EAP-FAST: Reorder TLVs in PAC Acknowledgment to fix interop issues

It looks like ACS did not like PAC Acknowledgment TLV before Result TLV, so
reorder the TLVs to match the order shown in a
draft-cam-winget-eap-fast-provisioning-09.txt example. This allows
authenticated provisioning to be terminated with Access-Accept (if ACS has
that option enabled). Previously, provisioning was otherwise successful,
but the server rejected connection due to not understanding the PAC Ack
("Invalid TEAP Data recieved").

diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c
index 4c774a4..b19f298 100644 (file)
--- a/src/eap_peer/eap_fast.c
+++ b/src/eap_peer/eap_fast.c
@@ -1208,10 +1208,10 @@ static int eap_fast_process_decrypted(struct eap_sm *sm,
 
        if (tlv.result == EAP_TLV_RESULT_SUCCESS && !failed) {
                tmp = eap_fast_tlv_result(EAP_TLV_RESULT_SUCCESS, 0);
-               resp = wpabuf_concat(resp, tmp);
+               resp = wpabuf_concat(tmp, resp);
        } else if (failed) {
                tmp = eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 0);
-               resp = wpabuf_concat(resp, tmp);
+               resp = wpabuf_concat(tmp, resp);
        }
 
        if (resp && tlv.result == EAP_TLV_RESULT_SUCCESS && !failed &&