[PATCH] EAP server: Add Ident field to MS-CHAP-Error

Thu Feb 9 04:44:50 PST 2023

Per RFC2548, MS-CHAP-Error contains Ident field of one octet
followed by an ASCII message. The Ident field is missing.

Signed-off-by: Yihong Wu <wu at domosekai.com>
---
 src/eap_server/eap_server_ttls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c
index b89352244..b21f12da7 100644
--- a/src/eap_server/eap_server_ttls.c
+++ b/src/eap_server/eap_server_ttls.c
@@ -445,7 +445,8 @@ static struct wpabuf * eap_ttls_build_phase2_mschapv2(
 			sizeof(data->mschapv2_auth_response));
 	} else {
 		pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_ERROR,
-				       RADIUS_VENDOR_ID_MICROSOFT, 1, 6);
+				       RADIUS_VENDOR_ID_MICROSOFT, 1, 7);
+		*pos++ = data->mschapv2_ident;
 		os_memcpy(pos, "Failed", 6);
 		pos += 6;
 		AVP_PAD(req, pos);
-- 
2.20.1


