File 0010-strongswan-4.4.0-5.3.3_eap_mschapv2_state.patch of Package strongswan.22505

From 91762f11e223e33b82182150d7c4cf7c2ec3cefa Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 29 Oct 2015 11:18:27 +0100
References: CVE-2015-8023, bsc#953817
Subject: [PATCH] eap-mschapv2: Only succeed authentication if MSK was
 established

An MSK is only established if the client successfully authenticated
itself and only then must we accept an MSCHAPV2_SUCCESS message.

Fixes CVE-2015-8023
---
 src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
index f7f39f9841d2..931e3c41dde4 100644
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -1145,7 +1145,11 @@ METHOD(eap_method_t, process_server, status_t,
 		}
 		case MSCHAPV2_SUCCESS:
 		{
-			return SUCCESS;
+			if (this->msk.ptr)
+			{
+				return SUCCESS;
+			}
+			break;
 		}
 		case MSCHAPV2_FAILURE:
 		{
-- 
1.9.1