From 91762f11e223e33b82182150d7c4cf7c2ec3cefa Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 29 Oct 2015 11:18:27 +0100 References: CVE-2015-8023, bsc#953817 Subject: [PATCH] eap-mschapv2: Only succeed authentication if MSK was established An MSK is only established if the client successfully authenticated itself and only then must we accept an MSCHAPV2_SUCCESS message. Fixes CVE-2015-8023 --- src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c index f7f39f9841d2..931e3c41dde4 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c @@ -1145,7 +1145,11 @@ METHOD(eap_method_t, process_server, status_t, } case MSCHAPV2_SUCCESS: { - return SUCCESS; + if (this->msk.ptr) + { + return SUCCESS; + } + break; } case MSCHAPV2_FAILURE: { -- 1.9.1