WPS: Optimize M2 processing in AP Setup Locked case

There is no need to process the public key and generate keys if
the AP is going to reject this M2 anyway. This limits effect of
potential CPU DoS attacks in cases where AP PIN is disabled.
This commit is contained in:
Jouni Malinen 2010-08-24 16:42:26 +03:00
parent 5a1cc30f1a
commit ef546700e2

View File

@ -774,10 +774,7 @@ static enum wps_process_res wps_process_m2(struct wps_data *wps,
if (wps_process_registrar_nonce(wps, attr->registrar_nonce) || if (wps_process_registrar_nonce(wps, attr->registrar_nonce) ||
wps_process_enrollee_nonce(wps, attr->enrollee_nonce) || wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
wps_process_uuid_r(wps, attr->uuid_r) || wps_process_uuid_r(wps, attr->uuid_r)) {
wps_process_pubkey(wps, attr->public_key, attr->public_key_len) ||
wps_process_authenticator(wps, attr->authenticator, msg) ||
wps_process_device_attrs(&wps->peer_dev, attr)) {
wps->state = SEND_WSC_NACK; wps->state = SEND_WSC_NACK;
return WPS_CONTINUE; return WPS_CONTINUE;
} }
@ -791,6 +788,13 @@ static enum wps_process_res wps_process_m2(struct wps_data *wps,
return WPS_CONTINUE; return WPS_CONTINUE;
} }
if (wps_process_pubkey(wps, attr->public_key, attr->public_key_len) ||
wps_process_authenticator(wps, attr->authenticator, msg) ||
wps_process_device_attrs(&wps->peer_dev, attr)) {
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
}
wps->state = SEND_M3; wps->state = SEND_M3;
return WPS_CONTINUE; return WPS_CONTINUE;
} }