Fixed EAP-AKA RES Length field in AT_RES as length in bits, not bytes

src/eap_peer/eap_aka.c

@@ -472,7 +472,7 @@ static struct wpabuf * eap_aka_response_challenge(struct eap_aka_data *data,
 	msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA,
 			       EAP_AKA_SUBTYPE_CHALLENGE);
 	wpa_printf(MSG_DEBUG, "   AT_RES");
-	eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len,
+	eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len * 8,
 			data->res, data->res_len);
 	eap_aka_add_checkcode(data, msg);
 	if (data->use_result_ind) {

wpa_supplicant/ChangeLog

@@ -8,6 +8,8 @@ ChangeLog for wpa_supplicant
 	* added a new network configuration option, wpa_ptk_rekey, that can be
 	  used to enforce frequent PTK rekeying, e.g., to mitigate some attacks
 	  against TKIP deficiencies
+	* fixed EAP-AKA to use RES Length field in AT_RES as length in bits,
+	  not bytes
 
 2008-11-01 - v0.6.5
 	* added support for SHA-256 as X.509 certificate digest when using the