From 7e97d813ee4d1886816f0c03443c5bf8b27e2966 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 5 Aug 2015 23:52:10 +0300 Subject: [PATCH] WPS: Reject AP settings with invalid network key (PSK/passphrase) This is similar to the earlier commit b363121a208e3d18fe80682430a5f50cefaa3595 ('WPS: Reject invalid credential more cleanly'), but for the AP cases where AP settings are being replaced. Previously, the new settings were taken into use even if the invalid PSK/passphrase had to be removed. Now, the settings are rejected with such an invalid configuration. Signed-off-by: Jouni Malinen --- src/ap/wps_hostapd.c | 5 +++++ src/wps/wps_enrollee.c | 5 +++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c index caed01e82..1c21b230c 100644 --- a/src/ap/wps_hostapd.c +++ b/src/ap/wps_hostapd.c @@ -452,6 +452,11 @@ static int hapd_wps_cred_cb(struct hostapd_data *hapd, void *ctx) os_free(hapd->wps->network_key); hapd->wps->network_key = NULL; hapd->wps->network_key_len = 0; + } else if ((cred->auth_type & (WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK)) && + (cred->key_len < 8 || cred->key_len > 2 * PMK_LEN)) { + wpa_printf(MSG_INFO, "WPS: Invalid key length %lu for WPA/WPA2", + (unsigned long) cred->key_len); + return -1; } else { if (hapd->wps->network_key == NULL || hapd->wps->network_key_len < cred->key_len) { diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c index 89957b1a8..53b79e3d2 100644 --- a/src/wps/wps_enrollee.c +++ b/src/wps/wps_enrollee.c @@ -799,6 +799,7 @@ static int wps_process_ap_settings_e(struct wps_data *wps, struct wpabuf *attrs, int wps2) { struct wps_credential cred; + int ret = 0; if (!wps->wps->ap) return 0; @@ -877,10 +878,10 @@ static int wps_process_ap_settings_e(struct wps_data *wps, if (wps->wps->cred_cb) { cred.cred_attr = wpabuf_head(attrs); cred.cred_attr_len = wpabuf_len(attrs); - wps->wps->cred_cb(wps->wps->cb_ctx, &cred); + ret = wps->wps->cred_cb(wps->wps->cb_ctx, &cred); } - return 0; + return ret; }