 TGT_PREREQS	:= libfreeradius-util.a
diff --git a/src/protocols/tacacs/all.mk b/src/protocols/tacacs/all.mk
index 71a2b256ebf..1ffe3a42a2c 100644
--- a/src/protocols/tacacs/all.mk
+++ b/src/protocols/tacacs/all.mk
@@ -1,3 +1,4 @@
 TARGET		:= libfreeradius-tacacs.a
 
+SRC_CFLAGS	:= -DNO_ASSERT
 SOURCES		:= base.c decode.c encode.c
diff --git a/src/protocols/tacacs/base.c b/src/protocols/tacacs/base.c
index 06ad25458b3..8e09fdc08a3 100644
--- a/src/protocols/tacacs/base.c
+++ b/src/protocols/tacacs/base.c
@@ -473,21 +473,29 @@ int fr_tacacs_packet_send(RADIUS_PACKET * const packet, RADIUS_PACKET const * co
 	}
 	seq_no = vp->vp_uint8 + 1;	/* we catch client 255 on ingress */
 
-	MEM(vp = fr_pair_afrom_da(packet, vp->da));
+	vp = fr_pair_afrom_da(packet, vp->da);
+	if (!vp) {
+	oom:
+		fr_strerror_printf("Out of memory");
+		return -1;
+	}
 	vp->vp_uint8 = vminor;
 	fr_pair_add(&packet->vps, vp);
 
 	type = tacacs_type(original);
 
-	MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_packet_type));
+	vp = fr_pair_afrom_da(packet, attr_tacacs_packet_type);
+	if (!vp) goto oom;
 	vp->vp_uint8 = type;
 	fr_pair_add(&packet->vps, vp);
 
-	MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_sequence_number));
+	vp = fr_pair_afrom_da(packet, attr_tacacs_sequence_number);
+	if (!vp) goto oom;
 	vp->vp_uint8 = seq_no;
 	fr_pair_add(&packet->vps, vp);
 
-	MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_session_id));
+	vp = fr_pair_afrom_da(packet, attr_tacacs_session_id);
+	if (!vp) goto oom;
 	vp->vp_uint32 = tacacs_session_id(original);
 	fr_pair_add(&packet->vps, vp);
 
diff --git a/src/protocols/tacacs/decode.c b/src/protocols/tacacs/decode.c
index 447fc6c1e50..7b4457f186b 100644
--- a/src/protocols/tacacs/decode.c
+++ b/src/protocols/tacacs/decode.c
@@ -52,7 +52,11 @@ static int tacacs_decode_field(TALLOC_CTX *ctx, fr_cursor_t *cursor, fr_dict_att
 		return -1;
 	}
 
-	MEM(vp = fr_pair_afrom_da(ctx, da));
+	vp = fr_pair_afrom_da(ctx, da);
+	if (!vp) {
+		fr_strerror_printf("Out of Memory");
+		return -1;
+	}
 
 	fr_pair_value_bstrncpy(vp, p, field_len);
 	p += field_len;
@@ -85,21 +89,29 @@ int fr_tacacs_packet_decode(RADIUS_PACKET * const packet)
 
 	remaining = ntohl(pkt->hdr.length);
 
-	MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_version_minor));
+	vp = fr_pair_afrom_da(packet, attr_tacacs_version_minor);
+	if (!vp) {
+	oom:
+		fr_strerror_printf("Out of Memory");
+		return -1;
+	}
 	vp->vp_uint8 = pkt->hdr.ver.minor;
 	fr_cursor_append(&cursor, vp);
 
-	MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_packet_type));
+	vp = fr_pair_afrom_da(packet, attr_tacacs_packet_type);
+	if (!vp) goto oom;
 	vp->vp_uint8 = pkt->hdr.type;
 	fr_cursor_append(&cursor, vp);
 
 	packet->code = pkt->hdr.type;
 
-	MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_sequence_number));
+	vp = fr_pair_afrom_da(packet, attr_tacacs_sequence_number);
+	if (!vp) goto oom;
 	vp->vp_uint8 = pkt->hdr.seq_no;
 	fr_cursor_append(&cursor, vp);
 
-	MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_session_id));
+	vp = fr_pair_afrom_da(packet, attr_tacacs_session_id);
+	if (!vp) goto oom;
 	vp->vp_uint32 = ntohl(pkt->hdr.session_id);
 	fr_cursor_append(&cursor, vp);
 	session_id = vp->vp_uint32;
@@ -118,19 +130,23 @@ int fr_tacacs_packet_decode(RADIUS_PACKET * const packet)
 			/*
 			 *	Decode 4 octets of various flags.
 			 */
-			MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_action));
+			vp = fr_pair_afrom_da(packet, attr_tacacs_action);
+			if (!vp) goto oom;
 			vp->vp_uint8 = pkt->authen.start.action;
 			fr_cursor_append(&cursor, vp);
 
-			MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_privilege_level));
+			vp = fr_pair_afrom_da(packet, attr_tacacs_privilege_level);
+			if (!vp) goto oom;
 			vp->vp_uint8 = pkt->authen.start.priv_lvl;
 			fr_cursor_append(&cursor, vp);
 
-			MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_type));
+			vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_type);
+			if (!vp) goto oom;
 			vp->vp_uint8 = pkt->authen.start.authen_type;
 			fr_cursor_append(&cursor, vp);
 
-			MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_service));
+			vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_service);
+			if (!vp) goto oom;
 			vp->vp_uint8 = pkt->authen.start.authen_service;
 			fr_cursor_append(&cursor, vp);
 
@@ -231,19 +247,23 @@ int fr_tacacs_packet_decode(RADIUS_PACKET * const packet)
 		/*
 		 *	Decode 4 octets of various flags.
 		 */
-		MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_method));
+		vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_method);
+		if (!vp) goto oom;
 		vp->vp_uint8 = pkt->author.req.authen_method;
 		fr_cursor_append(&cursor, vp);
 
-		MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_privilege_level));
+		vp = fr_pair_afrom_da(packet, attr_tacacs_privilege_level);
+		if (!vp) goto oom;
 		vp->vp_uint8 = pkt->author.req.priv_lvl;
 		fr_cursor_append(&cursor, vp);
 
-		MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_type));
+		vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_type);
+		if (!vp) goto oom;
 		vp->vp_uint8 = pkt->author.req.authen_type;
 		fr_cursor_append(&cursor, vp);
 
-		MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_service));
+		vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_service);
+		if (!vp) goto oom;
 		vp->vp_uint8 = pkt->author.req.authen_service;
 		fr_cursor_append(&cursor, vp);
 
@@ -301,23 +321,28 @@ int fr_tacacs_packet_decode(RADIUS_PACKET * const packet)
 		/*
 		 *	Decode 8 octets of various fields.
 		 */
-		MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_accounting_flags));
+		vp = fr_pair_afrom_da(packet, attr_tacacs_accounting_flags);
+		if (!vp) goto oom;
 		vp->vp_uint8 = pkt->acct.req.flags;
 		fr_cursor_append(&cursor, vp);
 
-		MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_method));
+		vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_method);
+		if (!vp) goto oom;
 		vp->vp_uint8 = pkt->acct.req.authen_method;
 		fr_cursor_append(&cursor, vp);
 
-		MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_privilege_level));
+		vp = fr_pair_afrom_da(packet, attr_tacacs_privilege_level);
+		if (!vp) goto oom;
 		vp->vp_uint8 = pkt->acct.req.priv_lvl;
 		fr_cursor_append(&cursor, vp);
 
-		MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_type));
+		vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_type);
+		if (!vp) goto oom;
 		vp->vp_uint8 = pkt->acct.req.authen_type;
 		fr_cursor_append(&cursor, vp);
 
-		MEM(vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_service));
+		vp = fr_pair_afrom_da(packet, attr_tacacs_authentication_service);
+		if (!vp) goto oom;
 		vp->vp_uint8 = pkt->acct.req.authen_service;
 		fr_cursor_append(&cursor, vp);
 
diff --git a/src/protocols/vqp/all.mk b/src/protocols/vqp/all.mk
index 16d9c370a4d..70371e19faf 100644
--- a/src/protocols/vqp/all.mk
+++ b/src/protocols/vqp/all.mk
@@ -7,6 +7,6 @@ TARGET		:= libfreeradius-vqp.a
 
 SOURCES		:= vqp.c base.c
 
-SRC_CFLAGS	:= -I$(top_builddir)/src
+SRC_CFLAGS	:= -I$(top_builddir)/src -DNO_ASSERT
 
 TGT_PREREQS	:= libfreeradius-util.a
diff --git a/src/protocols/vqp/vqp.c b/src/protocols/vqp/vqp.c
index 7814154c139..43cb359883a 100644
--- a/src/protocols/vqp/vqp.c
+++ b/src/protocols/vqp/vqp.c
@@ -285,19 +285,26 @@ int vqp_decode(RADIUS_PACKET *packet)
 
 	fr_cursor_init(&cursor, &packet->vps);
 
-	MEM(vp = fr_pair_afrom_da(packet, attr_packet_type));
+	vp = fr_pair_afrom_da(packet, attr_packet_type);
+	if (!vp) {
+	oom:
+		fr_strerror_printf("Out of Memory");
+		return -1;
+	}
 	vp->vp_uint32 = packet->data[1];
 	vp->vp_tainted = true;
 	DEBUG2("&%pP", vp);
 	fr_cursor_append(&cursor, vp);
 
-	MEM(vp = fr_pair_afrom_da(packet, attr_error_code));
+	vp = fr_pair_afrom_da(packet, attr_error_code);
+	if (!vp) goto oom;
 	vp->vp_uint32 = packet->data[2];
 	vp->vp_tainted = true;
 	DEBUG2("&%pP", vp);
 	fr_cursor_append(&cursor, vp);
 
-	MEM(vp = fr_pair_afrom_da(packet, attr_sequence_number));
+	vp = fr_pair_afrom_da(packet, attr_sequence_number);
+	if (!vp) goto oom;
 	vp->vp_uint32 = packet->id; /* already set by vqp_recv */
 	vp->vp_tainted = true;
 	DEBUG2("&%pP", vp);