Fixed WPS Authenticator attribute processing after M2D
We must not replace M1 with M2D as the last_msg since we need M1 to validate a possible M2 after M2D. Since M2D and ACK/NACK replies do not include Authenticator attribute, we can just ignore M2D as far as updating last_msg is concerned.
This commit is contained in:
parent
1e14526571
commit
39034ce80f
1 changed files with 8 additions and 1 deletions
|
@ -995,7 +995,14 @@ static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps,
|
|||
return WPS_FAILURE;
|
||||
}
|
||||
|
||||
if (ret == WPS_CONTINUE) {
|
||||
/*
|
||||
* Save a copy of the last message for Authenticator derivation if we
|
||||
* are continuing. However, skip M2D since it is not authenticated and
|
||||
* neither is the ACK/NACK response frame. This allows the possibly
|
||||
* following M2 to be processed correctly by using the previously sent
|
||||
* M1 in Authenticator derivation.
|
||||
*/
|
||||
if (ret == WPS_CONTINUE && *attr.msg_type != WPS_M2D) {
|
||||
/* Save a copy of the last message for Authenticator derivation
|
||||
*/
|
||||
wpabuf_free(wps->last_msg);
|
||||
|
|
Loading…
Reference in a new issue