Fixed WPS Authenticator attribute processing after M2D

We must not replace M1 with M2D as the last_msg since we need M1 to
validate a possible M2 after M2D. Since M2D and ACK/NACK replies do not
include Authenticator attribute, we can just ignore M2D as far as
updating last_msg is concerned.
This commit is contained in:
Jouni Malinen 2009-01-28 11:59:29 +02:00 committed by Jouni Malinen
parent 1e14526571
commit 39034ce80f

View file

@ -995,7 +995,14 @@ static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps,
return WPS_FAILURE;
}
if (ret == WPS_CONTINUE) {
/*
* Save a copy of the last message for Authenticator derivation if we
* are continuing. However, skip M2D since it is not authenticated and
* neither is the ACK/NACK response frame. This allows the possibly
* following M2 to be processed correctly by using the previously sent
* M1 in Authenticator derivation.
*/
if (ret == WPS_CONTINUE && *attr.msg_type != WPS_M2D) {
/* Save a copy of the last message for Authenticator derivation
*/
wpabuf_free(wps->last_msg);