mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
DPP: Ignore GAS server status callback for unknown response
It was possible for a timeout from an old GAS server operation to trigger DPP configuration failure during the subsequent DPP operation. Fix this by verifying that the status callback is for the response generated during the same DPP Authentication/Configuration exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
73a7feb311
commit
82feacced0
@ -202,6 +202,7 @@ struct dpp_authentication {
|
|||||||
int remove_on_tx_status;
|
int remove_on_tx_status;
|
||||||
int auth_success;
|
int auth_success;
|
||||||
struct wpabuf *conf_req;
|
struct wpabuf *conf_req;
|
||||||
|
const struct wpabuf *conf_resp; /* owned by GAS server */
|
||||||
struct dpp_configuration *conf_ap;
|
struct dpp_configuration *conf_ap;
|
||||||
struct dpp_configuration *conf_sta;
|
struct dpp_configuration *conf_sta;
|
||||||
struct dpp_configurator *conf;
|
struct dpp_configurator *conf;
|
||||||
|
@ -2045,6 +2045,7 @@ wpas_dpp_gas_req_handler(void *ctx, const u8 *sa, const u8 *query,
|
|||||||
resp = dpp_conf_req_rx(auth, query, query_len);
|
resp = dpp_conf_req_rx(auth, query, query_len);
|
||||||
if (!resp)
|
if (!resp)
|
||||||
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
|
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
|
||||||
|
auth->conf_resp = resp;
|
||||||
return resp;
|
return resp;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2059,6 +2060,13 @@ wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok)
|
|||||||
wpabuf_free(resp);
|
wpabuf_free(resp);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
if (auth->conf_resp != resp) {
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"DPP: Ignore GAS status report (ok=%d) for unknown response",
|
||||||
|
ok);
|
||||||
|
wpabuf_free(resp);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
|
wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
|
||||||
ok);
|
ok);
|
||||||
|
Loading…
Reference in New Issue
Block a user