From 9a03d084c98f1da00f47eecc26167c7d38173eb1 Mon Sep 17 00:00:00 2001
From: Bryan Biedenkapp <gatekeep@gmail.com>
Date: Fri, 28 Jul 2023 13:55:02 -0400
Subject: [PATCH] fix issue where TGID ACL may never be enabled; check ACLs
 before issuing a grant from a grant demand;

---
 src/lookups/TalkgroupRulesLookup.cpp |  2 +-
 src/p25/Control.cpp                  | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/lookups/TalkgroupRulesLookup.cpp b/src/lookups/TalkgroupRulesLookup.cpp
index a2e6a08f..1c7a0d82 100644
--- a/src/lookups/TalkgroupRulesLookup.cpp
+++ b/src/lookups/TalkgroupRulesLookup.cpp
@@ -51,7 +51,7 @@ TalkgroupRulesLookup::TalkgroupRulesLookup(const std::string& filename, uint32_t
     m_rulesFile(filename),
     m_reloadTime(reloadTime),
     m_rules(),
-    m_acl(false),
+    m_acl(acl),
     m_groupHangTime(5U),
     m_sendTalkgroups(false),
     m_groupVoice()
diff --git a/src/p25/Control.cpp b/src/p25/Control.cpp
index 03720701..81545f53 100644
--- a/src/p25/Control.cpp
+++ b/src/p25/Control.cpp
@@ -1228,6 +1228,16 @@ void Control::processNetwork()
         case P25_DUID_TDULC:
             // is this an TDU with a grant demand?
             if (duid == P25_DUID_TDU && m_control && grantDemand) {
+                // validate source RID
+                if (!acl::AccessControl::validateSrcId(srcId)) {
+                    return;
+                }
+
+                // validate the target ID, if the target is a talkgroup
+                if (!acl::AccessControl::validateTGId(dstId)) {
+                    return;
+                }
+
                 uint8_t serviceOptions = (control.getEmergency() ? 0x80U : 0x00U) +     // Emergency Flag
                     (control.getEncrypted() ? 0x40U : 0x00U) +                          // Encrypted Flag
                     (control.getPriority() & 0x07U);                                    // Priority