eap-mschapv2: Keep internal state to prevent authentication from succeeding prematurely
authorTobias Brunner <tobias@strongswan.org>
Thu, 29 Oct 2015 10:23:33 +0000 (11:23 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 16 Nov 2015 12:19:36 +0000 (13:19 +0100)
commitf9c5c805532566572ec8b79a76d7e24bb44cee85
treea73913ed4d2b58517f535e0df90377cacbc7c70c
parentfe48e4ae313149a33b412d4676fa54a738c9dd5f
eap-mschapv2: Keep internal state to prevent authentication from succeeding prematurely

We can't allow a client to send us MSCHAPV2_SUCCESS messages before it
was authenticated successfully.

Fixes CVE-2015-8023.
src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c