From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Fri, 9 Oct 2015 20:32:45 +0000 (-0400)
Subject: Ignore callbacks for pseudo content types.  Fixes EAP-TTLS MSCHAPv2 (and possibly... 
X-Git-Tag: release_3_0_11~273
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7b5493c61aeb4e5cb9ba218d8c5553f580ceee6;p=thirdparty%2Ffreeradius-server.git

Ignore callbacks for pseudo content types.  Fixes EAP-TTLS MSCHAPv2 (and possibly others) with OpenSSL 1.0.2
---

diff --git a/src/main/cb.c b/src/main/cb.c
index 2f38f772bf5..f6880a2faa6 100644
--- a/src/main/cb.c
+++ b/src/main/cb.c
@@ -82,12 +82,27 @@ void cbtls_msg(int write_p, int msg_version, int content_type,
 	uint8_t const *buf = inbuf;
 	tls_session_t *state = (tls_session_t *)arg;
 
+	/*
+	 *	OpenSSL 1.0.2 calls this function with 'pseudo'
+	 *	content types.  Which breaks our tracking of
+	 *	the SSL Session state.
+	 */
+	if ((msg_version == 0) && (content_type > UINT8_MAX)) {
+		DEBUG4("Ignoring cbtls_msg call with pseudo content type %i, version %i",
+		       content_type, msg_version);
+		return;
+	}
+
 	/*
 	 *	Work around bug #298, where we may be called with a NULL
 	 *	argument.  We should really log a serious error
 	 */
 	if (!state) return;
 
+	/*
+	 *	0 - received (from peer)
+	 *	1 - sending (to peer)
+	 */
 	state->info.origin = write_p;
 	state->info.content_type = content_type;
 	state->info.record_len = len;