WPS: Fix nonce comparisons

Multiple memcmps of nonces were actually comparing only the first byte
instead of all 16 bytes. [Bug 462]

Signed-hostap: Eyal Shapira <eyal@wizery.com>
intended-for: hostap-1

diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index da0c101..389aa84 100644 (file)
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -1150,7 +1150,7 @@ static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps,
                return WPS_FAILURE;
 
        if (attr.enrollee_nonce == NULL ||
-           os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
+           os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
                wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
                return WPS_FAILURE;
        }
@@ -1242,14 +1242,14 @@ static enum wps_process_res wps_process_wsc_ack(struct wps_data *wps,
        }
 
        if (attr.registrar_nonce == NULL ||
-           os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
+           os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
        {
                wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
                return WPS_FAILURE;
        }
 
        if (attr.enrollee_nonce == NULL ||
-           os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
+           os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
                wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
                return WPS_FAILURE;
        }
@@ -1289,7 +1289,7 @@ static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps,
        }
 
        if (attr.registrar_nonce == NULL ||
-           os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
+           os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
        {
                wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
                wpa_hexdump(MSG_DEBUG, "WPS: Received Registrar Nonce",
@@ -1300,7 +1300,7 @@ static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps,
        }
 
        if (attr.enrollee_nonce == NULL ||
-           os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
+           os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
                wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
                wpa_hexdump(MSG_DEBUG, "WPS: Received Enrollee Nonce",
                            attr.enrollee_nonce, WPS_NONCE_LEN);

diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 154c2b4..2d0b545 100644 (file)
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -2849,7 +2849,7 @@ static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps,
        if (*attr.msg_type != WPS_M1 &&
            (attr.registrar_nonce == NULL ||
             os_memcmp(wps->nonce_r, attr.registrar_nonce,
-                      WPS_NONCE_LEN != 0))) {
+                      WPS_NONCE_LEN) != 0)) {
                wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
                return WPS_FAILURE;
        }
@@ -2945,14 +2945,14 @@ static enum wps_process_res wps_process_wsc_ack(struct wps_data *wps,
 #endif /* CONFIG_WPS_UPNP */
 
        if (attr.registrar_nonce == NULL ||
-           os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
+           os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
        {
                wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
                return WPS_FAILURE;
        }
 
        if (attr.enrollee_nonce == NULL ||
-           os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
+           os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
                wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
                return WPS_FAILURE;
        }
@@ -3014,14 +3014,14 @@ static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps,
 #endif /* CONFIG_WPS_UPNP */
 
        if (attr.registrar_nonce == NULL ||
-           os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
+           os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
        {
                wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
                return WPS_FAILURE;
        }
 
        if (attr.enrollee_nonce == NULL ||
-           os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
+           os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
                wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
                return WPS_FAILURE;
        }
@@ -3100,14 +3100,14 @@ static enum wps_process_res wps_process_wsc_done(struct wps_data *wps,
 #endif /* CONFIG_WPS_UPNP */
 
        if (attr.registrar_nonce == NULL ||
-           os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
+           os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
        {
                wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
                return WPS_FAILURE;
        }
 
        if (attr.enrollee_nonce == NULL ||
-           os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
+           os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
                wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
                return WPS_FAILURE;
        }