From 78270bc39e84a6cad92127fb13b61ce195bb0912 Mon Sep 17 00:00:00 2001
From: Tim Kourt <tim.a.kourt@linux.intel.com>
Date: Thu, 15 Feb 2018 10:49:08 -0800
Subject: [PATCH] eap: interoperability support for Success/Failure pkts

---
 src/eap.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/eap.c b/src/eap.c
index e637dbdf..82921d10 100644
--- a/src/eap.c
+++ b/src/eap.c
@@ -290,9 +290,17 @@ void eap_rx_packet(struct eap_state *eap, const uint8_t *pkt, size_t len)
 		l_timeout_remove(eap->complete_timeout);
 		eap->complete_timeout = NULL;
 
-		/* Section 4.2 */
-
-		if (id != eap->last_id)
+		/* RFC3748, Section 4.2
+		 *
+		 * The Identifier field of the Success and Failure packets
+		 * MUST match the Identifier field of the Response packet that
+		 * it is sent in response to. However, many currently deployed
+		 * implementations ignore this rule and increment Identity for
+		 * the Success and Failure packets. In order to support
+		 * interoperability with these products we validate id against
+		 * eap->last_id and its incremented value.
+		 */
+		if (id != eap->last_id && id != eap->last_id + 1)
 			return;
 
 		if (eap_len != 4)