From b363121a208e3d18fe80682430a5f50cefaa3595 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 1 Nov 2012 16:30:35 +0200 Subject: [PATCH] WPS: Reject invalid credential more cleanly If WPS Registrar tries to provision a WPA/WPA2-Personal network without including a valid Network Key, the network block cannot be used to connect to the network. Reject such credential without adding the network block. This makes wpa_supplicant send WSC_NACK as a response to the invalid Credential and stop the provisioning process immediately rather than only after trying unsuccessfully to connect to the network. Signed-hostap: Jouni Malinen --- src/wps/wps_enrollee.c | 5 +++-- wpa_supplicant/wps_supplicant.c | 9 +++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c index 389aa84..a8beb64 100644 --- a/src/wps/wps_enrollee.c +++ b/src/wps/wps_enrollee.c @@ -665,6 +665,7 @@ static int wps_process_cred_e(struct wps_data *wps, const u8 *cred, { struct wps_parse_attr attr; struct wpabuf msg; + int ret = 0; wpa_printf(MSG_DEBUG, "WPS: Received Credential"); os_memset(&wps->cred, 0, sizeof(wps->cred)); @@ -714,12 +715,12 @@ static int wps_process_cred_e(struct wps_data *wps, const u8 *cred, if (wps->wps->cred_cb) { wps->cred.cred_attr = cred - 4; wps->cred.cred_attr_len = cred_len + 4; - wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred); + ret = wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred); wps->cred.cred_attr = NULL; wps->cred.cred_attr_len = 0; } - return 0; + return ret; } diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c index 41aa5db..ddd400b 100644 --- a/wpa_supplicant/wps_supplicant.c +++ b/wpa_supplicant/wps_supplicant.c @@ -256,6 +256,15 @@ static int wpa_supplicant_wps_cred(void *ctx, return 0; } + if (auth_type == WPS_AUTH_WPAPSK || auth_type == WPS_AUTH_WPA2PSK) { + if (cred->key_len < 8 || cred->key_len > 2 * PMK_LEN) { + wpa_printf(MSG_ERROR, "WPS: Reject PSK credential with " + "invalid Network Key length %lu", + (unsigned long) cred->key_len); + return -1; + } + } + if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) { wpa_printf(MSG_DEBUG, "WPS: Replace WPS network block based " "on the received credential"); -- 2.1.4