WPS: Ignore PBC-to-PIN change from M1 to M2 as a workaround

Some APs may incorrectly change Device Password ID from PBC in M1 to
Default PIN in M2 even when they are ready to continue with PBC. This
behavior used to work with earlier implementation in wpa_supplicant, but
commit b4a17a6ea74b2ffba082e05c84730e979513042c started validating this
as part of a change that is needed to support NFC configuration method.

While this kind of AP behavior is against the WSC specification and
there could be potential use cases for moving from PBC to PIN, e.g., in
case of PBC session overlap, it is justifiable to work around this issue
to avoid interoperability issues with deployed APs. There are no known
implementations of PBC-to-PIN change from M1 to M2, so this should not
reduce available functionality in practice.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index d02ba308662e45a6d0e1dc01bf106afe1184f2e0..7b86ff7ac3bf9fa07faa090d471a1b6a491b1a51 100644 (file)
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -864,6 +864,12 @@ static int wps_process_dev_pw_id(struct wps_data *wps, const u8 *dev_pw_id)
        wpa_printf(MSG_DEBUG, "WPS: Registrar trying to change Device Password "
                   "ID from %u to %u", wps->dev_pw_id, id);
 
+       if (wps->dev_pw_id == DEV_PW_PUSHBUTTON && id == DEV_PW_DEFAULT) {
+               wpa_printf(MSG_DEBUG,
+                          "WPS: Workaround - ignore PBC-to-PIN change");
+               return 0;
+       }
+
        if (wps->alt_dev_password && wps->alt_dev_pw_id == id) {
                wpa_printf(MSG_DEBUG, "WPS: Found a matching Device Password");
                os_free(wps->dev_password);