Fixed WPS Authenticator attribute processing after M2D

We must not replace M1 with M2D as the last_msg since we need M1 to
validate a possible M2 after M2D. Since M2D and ACK/NACK replies do not
include Authenticator attribute, we can just ignore M2D as far as
updating last_msg is concerned.

diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index d02f1c0dadff61fe8d475eaf475a3e19eaedb28b..c3be2485d8887948de87fa326cc228112a968cbc 100644 (file)
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -995,7 +995,14 @@ static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps,
                return WPS_FAILURE;
        }
 
-       if (ret == WPS_CONTINUE) {
+       /*
+        * Save a copy of the last message for Authenticator derivation if we
+        * are continuing. However, skip M2D since it is not authenticated and
+        * neither is the ACK/NACK response frame. This allows the possibly
+        * following M2 to be processed correctly by using the previously sent
+        * M1 in Authenticator derivation.
+        */
+       if (ret == WPS_CONTINUE && *attr.msg_type != WPS_M2D) {
                /* Save a copy of the last message for Authenticator derivation
                 */
                wpabuf_free(wps->last_msg);