From a7d9c2b5f0c0786f5ba0010f23159d4cf828644e6dd25063755983a72ad1c293 Mon Sep 17 00:00:00 2001
From: Rahul Jain <rahul.jain@suse.com>
Date: Wed, 11 Mar 2026 20:36:39 +0530
Subject: [PATCH] FIX CVE-2026-25075:strongswan:Integer Underflow When Handling
 EAP-TTLS AVP

---
 .../libcharon/sa/ikev2/authenticators/pubkey_authenticator.c    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 39932c0..4930a7b 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -631,7 +631,7 @@ METHOD(authenticator_t, process, status_t,
 			DBG1(DBG_IKE, "%N authentication %s", auth_method_names,
 				 auth_method, reason);
 			signature_params_destroy(params);
-			return INVALID_ARG;
+			return FAILED;
 	}
 	id = this->ike_sa->get_other_id(this->ike_sa);
 	if (!get_auth_octets_scheme(this, TRUE, id, this->ppk, &octets, &params))
-- 
2.50.0