From a483ec7b6821f0143f7b07c1b47edba4dfc4828c Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Tue, 9 Mar 2021 18:28:42 -0600
Subject: [PATCH] eap: Fix Expanded Nak processing

Expanded Nak packet contains (possibly multiple) 8 byte chunks that
contain the type (1 byte, always '254') vendor-id (3 bytes) and
vendor-type (4) bytes.

Unfortunately the current logic was reading the vendor-id at the wrong
offset (0 instead of 1) and so the extracted vendor-type was incorrect.

Fixes: 17c569ba4cdd ("eap: Add authenticator method logic and API")
---
 src/eap.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/eap.c b/src/eap.c
index a38585db..c5593493 100644
--- a/src/eap.c
+++ b/src/eap.c
@@ -442,12 +442,13 @@ static void eap_handle_response(struct eap_state *eap, const uint8_t *pkt,
 			}
 		else
 			while (len >= 8) {
-				uint32_t v_id = (pkt[0] << 16) | (pkt[1] << 8) |
-					pkt[2];
+				uint32_t v_id = (pkt[1] << 16) |
+						(pkt[2] << 8) |
+						pkt[3];
 
 				l_debug("EAP peer proposed method: %s",
 					eap_type_to_str(pkt[0], v_id,
-							l_get_be32(pkt + 3)));
+							l_get_be32(pkt + 4)));
 				pkt += 8;
 				len -= 8;
 			}