mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
WPS: Reject invalid credential more cleanly
If WPS Registrar tries to provision a WPA/WPA2-Personal network without including a valid Network Key, the network block cannot be used to connect to the network. Reject such credential without adding the network block. This makes wpa_supplicant send WSC_NACK as a response to the invalid Credential and stop the provisioning process immediately rather than only after trying unsuccessfully to connect to the network. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
8c9ad085e9
commit
b363121a20
@ -665,6 +665,7 @@ static int wps_process_cred_e(struct wps_data *wps, const u8 *cred,
|
||||
{
|
||||
struct wps_parse_attr attr;
|
||||
struct wpabuf msg;
|
||||
int ret = 0;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "WPS: Received Credential");
|
||||
os_memset(&wps->cred, 0, sizeof(wps->cred));
|
||||
@ -714,12 +715,12 @@ static int wps_process_cred_e(struct wps_data *wps, const u8 *cred,
|
||||
if (wps->wps->cred_cb) {
|
||||
wps->cred.cred_attr = cred - 4;
|
||||
wps->cred.cred_attr_len = cred_len + 4;
|
||||
wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
|
||||
ret = wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
|
||||
wps->cred.cred_attr = NULL;
|
||||
wps->cred.cred_attr_len = 0;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
|
@ -256,6 +256,15 @@ static int wpa_supplicant_wps_cred(void *ctx,
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (auth_type == WPS_AUTH_WPAPSK || auth_type == WPS_AUTH_WPA2PSK) {
|
||||
if (cred->key_len < 8 || cred->key_len > 2 * PMK_LEN) {
|
||||
wpa_printf(MSG_ERROR, "WPS: Reject PSK credential with "
|
||||
"invalid Network Key length %lu",
|
||||
(unsigned long) cred->key_len);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
|
||||
wpa_printf(MSG_DEBUG, "WPS: Replace WPS network block based "
|
||||
"on the received credential");
|
||||
|
Loading…
Reference in New Issue
Block a user