From bf7579b592fff7e6b8f398fb6d125b8ff20b53a9 Mon Sep 17 00:00:00 2001
From: Kevin Wasserman <kevin.wasserman@painless-security.com>
Date: Wed, 15 Feb 2012 15:22:26 -0500
Subject: [PATCH 1/1] Fix bug in eap_ttls_avp_encapsulate() when >248 bytes are
 encapsulated.

src pointer wasn't being advanced, so the first 248 bytes were duplicated
in place of the remainder of the message.
---
 libeap/src/eap_peer/eap_ttls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libeap/src/eap_peer/eap_ttls.c b/libeap/src/eap_peer/eap_ttls.c
index 855ce49..ef966cb 100644
--- a/libeap/src/eap_peer/eap_ttls.c
+++ b/libeap/src/eap_peer/eap_ttls.c
@@ -288,6 +288,7 @@ static int eap_ttls_avp_vsa_encapsulate(struct wpabuf **resp, u32 vendor,
 				       avp_size);
 		os_memcpy(pos, src, avp_size);
 		pos += avp_size;
+		src += avp_size;
 		AVP_PAD(avp, pos);
 		wpabuf_put(msg, pos - avp);
 		avp = pos;
-- 
2.1.4