WPS: Reject AP settings with invalid network key (PSK/passphrase)

This is similar to the earlier commit
b363121a20 ('WPS: Reject invalid
credential more cleanly'), but for the AP cases where AP settings are
being replaced. Previously, the new settings were taken into use even if
the invalid PSK/passphrase had to be removed. Now, the settings are
rejected with such an invalid configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2015-08-05 23:52:10 +03:00 committed by Jouni Malinen
parent 133716a722
commit 7e97d813ee
2 changed files with 8 additions and 2 deletions

View file

@ -452,6 +452,11 @@ static int hapd_wps_cred_cb(struct hostapd_data *hapd, void *ctx)
os_free(hapd->wps->network_key);
hapd->wps->network_key = NULL;
hapd->wps->network_key_len = 0;
} else if ((cred->auth_type & (WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK)) &&
(cred->key_len < 8 || cred->key_len > 2 * PMK_LEN)) {
wpa_printf(MSG_INFO, "WPS: Invalid key length %lu for WPA/WPA2",
(unsigned long) cred->key_len);
return -1;
} else {
if (hapd->wps->network_key == NULL ||
hapd->wps->network_key_len < cred->key_len) {

View file

@ -799,6 +799,7 @@ static int wps_process_ap_settings_e(struct wps_data *wps,
struct wpabuf *attrs, int wps2)
{
struct wps_credential cred;
int ret = 0;
if (!wps->wps->ap)
return 0;
@ -877,10 +878,10 @@ static int wps_process_ap_settings_e(struct wps_data *wps,
if (wps->wps->cred_cb) {
cred.cred_attr = wpabuf_head(attrs);
cred.cred_attr_len = wpabuf_len(attrs);
wps->wps->cred_cb(wps->wps->cb_ctx, &cred);
ret = wps->wps->cred_cb(wps->wps->cb_ctx, &cred);
}
return 0;
return ret;
}