From 168f840169899f1de1606cc7bfe58896a4631258 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 18 Jul 2010 18:54:58 -0700 Subject: [PATCH] WPS 2.0: Add strict validation of SetSelectedRegistrar attributes --- src/wps/wps.h | 7 +++++++ src/wps/wps_upnp_ap.c | 2 ++ src/wps/wps_validate.c | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+) diff --git a/src/wps/wps.h b/src/wps/wps.h index 3364a0483..b8fb4e9a6 100644 --- a/src/wps/wps.h +++ b/src/wps/wps.h @@ -774,6 +774,7 @@ int wps_validate_m8_encr(const struct wpabuf *tlvs, int ap); int wps_validate_wsc_ack(const struct wpabuf *tlvs); int wps_validate_wsc_nack(const struct wpabuf *tlvs); int wps_validate_wsc_done(const struct wpabuf *tlvs); +int wps_validate_upnp_set_selected_registrar(const struct wpabuf *tlvs); #else /* CONFIG_WPS_STRICT */ static inline int wps_validate_beacon(const struct wpabuf *wps_ie){ return 0; @@ -884,6 +885,12 @@ static inline int wps_validate_wsc_done(const struct wpabuf *tlvs) { return 0; } + +static inline int wps_validate_upnp_set_selected_registrar( + const struct wpabuf *tlvs) +{ + return 0; +} #endif /* CONFIG_WPS_STRICT */ #endif /* WPS_H */ diff --git a/src/wps/wps_upnp_ap.c b/src/wps/wps_upnp_ap.c index 907a1ce15..501ecbc81 100644 --- a/src/wps/wps_upnp_ap.c +++ b/src/wps/wps_upnp_ap.c @@ -39,6 +39,8 @@ int upnp_er_set_selected_registrar(struct wps_registrar *reg, wpa_hexdump_buf(MSG_MSGDUMP, "WPS: SetSelectedRegistrar attributes", msg); + if (wps_validate_upnp_set_selected_registrar(msg) < 0) + return -1; if (wps_parse_msg(msg, &attr) < 0) return -1; diff --git a/src/wps/wps_validate.c b/src/wps/wps_validate.c index dfd9cd0ee..500c5a141 100644 --- a/src/wps/wps_validate.c +++ b/src/wps/wps_validate.c @@ -1850,3 +1850,40 @@ int wps_validate_wsc_done(const struct wpabuf *tlvs) return 0; } + + +int wps_validate_upnp_set_selected_registrar(const struct wpabuf *tlvs) +{ + struct wps_parse_attr attr; + int wps2; + int sel_reg; + + if (tlvs == NULL) { + wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in " + "SetSelectedRegistrar"); + return -1; + } + if (wps_parse_msg(tlvs, &attr) < 0) { + wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " + "in SetSelectedRegistrar"); + return -1; + } + + wps2 = attr.version2 != NULL; + sel_reg = attr.selected_registrar != NULL && + *attr.selected_registrar != 0; + if (wps_validate_version(attr.version, 1) || + wps_validate_dev_password_id(attr.dev_password_id, sel_reg) || + wps_validate_sel_reg_config_methods(attr.sel_reg_config_methods, + wps2, sel_reg) || + wps_validate_version2(attr.version2, wps2) || + wps_validate_authorized_macs(attr.authorized_macs, + attr.authorized_macs_len, wps2) || + wps_validate_uuid_r(attr.uuid_r, wps2)) { + wpa_printf(MSG_INFO, "WPS-STRICT: Invalid " + "SetSelectedRegistrar"); + return -1; + } + + return 0; +}