From 689a248260c9708e6c92cd8635382725a29e34ca Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 16 Mar 2024 11:16:12 +0200
Subject: [PATCH 4/9] eapol_test: Move Message-Authenticator attribute to be
 the first one

Even if this is not strictly speaking necessary for mitigating certain
RADIUS protocol attacks, be consistent with the RADIUS server behavior
and move the Message-Authenticator attribute to be the first attribute
in the message from RADIUS client.

Signed-off-by: Jouni Malinen <j@w1.fi>

CVE: CVE-2024-3596
Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=689a248260c9708e6c92cd8635382725a29e34ca]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 wpa_supplicant/eapol_test.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
index e256ac50e..57082e4b8 100644
--- a/wpa_supplicant/eapol_test.c
+++ b/wpa_supplicant/eapol_test.c
@@ -194,6 +194,9 @@ static void ieee802_1x_encapsulate_radius(struct eapol_test_data *e,
 		return;
 	}
 
+	if (!radius_msg_add_msg_auth(msg))
+		goto fail;
+
 	radius_msg_make_authenticator(msg);
 
 	hdr = (const struct eap_hdr *) eap;
-- 
2.30.2