mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
WPS: Workaround broken Credential encoding from some D-Link APs
At least D-Link DIR-600 and DIR-825 have been reported to include an extra octet after the Network Key attribute within a Credential attribute. This can happen at least when they are provisioning an open network. Add a workaround to detect this incorrectly encoded attribute and to skip the extra octet when parsing such a Credential.
This commit is contained in:
parent
5582a5d1b3
commit
68d6fe5693
@ -530,6 +530,7 @@ int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr)
|
||||
{
|
||||
const u8 *pos, *end;
|
||||
u16 type, len;
|
||||
u16 prev_type = 0;
|
||||
|
||||
os_memset(attr, 0, sizeof(*attr));
|
||||
pos = wpabuf_head(msg);
|
||||
@ -552,6 +553,23 @@ int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr)
|
||||
if (len > end - pos) {
|
||||
wpa_printf(MSG_DEBUG, "WPS: Attribute overflow");
|
||||
wpa_hexdump_buf(MSG_MSGDUMP, "WPS: Message data", msg);
|
||||
#ifdef WPS_WORKAROUNDS
|
||||
/*
|
||||
* Some deployed APs seem to have a bug in encoding of
|
||||
* Network Key attribute in the Credential attribute
|
||||
* where they add an extra octet after the Network Key
|
||||
* attribute at least when open network is being
|
||||
* provisioned.
|
||||
*/
|
||||
if ((type & 0xff00) != 0x1000 &&
|
||||
prev_type == ATTR_NETWORK_KEY) {
|
||||
wpa_printf(MSG_DEBUG, "WPS: Workaround - try "
|
||||
"to skip unexpected octet after "
|
||||
"Network Key");
|
||||
pos -= 3;
|
||||
continue;
|
||||
}
|
||||
#endif /* WPS_WORKAROUNDS */
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -577,6 +595,7 @@ int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr)
|
||||
if (wps_set_attr(attr, type, pos, len) < 0)
|
||||
return -1;
|
||||
|
||||
prev_type = type;
|
||||
pos += len;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user