From 3749ad0e1d62e06f35085d8c17e64ca801529434 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 22 Oct 2017 13:49:01 +0300 Subject: [PATCH] DPP: Explicitly check and reject 0x00 and 0x03 I/R-capab role 0x00 and 0x03 are not valid I/R-capabilities role values. Signed-off-by: Jouni Malinen --- src/common/dpp.c | 29 +++++++++++++++++++++++------ src/common/wpa_ctrl.h | 1 + 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/common/dpp.c b/src/common/dpp.c index 40b875087..b15b172ed 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -2370,7 +2370,10 @@ dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual, break; default: wpa_printf(MSG_DEBUG, "DPP: Unexpected role in I-capabilities"); - goto not_compatible; + wpa_msg(auth->msg_ctx, MSG_INFO, + DPP_EVENT_FAIL "Invalid role in I-capabilities 0x%02x", + auth->i_capab & DPP_CAPAB_ROLE_MASK); + goto fail; } auth->peer_protocol_key = pi; @@ -2616,9 +2619,18 @@ dpp_auth_resp_rx_status(struct dpp_authentication *auth, const u8 *hdr, wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_NOT_COMPATIBLE "r-capab=0x%02x", auth->r_capab); } else if (status == DPP_STATUS_RESPONSE_PENDING) { - wpa_printf(MSG_DEBUG, - "DPP: Continue waiting for full DPP Authentication Response"); - wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_RESPONSE_PENDING); + u8 role = auth->r_capab & DPP_CAPAB_ROLE_MASK; + + if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) || + (!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) { + wpa_msg(auth->msg_ctx, MSG_INFO, + DPP_EVENT_FAIL "Unexpected role in R-capabilities 0x%02x", + role); + } else { + wpa_printf(MSG_DEBUG, + "DPP: Continue waiting for full DPP Authentication Response"); + wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_RESPONSE_PENDING); + } } fail: bin_clear_free(unwrapped, unwrapped_len); @@ -2642,6 +2654,7 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, r_proto_len, r_nonce_len, i_nonce_len, r_capab_len, wrapped2_len, r_auth_len; u8 r_auth2[DPP_MAX_HASH_LEN]; + u8 role; wrapped_data = dpp_get_attr(attr_start, attr_len, DPP_ATTR_WRAPPED_DATA, &wrapped_data_len); @@ -2821,9 +2834,13 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, } auth->r_capab = r_capab[0]; wpa_printf(MSG_DEBUG, "DPP: R-capabilities: 0x%02x", auth->r_capab); - if ((auth->configurator && (auth->r_capab & DPP_CAPAB_CONFIGURATOR)) || - (!auth->configurator && (auth->r_capab & DPP_CAPAB_ENROLLEE))) { + role = auth->r_capab & DPP_CAPAB_ROLE_MASK; + if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) || + (!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) { wpa_printf(MSG_DEBUG, "DPP: Incompatible role selection"); + wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_FAIL + "Unexpected role in R-capabilities 0x%02x", + role); goto fail; } diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h index 05d2f4489..18eeeb726 100644 --- a/src/common/wpa_ctrl.h +++ b/src/common/wpa_ctrl.h @@ -170,6 +170,7 @@ extern "C" { #define DPP_EVENT_RX "DPP-RX " #define DPP_EVENT_TX "DPP-TX " #define DPP_EVENT_TX_STATUS "DPP-TX-STATUS " +#define DPP_EVENT_FAIL "DPP-FAIL " /* MESH events */ #define MESH_GROUP_STARTED "MESH-GROUP-STARTED "