fail on invalid packet codes, instead of dereferencing NULL ptr

this won't happen as the rest of the code is sane, but it's good
to double-check the values to be sure.

diff --git a/src/process/tls/base.c b/src/process/tls/base.c
index a79e5125c1604998cf2471dad2e3a4786dac6e8b..0760e3351faf53be59676ac9b599af14ff7fd601 100644 (file)
--- a/src/process/tls/base.c
+++ b/src/process/tls/base.c
@@ -187,6 +187,14 @@ static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const
        request->module = NULL;
        fr_assert(request->proto_dict == dict_tls);
 
+       /*
+        *      Success, failure, and notfound are not TLS packets that we 
+        */
+       if (!request->packet->code || (request->packet->code > FR_PACKET_TYPE_VALUE_ESTABLISH_SESSION)) {
+               REDEBUG("Invalid packet code %u", request->packet->code);
+               RETURN_UNLANG_FAIL;
+       }
+
        UPDATE_STATE(packet);
 
        log_request_pair_list(L_DBG_LVL_1, request, NULL, &request->request_pairs, NULL);