blob: 17581e455ff67841f8060094f301e93c7260eff2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From 0812bc1768cedc420adc03e86893d798fa19e872 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Wed, 1 Feb 2023 14:38:53 -0500
Subject: [PATCH] be more careful about session established. Fixes #4878
---
src/main/tls.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/main/tls.c b/src/main/tls.c
index 5ca2f5fed250..4f34d70faccc 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -5338,7 +5338,13 @@ fr_tls_status_t tls_ack_handler(tls_session_t *ssn, REQUEST *request)
return FR_TLS_FAIL;
case handshake:
- if ((ssn->is_init_finished) && (ssn->dirty_out.used == 0)) {
+ if (ssn->dirty_out.used > 0) {
+ RDEBUG2("(TLS) Peer ACKed our handshake fragment");
+ /* Fragmentation handler, send next fragment */
+ return FR_TLS_REQUEST;
+ }
+
+ if (ssn->is_init_finished || SSL_is_init_finished(ssn->ssl)) {
RDEBUG2("(TLS) Peer ACKed our handshake fragment. handshake is finished");
/*
@@ -5350,9 +5356,8 @@ fr_tls_status_t tls_ack_handler(tls_session_t *ssn, REQUEST *request)
return FR_TLS_SUCCESS;
} /* else more data to send */
- RDEBUG2("(TLS) Peer ACKed our handshake fragment");
- /* Fragmentation handler, send next fragment */
- return FR_TLS_REQUEST;
+ REDEBUG("(TLS) Cannot continue, as the peer is misbehaving.");
+ return FR_TLS_FAIL;
case application_data:
RDEBUG2("(TLS) Peer ACKed our application data fragment");
|