projects / freeradius.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 91ae0d9)
Fix longstanding bug where the session wasn't being properly
authoraland <aland>
Wed, 24 Jan 2007 12:24:49 +0000 (12:24 +0000)
committeraland <aland>
Wed, 24 Jan 2007 12:24:49 +0000 (12:24 +0000)
terminated on SSL error.  Instead, it continued, but set a bad
pointer, causing a server crash.

src/modules/rlm_eap/libeap/tls.c patch | blob | history

diff --git a/src/modules/rlm_eap/libeap/tls.c b/src/modules/rlm_eap/libeap/tls.c
index 53a0556..cb7f578 100644 (file)
--- a/src/modules/rlm_eap/libeap/tls.c
+++ b/src/modules/rlm_eap/libeap/tls.c
@@ -92,7 +92,7 @@ tls_session_t *eaptls_new_session(SSL_CTX *ssl_ctx, int client_cert)
 /*
  *     Print out some text describing the error.
  */
-static void int_ssl_check(SSL *s, int ret, const char *text)
+static int int_ssl_check(SSL *s, int ret, const char *text)
 {
        int e;
 
@@ -117,7 +117,7 @@ static void int_ssl_check(SSL *s, int ret, const char *text)
        case SSL_ERROR_WANT_WRITE:
        case SSL_ERROR_WANT_X509_LOOKUP:
        case SSL_ERROR_ZERO_RETURN:
-               return;
+               break;
 
                /*
                 *      These seem to be indications of a genuine
@@ -127,14 +127,12 @@ static void int_ssl_check(SSL *s, int ret, const char *text)
        case SSL_ERROR_SYSCALL:
                radlog(L_ERR, "rlm_eap_tls: %s failed in a system call (%d), TLS session fails.",
                       text, ret);
-               SSL_set_app_data(s, (char *)1);
-               return;
+               return 0;
 
        case SSL_ERROR_SSL:
                radlog(L_ERR, "rlm_eap_tls: %s failed inside of TLS (%d), TLS session fails.",
                       text, ret);
-               SSL_set_app_data(s, (char *)1);
-               return;
+               return 0;
 
        default:
                /*
@@ -144,8 +142,10 @@ static void int_ssl_check(SSL *s, int ret, const char *text)
                 *      the code needs updating here.
                 */
                radlog(L_ERR, "rlm_eap_tls: FATAL SSL error ..... %d\n", e);
-               break;
+               return 0;
        }
+
+       return 1;
 }
 
 /*
@@ -170,8 +170,8 @@ int tls_handshake_recv(tls_session_t *ssn)
                       sizeof(ssn->clean_out.data));
        if (err > 0) {
                ssn->clean_out.used = err;
-       } else {
-               int_ssl_check(ssn->ssl, err, "SSL_read");
+       } else if (!int_ssl_check(ssn->ssl, err, "SSL_read")) {
+               return 0;
        }
 
        /* Some Extra STATE information for easy debugging */
Unnamed repository; edit this file 'description' to name the repository.