diff options
authorLior David <qca_liord@qca.qualcomm.com>2017-09-28 18:55:09 (GMT)
committerJouni Malinen <j@w1.fi>2017-10-03 16:19:01 (GMT)
commitfa4b605a0d1dcbd32a5038d61b90b8efd1ec7645 (patch)
parent002b49ed074e06ffdb6c7800e4976996ef069d67 (diff)
WPS: Do not increment wildcard_uuid when pin is locked
Commit 84751b98c151f70c322b6b7f70d967400e147852 ('WPS: Allow wildcard UUID PIN to be used twice') relaxed the constraints on how many time a wildcard PIN can be used to allow two attempts. However, it did this in a way that could result in concurrent attempts resulting in the wildcard PIN being invalidated even without the second attempt actually going as far as trying to use the PIN and a WPS protocol run. wildcard_uuid is a flag/counter set for wildcard PINs and it is incremented whenever the PIN is retrieved by wps_registrar_get_pin(). Eventually it causes the wildcard PIN to be released, effectively limiting the number of registration attempts with a wildcard PIN. With the previous implementation, when the PIN is in use and locked (PIN_LOCKED), it is not returned from wps_registrar_get_pin() but wildcard_uuid is still incremented which can cause the PIN to be released earlier and stations will have fewer registration attempts with it. Fix this scenario by only incrementing wildcard_uuid if the PIN is actually going to be returned and used. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
1 files changed, 4 insertions, 1 deletions
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index def2ad6..379925e 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -880,6 +880,7 @@ static const u8 * wps_registrar_get_pin(struct wps_registrar *reg,
const u8 *uuid, size_t *pin_len)
struct wps_uuid_pin *pin, *found = NULL;
+ int wildcard = 0;
@@ -899,7 +900,7 @@ static const u8 * wps_registrar_get_pin(struct wps_registrar *reg,
pin->wildcard_uuid == 2) {
wpa_printf(MSG_DEBUG, "WPS: Found a wildcard "
"PIN. Assigned it for this UUID-E");
- pin->wildcard_uuid++;
+ wildcard = 1;
os_memcpy(pin->uuid, uuid, WPS_UUID_LEN);
found = pin;
@@ -921,6 +922,8 @@ static const u8 * wps_registrar_get_pin(struct wps_registrar *reg,
*pin_len = found->pin_len;
found->flags |= PIN_LOCKED;
+ if (wildcard)
+ found->wildcard_uuid++;
return found->pin;