From 11356a2ab5a7ea36f8c0c9738aac02bf912adb29 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni.malinen@atheros.com>
Date: Sat, 3 Apr 2010 18:34:44 +0200
Subject: [PATCH] WPS: Fix PBC session overlap detection to use Device Password
 Id

Active PBC mode is indicated by Device Password Id == 4, not Config Methods
attribute.
---
 src/wps/wps_registrar.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 2399d1c88..dc46fdce9 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -759,7 +759,6 @@ void wps_registrar_probe_req_rx(struct wps_registrar *reg, const u8 *addr,
 				const struct wpabuf *wps_data)
 {
 	struct wps_parse_attr attr;
-	u16 methods;
 
 	wpa_hexdump_buf(MSG_MSGDUMP,
 			"WPS: Probe Request with WPS data received",
@@ -779,7 +778,13 @@ void wps_registrar_probe_req_rx(struct wps_registrar *reg, const u8 *addr,
 		return;
 	}
 
-	if (reg->enrollee_seen_cb && attr.dev_password_id && attr.uuid_e &&
+	if (attr.dev_password_id == NULL) {
+		wpa_printf(MSG_DEBUG, "WPS: No Device Password Id attribute "
+			   "in Probe Request");
+		return;
+	}
+
+	if (reg->enrollee_seen_cb && attr.uuid_e &&
 	    attr.primary_dev_type && attr.request_type) {
 		char *dev_name = NULL;
 		if (attr.dev_name) {
@@ -797,8 +802,7 @@ void wps_registrar_probe_req_rx(struct wps_registrar *reg, const u8 *addr,
 		os_free(dev_name);
 	}
 
-	methods = WPA_GET_BE16(attr.config_methods);
-	if (!(methods & WPS_CONFIG_PUSHBUTTON))
+	if (WPA_GET_BE16(attr.dev_password_id) != DEV_PW_PUSHBUTTON)
 		return; /* Not PBC */
 
 	wpa_printf(MSG_DEBUG, "WPS: Probe Request for PBC received from "