mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
WPS: Allow wildcard UUID PIN to be used twice
Previously, PINs that are added with a wildcard UUID were allowed to be used only by a single Enrollee. However, there may be more than one Enrollee trying to connect when an AP indicates that active Registrar is present. As a minimal workaround, allow two Enrollees to try to use the wildcard PIN. More complete extension could use timeout and allow larger set of Enrollees to try to connect (while still keeping in mind PIN disabling requirement after 10 failed attempts). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
a91e268c5e
commit
84751b98c1
@ -804,10 +804,11 @@ static const u8 * wps_registrar_get_pin(struct wps_registrar *reg,
|
||||
/* Check for wildcard UUIDs since none of the UUID-specific
|
||||
* PINs matched */
|
||||
dl_list_for_each(pin, ®->pins, struct wps_uuid_pin, list) {
|
||||
if (pin->wildcard_uuid == 1) {
|
||||
if (pin->wildcard_uuid == 1 ||
|
||||
pin->wildcard_uuid == 2) {
|
||||
wpa_printf(MSG_DEBUG, "WPS: Found a wildcard "
|
||||
"PIN. Assigned it for this UUID-E");
|
||||
pin->wildcard_uuid = 2;
|
||||
pin->wildcard_uuid++;
|
||||
os_memcpy(pin->uuid, uuid, WPS_UUID_LEN);
|
||||
found = pin;
|
||||
break;
|
||||
@ -849,7 +850,7 @@ int wps_registrar_unlock_pin(struct wps_registrar *reg, const u8 *uuid)
|
||||
|
||||
dl_list_for_each(pin, ®->pins, struct wps_uuid_pin, list) {
|
||||
if (os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) {
|
||||
if (pin->wildcard_uuid == 2) {
|
||||
if (pin->wildcard_uuid == 3) {
|
||||
wpa_printf(MSG_DEBUG, "WPS: Invalidating used "
|
||||
"wildcard PIN");
|
||||
return wps_registrar_invalidate_pin(reg, uuid);
|
||||
@ -2104,6 +2105,13 @@ static int wps_process_e_snonce2(struct wps_data *wps, const u8 *e_snonce2)
|
||||
wps->wps_pin_revealed = 0;
|
||||
wps_registrar_unlock_pin(wps->wps->registrar, wps->uuid_e);
|
||||
|
||||
/*
|
||||
* In case wildcard PIN is used and WPS handshake succeeds in the first
|
||||
* attempt, wps_registrar_unlock_pin() would not free the PIN, so make
|
||||
* sure the PIN gets invalidated here.
|
||||
*/
|
||||
wps_registrar_invalidate_pin(wps->wps->registrar, wps->uuid_e);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user