diff options
| author | Lior David <qca_liord@qca.qualcomm.com> | 2017-09-28 18:55:09 (GMT) |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2017-10-03 16:19:01 (GMT) |
| commit | fa4b605a0d1dcbd32a5038d61b90b8efd1ec7645 (patch) | |
| tree | 1fc9ce6613b49fe7a451d2223ba1c8dae4656d48 | |
| parent | 002b49ed074e06ffdb6c7800e4976996ef069d67 (diff) | |
| download | hostap-fa4b605a0d1dcbd32a5038d61b90b8efd1ec7645.zip hostap-fa4b605a0d1dcbd32a5038d61b90b8efd1ec7645.tar.gz hostap-fa4b605a0d1dcbd32a5038d61b90b8efd1ec7645.tar.bz2 | |
WPS: Do not increment wildcard_uuid when pin is locked
Commit 84751b98c151f70c322b6b7f70d967400e147852 ('WPS: Allow wildcard
UUID PIN to be used twice') relaxed the constraints on how many time a
wildcard PIN can be used to allow two attempts. However, it did this in
a way that could result in concurrent attempts resulting in the wildcard
PIN being invalidated even without the second attempt actually going as
far as trying to use the PIN and a WPS protocol run.
wildcard_uuid is a flag/counter set for wildcard PINs and it is
incremented whenever the PIN is retrieved by wps_registrar_get_pin().
Eventually it causes the wildcard PIN to be released, effectively
limiting the number of registration attempts with a wildcard PIN.
With the previous implementation, when the PIN is in use and locked
(PIN_LOCKED), it is not returned from wps_registrar_get_pin() but
wildcard_uuid is still incremented which can cause the PIN to be
released earlier and stations will have fewer registration attempts with
it. Fix this scenario by only incrementing wildcard_uuid if the PIN is
actually going to be returned and used.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
| -rw-r--r-- | src/wps/wps_registrar.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c index def2ad6..379925e 100644 --- a/src/wps/wps_registrar.c +++ b/src/wps/wps_registrar.c @@ -880,6 +880,7 @@ static const u8 * wps_registrar_get_pin(struct wps_registrar *reg, const u8 *uuid, size_t *pin_len) { struct wps_uuid_pin *pin, *found = NULL; + int wildcard = 0; wps_registrar_expire_pins(reg); @@ -899,7 +900,7 @@ static const u8 * wps_registrar_get_pin(struct wps_registrar *reg, pin->wildcard_uuid == 2) { wpa_printf(MSG_DEBUG, "WPS: Found a wildcard " "PIN. Assigned it for this UUID-E"); - pin->wildcard_uuid++; + wildcard = 1; os_memcpy(pin->uuid, uuid, WPS_UUID_LEN); found = pin; break; @@ -921,6 +922,8 @@ static const u8 * wps_registrar_get_pin(struct wps_registrar *reg, } *pin_len = found->pin_len; found->flags |= PIN_LOCKED; + if (wildcard) + found->wildcard_uuid++; return found->pin; } |