diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon/sa/authenticators/eap/eap_md5.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/charon/sa/authenticators/eap/eap_md5.c b/src/charon/sa/authenticators/eap/eap_md5.c index ca5c1d6b7..0ca9fc566 100644 --- a/src/charon/sa/authenticators/eap/eap_md5.c +++ b/src/charon/sa/authenticators/eap/eap_md5.c @@ -199,7 +199,8 @@ static status_t process_server(private_eap_md5_t *this, data = in->get_data(in); response = chunk_skip(data, 6); - if (!chunk_equals(response, expected)) + if (response.len < expected.len || + !memeq(response.ptr, expected.ptr, expected.len)) { chunk_free(&expected); DBG1(DBG_IKE, "EAP-MD5 verification failed"); |