From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 3 Aug 2016 06:52:30 +0000 (+0200)
Subject: pull NEAT fix from v4.0.x branch
X-Git-Tag: release_3_0_12~75^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=709ae17b03fc9f41a5bc043f3e4ec481ef70ffd9;p=thirdparty%2Ffreeradius-server.git

pull NEAT fix from v4.0.x branch
---

diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
index 223456c0b97..c1a00450e64 100644
--- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
+++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
@@ -545,8 +545,15 @@ failure:
 	 *	The 'value_size' is the size of the response,
 	 *	which is supposed to be the response (48
 	 *	bytes) plus 1 byte of flags at the end.
+	 *
+	 *	NOTE: When using Cisco NEAT with EAP-MSCHAPv2, the
+	 *	      switch supplicant will send MSCHAPv2 data (EAP type = 26)
+	 *	      but will always set a value_size of 16 and NULL out the
+	 *	      peer challenge.
+	 *
 	 */
-	if (eap_ds->response->type.data[4] != 49) {
+	if ((eap_ds->response->type.data[4] != 49) &&
+	    (eap_ds->response->type.data[4] != 16)) {
 		REDEBUG("Response is of incorrect length %d", eap_ds->response->type.data[4]);
 		return 0;
 	}