From 91762f11e223e33b82182150d7c4cf7c2ec3cefa Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 29 Oct 2015 11:18:27 +0100
Subject: [PATCH] eap-mschapv2: Only succeed authentication if MSK was
 established

An MSK is only established if the client successfully authenticated
itself and only then must we accept an MSCHAPV2_SUCCESS message.

Fixes CVE-2015-8023
---
 src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Index: strongswan-5.1.2/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
===================================================================
--- strongswan-5.1.2.orig/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c	2015-11-11 07:57:22.132300446 -0500
+++ strongswan-5.1.2/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c	2015-11-11 07:57:22.132300446 -0500
@@ -1141,7 +1141,11 @@
 		}
 		case MSCHAPV2_SUCCESS:
 		{
-			return SUCCESS;
+			if (this->msk.ptr)
+			{
+				return SUCCESS;
+			}
+			break;
 		}
 		case MSCHAPV2_FAILURE:
 		{