trilogy 2.9.0 → 2.12.4

data/ext/trilogy-ruby/src/client.c

@@ -1,5 +1,13 @@
 #include <fcntl.h>
-
+#include <limits.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "trilogy/allocator.h"
 #include "trilogy/client.h"
 #include "trilogy/error.h"
 
@@ -117,10 +125,40 @@ static int begin_write(trilogy_conn_t *conn)
     return trilogy_flush_writes(conn);
 }
 
-int trilogy_init(trilogy_conn_t *conn)
+static int flush_current_packet(trilogy_conn_t *conn)
+{
+    int rc = begin_write(conn);
+
+    while (rc == TRILOGY_AGAIN) {
+        rc = trilogy_sock_wait_write(conn->socket);
+
+        if (rc != TRILOGY_OK) {
+            return rc;
+        }
+
+        rc = trilogy_flush_writes(conn);
+    }
+
+    return rc;
+}
+
+static int read_packet_blocking(trilogy_conn_t *conn)
 {
     int rc;
 
+    while ((rc = read_packet(conn)) == TRILOGY_AGAIN) {
+        rc = trilogy_sock_wait_read(conn->socket);
+
+        if (rc != TRILOGY_OK) {
+            return rc;
+        }
+    }
+
+    return rc;
+}
+
+int trilogy_init_no_buffer(trilogy_conn_t *conn)
+{
     conn->affected_rows = 0;
     conn->last_insert_id = 0;
     conn->warning_count = 0;
@@ -142,8 +180,14 @@ int trilogy_init(trilogy_conn_t *conn)
     trilogy_packet_parser_init(&conn->packet_parser, &packet_parser_callbacks);
     conn->packet_parser.user_data = &conn->packet_buffer;
 
-    CHECKED(trilogy_buffer_init(&conn->packet_buffer, TRILOGY_DEFAULT_BUF_SIZE));
+    return TRILOGY_OK;
+}
 
+int trilogy_init(trilogy_conn_t *conn)
+{
+    int rc;
+    trilogy_init_no_buffer(conn);
+    CHECKED(trilogy_buffer_init(&conn->packet_buffer, TRILOGY_DEFAULT_BUF_SIZE));
     return TRILOGY_OK;
 }
 
@@ -217,7 +261,7 @@ static int read_err_packet(trilogy_conn_t *conn)
     return TRILOGY_ERR;
 }
 
-static int read_eof_packet(trilogy_conn_t *conn)
+static int read_deprecated_eof_packet(trilogy_conn_t *conn)
 {
     trilogy_eof_packet_t eof_packet;
 
@@ -236,6 +280,36 @@ static int read_eof_packet(trilogy_conn_t *conn)
     return TRILOGY_EOF;
 }
 
+bool is_eof_packet(trilogy_conn_t *conn)
+{
+    // An EOF packet first byte can mark an EOF/OK packet, a deprecated EOF packet, or a huge data packet.
+    if (current_packet_type(conn) == TRILOGY_PACKET_EOF) {
+        if (conn->capabilities & TRILOGY_CAPABILITIES_DEPRECATE_EOF) {
+            // The EOF/OK packet can contain an info message and/or session state info up to max packet length.
+            return conn->packet_buffer.len <= TRILOGY_MAX_PACKET_LEN;
+        } else {
+            // The deprecated EOF packet must be smaller than 9 bytes (one 8-byte length-encoded integer).
+            return conn->packet_buffer.len < 9;
+        }
+    }
+    return false;
+}
+
+static int read_eof_packet(trilogy_conn_t *conn)
+{
+    int rc;
+
+    if (conn->capabilities & TRILOGY_CAPABILITIES_DEPRECATE_EOF) {
+        return read_ok_packet(conn);
+    } else {
+        if ((rc = read_deprecated_eof_packet(conn)) != TRILOGY_EOF) {
+            return rc;
+        }
+
+        return TRILOGY_OK;
+    }
+}
+
 static int read_auth_switch_packet(trilogy_conn_t *conn, trilogy_handshake_t *handshake)
 {
     trilogy_auth_switch_request_packet_t auth_switch_packet;
@@ -259,7 +333,8 @@ static int read_auth_switch_packet(trilogy_conn_t *conn, trilogy_handshake_t *ha
     return TRILOGY_AUTH_SWITCH;
 }
 
-static int handle_generic_response(trilogy_conn_t *conn) {
+static int handle_generic_response(trilogy_conn_t *conn)
+{
     switch (current_packet_type(conn)) {
     case TRILOGY_PACKET_OK:
         return read_ok_packet(conn);
@@ -310,6 +385,16 @@ int trilogy_connect_send_socket(trilogy_conn_t *conn, trilogy_sock_t *sock)
     return TRILOGY_OK;
 }
 
+int trilogy_connect_set_fd(trilogy_conn_t *conn, trilogy_sock_t *sock, int fd)
+{
+    trilogy_sock_set_fd(sock, fd);
+
+    conn->socket = sock;
+    conn->packet_parser.sequence_number = 0;
+
+    return TRILOGY_OK;
+}
+
 int trilogy_connect_recv(trilogy_conn_t *conn, trilogy_handshake_t *handshake_out)
 {
     int rc = read_packet(conn);
@@ -407,9 +492,294 @@ void trilogy_auth_clear_password(trilogy_conn_t *conn)
     }
 }
 
+#define CACHING_SHA2_REQUEST_PUBLIC_KEY 2
+#define CACHING_SHA2_SCRAMBLE_LEN 20
 #define FAST_AUTH_OK 3
 #define FAST_AUTH_FAIL 4
 
+static int read_auth_result(trilogy_conn_t *conn)
+{
+    int rc = read_packet_blocking(conn);
+
+    if (rc < 0) {
+        return rc;
+    }
+
+    trilogy_auth_clear_password(conn);
+    return handle_generic_response(conn);
+}
+
+static int send_cleartext_password(trilogy_conn_t *conn)
+{
+    trilogy_builder_t builder;
+
+    int rc = begin_command_phase(&builder, conn, conn->packet_parser.sequence_number);
+
+    if (rc < 0) {
+        return rc;
+    }
+
+    if (conn->socket->opts.password_len == 0) {
+        rc = trilogy_builder_write_uint8(&builder, 0);
+
+        if (rc < 0) {
+            return rc;
+        }
+
+        trilogy_builder_finalize(&builder);
+        return flush_current_packet(conn);
+    }
+
+    rc = trilogy_build_auth_clear_password(&builder, conn->socket->opts.password, conn->socket->opts.password_len);
+
+    if (rc < 0) {
+        return rc;
+    }
+
+    return flush_current_packet(conn);
+}
+
+static int send_auth_buffer(trilogy_conn_t *conn, const void *buff, size_t buff_len)
+{
+    trilogy_builder_t builder;
+    int rc = begin_command_phase(&builder, conn, conn->packet_parser.sequence_number);
+
+    if (rc < 0) {
+        return rc;
+    }
+
+    rc = trilogy_builder_write_buffer(&builder, buff, buff_len);
+    if (rc < 0) {
+        return rc;
+    }
+
+    trilogy_builder_finalize(&builder);
+
+    return flush_current_packet(conn);
+}
+
+static int send_public_key_request(trilogy_conn_t *conn)
+{
+    uint8_t request = CACHING_SHA2_REQUEST_PUBLIC_KEY;
+
+    return send_auth_buffer(conn, &request, sizeof(request));
+}
+
+static int encrypt_password_with_public_key(const uint8_t *scramble, size_t scramble_len, trilogy_conn_t *conn,
+                                            const uint8_t *key_data, size_t key_data_len, uint8_t **encrypted_out,
+                                            size_t *encrypted_len)
+{
+    int rc = TRILOGY_OK;
+    uint8_t *ciphertext = NULL;
+    size_t ciphertext_len = 0;
+
+    if (key_data_len == 0 || key_data_len > INT_MAX) {
+        return TRILOGY_AUTH_PLUGIN_ERROR;
+    }
+
+    size_t password_len = conn->socket->opts.password_len;
+    if (password_len == SIZE_MAX) {
+        return TRILOGY_MEM_ERROR;
+    }
+    size_t plaintext_len = password_len + 1;
+    uint8_t *plaintext = xmalloc(plaintext_len);
+
+    if (plaintext == NULL) {
+        return TRILOGY_MEM_ERROR;
+    }
+
+    if (password_len > 0) {
+        memcpy(plaintext, conn->socket->opts.password, password_len);
+    }
+    plaintext[plaintext_len - 1] = '\0';
+
+    if (scramble_len > 0) {
+        for (size_t i = 0; i < plaintext_len; i++) {
+            plaintext[i] ^= scramble[i % scramble_len];
+        }
+    }
+
+    BIO *bio = BIO_new_mem_buf((void *)key_data, (int)key_data_len);
+    if (bio == NULL) {
+        xfree(plaintext);
+        return TRILOGY_OPENSSL_ERR;
+    }
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    EVP_PKEY *public_key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
+#else
+    RSA *public_key = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
+#endif
+
+    BIO_free(bio);
+
+    if (public_key == NULL) {
+        ERR_clear_error();
+        memset(plaintext, 0, plaintext_len);
+        xfree(plaintext);
+        return TRILOGY_AUTH_PLUGIN_ERROR;
+    }
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    int key_size = EVP_PKEY_get_size(public_key);
+    if (key_size <= 0) {
+        EVP_PKEY_free(public_key);
+        memset(plaintext, 0, plaintext_len);
+        xfree(plaintext);
+        return TRILOGY_AUTH_PLUGIN_ERROR;
+    }
+    ciphertext_len = (size_t)key_size;
+#else
+    ciphertext_len = (size_t)RSA_size(public_key);
+#endif
+
+    /*
+       When using RSA_PKCS1_OAEP_PADDING the password length must be less
+       than RSA_size(rsa) - 41.
+     */
+    if (ciphertext_len == 0 || plaintext_len + 41 >= ciphertext_len) {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+        EVP_PKEY_free(public_key);
+#else
+        RSA_free(public_key);
+#endif
+        memset(plaintext, 0, plaintext_len);
+        xfree(plaintext);
+        return TRILOGY_AUTH_PLUGIN_ERROR;
+    }
+
+    ciphertext = xmalloc(ciphertext_len);
+
+    if (ciphertext == NULL) {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+        EVP_PKEY_free(public_key);
+#else
+        RSA_free(public_key);
+#endif
+        memset(plaintext, 0, plaintext_len);
+        xfree(plaintext);
+        return TRILOGY_MEM_ERROR;
+    }
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(public_key, NULL);
+    if (ctx == NULL || EVP_PKEY_encrypt_init(ctx) <= 0 ||
+        EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) {
+        rc = TRILOGY_OPENSSL_ERR;
+    } else {
+        size_t out_len = ciphertext_len;
+
+        if (EVP_PKEY_encrypt(ctx, ciphertext, &out_len, plaintext, plaintext_len) <= 0) {
+            rc = TRILOGY_OPENSSL_ERR;
+        } else {
+            *encrypted_len = out_len;
+        }
+    }
+
+    if (ctx) {
+        EVP_PKEY_CTX_free(ctx);
+    }
+    EVP_PKEY_free(public_key);
+#else
+    int out_len = RSA_public_encrypt((int)plaintext_len, plaintext, ciphertext, public_key, RSA_PKCS1_OAEP_PADDING);
+    RSA_free(public_key);
+
+    if (out_len < 0) {
+        rc = TRILOGY_OPENSSL_ERR;
+    } else {
+        *encrypted_len = (size_t)out_len;
+    }
+#endif
+
+    memset(plaintext, 0, plaintext_len);
+    xfree(plaintext);
+
+    if (rc == TRILOGY_OK) {
+        *encrypted_out = ciphertext;
+    } else {
+        memset(ciphertext, 0, ciphertext_len);
+        xfree(ciphertext);
+    }
+
+    return rc;
+}
+
+static int handle_fast_auth_fail(trilogy_conn_t *conn, trilogy_handshake_t *handshake, const uint8_t *auth_data,
+                                 size_t auth_data_len)
+{
+    int rc;
+    bool use_ssl = (conn->socket->opts.flags & TRILOGY_CAPABILITIES_SSL) != 0;
+    bool has_unix_socket = (conn->socket->opts.path != NULL);
+
+    // No password to send, so we can safely respond even without TLS.
+    if (conn->socket->opts.password_len == 0) {
+        rc = send_cleartext_password(conn);
+        if (rc < 0) {
+            return rc;
+        }
+
+        return read_auth_result(conn);
+    }
+
+    if (use_ssl || has_unix_socket) {
+        rc = send_cleartext_password(conn);
+        if (rc < 0) {
+            return rc;
+        }
+
+        return read_auth_result(conn);
+    }
+
+    const uint8_t *public_key_data = NULL;
+    size_t public_key_len = 0;
+
+    if (auth_data_len > 1) {
+        public_key_data = auth_data + 1;
+        public_key_len = auth_data_len - 1;
+    } else {
+        rc = send_public_key_request(conn);
+        if (rc < 0) {
+            return rc;
+        }
+
+        rc = read_packet_blocking(conn);
+        if (rc < 0) {
+            return rc;
+        }
+
+        if (current_packet_type(conn) == TRILOGY_PACKET_ERR) {
+            return read_err_packet(conn);
+        }
+
+        if (current_packet_type(conn) != TRILOGY_PACKET_AUTH_MORE_DATA || conn->packet_buffer.len < 2) {
+            return TRILOGY_PROTOCOL_VIOLATION;
+        }
+
+        public_key_data = conn->packet_buffer.buff + 1;
+        public_key_len = conn->packet_buffer.len - 1;
+    }
+
+    uint8_t *encrypted = NULL;
+    size_t encrypted_len = 0;
+
+    rc = encrypt_password_with_public_key((const uint8_t *)handshake->scramble, CACHING_SHA2_SCRAMBLE_LEN, conn,
+                                          public_key_data, public_key_len, &encrypted, &encrypted_len);
+
+    if (rc < 0) {
+        return rc;
+    }
+
+    rc = send_auth_buffer(conn, encrypted, encrypted_len);
+    memset(encrypted, 0, encrypted_len);
+    xfree(encrypted);
+
+    if (rc < 0) {
+        return rc;
+    }
+
+    return read_auth_result(conn);
+}
+
 int trilogy_auth_recv(trilogy_conn_t *conn, trilogy_handshake_t *handshake)
 {
     int rc = read_packet(conn);
@@ -420,67 +790,24 @@ int trilogy_auth_recv(trilogy_conn_t *conn, trilogy_handshake_t *handshake)
 
     switch (current_packet_type(conn)) {
     case TRILOGY_PACKET_AUTH_MORE_DATA: {
-        bool use_ssl = (conn->socket->opts.flags & TRILOGY_CAPABILITIES_SSL) != 0;
-        bool has_unix_socket = (conn->socket->opts.path != NULL);
+        const uint8_t *auth_data = conn->packet_buffer.buff + 1;
+        size_t auth_data_len = conn->packet_buffer.len - 1;
 
-        if (!use_ssl && !has_unix_socket) {
-            return TRILOGY_UNSUPPORTED;
+        if (auth_data_len < 1) {
+            return TRILOGY_PROTOCOL_VIOLATION;
         }
 
-        uint8_t byte = conn->packet_buffer.buff[1];
+        uint8_t byte = auth_data[0];
         switch (byte) {
-            case FAST_AUTH_OK:
-                break;
-            case FAST_AUTH_FAIL:
-                {
-                    trilogy_builder_t builder;
-                    int err = begin_command_phase(&builder, conn, conn->packet_parser.sequence_number);
-
-                    if (err < 0) {
-                        return err;
-                    }
-
-                    err = trilogy_build_auth_clear_password(&builder, conn->socket->opts.password, conn->socket->opts.password_len);
-
-                    if (err < 0) {
-                        return err;
-                    }
-
-                    int rc = begin_write(conn);
-
-                    while (rc == TRILOGY_AGAIN) {
-                        rc = trilogy_sock_wait_write(conn->socket);
-                        if (rc != TRILOGY_OK) {
-                            return rc;
-                        }
-
-                        rc = trilogy_flush_writes(conn);
-                    }
-                    if (rc != TRILOGY_OK) {
-                        return rc;
-                    }
-
-                    break;
-                }
-            default:
-                return TRILOGY_UNEXPECTED_PACKET;
-        }
-        while (1) {
-            rc = read_packet(conn);
+        case FAST_AUTH_OK:
+            return read_auth_result(conn);
 
-            if (rc == TRILOGY_OK) {
-                break;
-            }
-            else if (rc == TRILOGY_AGAIN) {
-                rc = trilogy_sock_wait_read(conn->socket);
-            }
+        case FAST_AUTH_FAIL:
+            return handle_fast_auth_fail(conn, handshake, auth_data, auth_data_len);
 
-            if (rc != TRILOGY_OK) {
-                return rc;
-            }
+        default:
+            return TRILOGY_UNEXPECTED_PACKET;
         }
-        trilogy_auth_clear_password(conn);
-        return handle_generic_response(conn);
     }
 
     case TRILOGY_PACKET_EOF:
@@ -535,7 +862,8 @@ int trilogy_set_option_send(trilogy_conn_t *conn, const uint16_t option)
     return begin_write(conn);
 }
 
-int trilogy_set_option_recv(trilogy_conn_t *conn) {
+int trilogy_set_option_recv(trilogy_conn_t *conn)
+{
     int rc = read_packet(conn);
 
     if (rc < 0) {
@@ -555,7 +883,6 @@ int trilogy_set_option_recv(trilogy_conn_t *conn) {
     }
 }
 
-
 int trilogy_ping_send(trilogy_conn_t *conn)
 {
     trilogy_builder_t builder;
@@ -646,15 +973,7 @@ static int read_eof(trilogy_conn_t *conn)
         return rc;
     }
 
-    if (conn->capabilities & TRILOGY_CAPABILITIES_DEPRECATE_EOF) {
-        return read_ok_packet(conn);
-    } else {
-        if ((rc = read_eof_packet(conn)) != TRILOGY_EOF) {
-            return rc;
-        }
-
-        return TRILOGY_OK;
-    }
+    return read_eof_packet(conn);
 }
 
 int trilogy_read_row(trilogy_conn_t *conn, trilogy_value_t *values_out)
@@ -679,14 +998,12 @@ int trilogy_read_row(trilogy_conn_t *conn, trilogy_value_t *values_out)
         return rc;
     }
 
-    if (conn->capabilities & TRILOGY_CAPABILITIES_DEPRECATE_EOF && current_packet_type(conn) == TRILOGY_PACKET_EOF) {
-        if ((rc = read_ok_packet(conn)) != TRILOGY_OK) {
+    if (is_eof_packet(conn)) {
+        if ((rc = read_eof_packet(conn)) != TRILOGY_OK) {
             return rc;
         }
 
         return TRILOGY_EOF;
-    } else if (current_packet_type(conn) == TRILOGY_PACKET_EOF && conn->packet_buffer.len < 9) {
-        return read_eof_packet(conn);
     } else if (current_packet_type(conn) == TRILOGY_PACKET_ERR) {
         return read_err_packet(conn);
     } else {
@@ -716,13 +1033,14 @@ int trilogy_drain_results(trilogy_conn_t *conn)
             return rc;
         }
 
-        if (current_packet_type(conn) == TRILOGY_PACKET_EOF && conn->packet_buffer.len < 9) {
+        if (is_eof_packet(conn)) {
+            read_eof_packet(conn);
             return TRILOGY_OK;
         }
     }
 }
 
-static uint8_t escape_lookup_table[256] = {
+static const uint8_t escape_lookup_table[256] = {
     ['"'] = '"', ['\0'] = '0', ['\''] = '\'', ['\\'] = '\\', ['\n'] = 'n', ['\r'] = 'r', [26] = 'Z',
 };
 
@@ -735,28 +1053,40 @@ int trilogy_escape(trilogy_conn_t *conn, const char *str, size_t len, const char
 
     b->len = 0;
 
-    if (conn->server_status & TRILOGY_SERVER_STATUS_NO_BACKSLASH_ESCAPES) {
-        for (size_t i = 0; i < len; i++) {
-            const uint8_t c = (uint8_t)str[i];
+    // Escaped string will be at least as large as the source string,
+    // so might as well pre-expand the buffer.
+    CHECKED(trilogy_buffer_expand(b, len));
 
-            if (c == '\'') {
-                CHECKED(trilogy_buffer_putc(b, '\''));
-                CHECKED(trilogy_buffer_putc(b, '\''));
+    const uint8_t *cursor = (const uint8_t *)str;
+    const uint8_t *end = cursor + len;
+
+    if (conn->server_status & TRILOGY_SERVER_STATUS_NO_BACKSLASH_ESCAPES) {
+        while (cursor < end) {
+            uint8_t *next_escape = memchr(cursor, '\'', (size_t)(end - cursor));
+            if (next_escape) {
+                CHECKED(trilogy_buffer_write(b, cursor, (size_t)(next_escape - cursor)));
+                CHECKED(trilogy_buffer_write(b, (uint8_t *)"\'\'", 2));
+                cursor = next_escape + 1;
             } else {
-                CHECKED(trilogy_buffer_putc(b, c));
+                CHECKED(trilogy_buffer_write(b, cursor, (size_t)(end - cursor)));
+                break;
             }
         }
     } else {
-        for (size_t i = 0; i < len; i++) {
-            const uint8_t c = (uint8_t)str[i];
-
-            uint8_t escaped = escape_lookup_table[(uint8_t)c];
+        while (cursor < end) {
+            uint8_t escaped = 0;
+            const uint8_t *start = cursor;
+            while (cursor < end && !(escaped = escape_lookup_table[*cursor])) {
+                cursor++;
+            }
 
+            CHECKED(trilogy_buffer_write(b, start, (size_t)(cursor - start)));
             if (escaped) {
                 CHECKED(trilogy_buffer_putc(b, '\\'));
                 CHECKED(trilogy_buffer_putc(b, escaped));
+                cursor++;
             } else {
-                CHECKED(trilogy_buffer_putc(b, c));
+                break;
             }
         }
     }
@@ -940,20 +1270,18 @@ int trilogy_stmt_bind_data_send(trilogy_conn_t *conn, trilogy_stmt_t *stmt, uint
 int trilogy_stmt_read_row(trilogy_conn_t *conn, trilogy_stmt_t *stmt, trilogy_column_packet_t *columns,
                           trilogy_binary_value_t *values_out)
 {
-    int err = read_packet(conn);
+    int rc = read_packet(conn);
 
-    if (err < 0) {
-        return err;
+    if (rc < 0) {
+        return rc;
     }
 
-    if (conn->capabilities & TRILOGY_CAPABILITIES_DEPRECATE_EOF && current_packet_type(conn) == TRILOGY_PACKET_EOF) {
-        if ((err = read_ok_packet(conn)) != TRILOGY_OK) {
-            return err;
+    if (is_eof_packet(conn)) {
+        if ((rc = read_eof_packet(conn)) != TRILOGY_OK) {
+            return rc;
         }
 
         return TRILOGY_EOF;
-    } else if (current_packet_type(conn) == TRILOGY_PACKET_EOF && conn->packet_buffer.len < 9) {
-        return read_eof_packet(conn);
     } else if (current_packet_type(conn) == TRILOGY_PACKET_ERR) {
         return read_err_packet(conn);
     } else {
@@ -978,9 +1306,7 @@ int trilogy_stmt_reset_send(trilogy_conn_t *conn, trilogy_stmt_t *stmt)
     return begin_write(conn);
 }
 
-int trilogy_stmt_reset_recv(trilogy_conn_t *conn) {
-    return read_generic_response(conn);
-}
+int trilogy_stmt_reset_recv(trilogy_conn_t *conn) { return read_generic_response(conn); }
 
 int trilogy_stmt_close_send(trilogy_conn_t *conn, trilogy_stmt_t *stmt)
 {

data/ext/trilogy-ruby/src/packet_parser.c

@@ -74,7 +74,7 @@ size_t trilogy_packet_parser_execute(trilogy_packet_parser_t *parser, const uint
             break;
         }
         case S_SEQ: {
-            if (cur_byte != parser->sequence_number) {
+            if (cur_byte != parser->sequence_number && cur_byte > 0) {
                 *error = TRILOGY_INVALID_SEQUENCE_ID;
                 return i;
             }