From d9efacfbba7cdcf4746cc6e58cd67a3ef5d6bdce Mon Sep 17 00:00:00 2001
From: Tim Kourt <tim.a.kourt@linux.intel.com>
Date: Wed, 18 Dec 2019 16:42:39 -0800
Subject: [PATCH] peap: Ignore Crypto-Binding TLVs with invalid compound MACs

Some server implementation don't seem to provide the valid compound MACs.
In the meantime, iwd will ignore the invalid Crypto-Binding TLVs as their
usage is optional.
---
 src/eap-peap.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/eap-peap.c b/src/eap-peap.c
index 273a206f..005eacc4 100644
--- a/src/eap-peap.c
+++ b/src/eap-peap.c
@@ -231,8 +231,11 @@ static int eap_extensions_handle_cryptobinding_tlv(struct eap_state *eap,
 					cryptobinding_compound_mac_len)) {
 		l_error("PEAP: Generated compound MAC and server compound MAC "
 							"don't match.");
-
-		return -EIO;
+		/*
+		 * Ignore the Crypto-Binding TLV in the case of unmatched
+		 * compound MACs.
+		 */
+		return 0;
 	}
 
 	/* Build response Crypto-Binding TLV */