From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 14 Oct 2015 14:17:41 +0000 (-0400)
Subject: Better fix for EAP loops.  Fixes #1311
X-Git-Tag: release_3_0_11~253
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9db409d0fce0719616803dfed640aca38d352a09;p=thirdparty%2Ffreeradius-server.git

Better fix for EAP loops.  Fixes #1311
---

diff --git a/src/modules/rlm_eap/eap.c b/src/modules/rlm_eap/eap.c
index 8d681692a4e..89d23aa31ec 100644
--- a/src/modules/rlm_eap/eap.c
+++ b/src/modules/rlm_eap/eap.c
@@ -360,10 +360,14 @@ eap_rcode_t eap_method_select(rlm_eap_t *inst, eap_handler_t *handler)
 	 *	the parent has a home_server defined, then this
 	 *	request is being processed through a virtual
 	 *	server... so that's OK.
+	 *
+	 *	i.e. we're inside an EAP tunnel, which means we have a
+	 *	parent.  If the outer session exists, and doesn't have
+	 *	a home server, then it's multiple layers of tunneling.
 	 */
 	if (handler->request->parent && 
-	    !handler->request->parent->home_server &&
-	    handler->request->parent->parent) {
+	    handler->request->parent->parent &&
+	    !handler->request->parent->parent->home_server) {
 		RERROR("Multiple levels of TLS nesting are invalid");
 
 		return EAP_INVALID;