eap-mschapv2: Fix length check for successful responses on the client

author Tobias Brunner <tobias@strongswan.org>

Thu, 9 Oct 2025 09:29:30 +0000 (11:29 +0200)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Mon, 27 Oct 2025 13:02:59 +0000 (14:02 +0100)
author Tobias Brunner <tobias@strongswan.org>
Thu, 9 Oct 2025 09:29:30 +0000 (11:29 +0200)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Mon, 27 Oct 2025 13:02:59 +0000 (14:02 +0100)
diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c

index 1bb54c877b6a52249da94b93e392bf337754cb38..21cc95a6a360513a791e44c99ac0508ad066c4be 100644 (file)
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -889,7 +889,7 @@ static status_t process_peer_success(private_eap_mschapv2_t *this,
         data = in->get_data(in);
         eap = (eap_mschapv2_header_t*)data.ptr;
  
-       if (data.len < AUTH_RESPONSE_LEN)
+       if (data.len < HEADER_LEN + AUTH_RESPONSE_LEN)
         {
                 DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short");
                 return FAILED;
author	Tobias Brunner <tobias@strongswan.org>
	Thu, 9 Oct 2025 09:29:30 +0000 (11:29 +0200)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Mon, 27 Oct 2025 13:02:59 +0000 (14:02 +0100)