*/
sta = ap_get_sta(hapd, mac_addr);
+#ifndef CONFIG_WPS_STRICT
if (!sta) {
/*
* Workaround - Intel wsccmd uses bogus NewWLANEventMAC:
break;
}
}
+#endif /* CONFIG_WPS_STRICT */
if (!sta) {
wpa_printf(MSG_DEBUG, "WPS UPnP: No matching STA found");
WPA_GET_BE16(attr.dev_password_id) != DEV_PW_PUSHBUTTON)
return 0;
+#ifdef CONFIG_WPS_STRICT
+ if (!attr.sel_reg_config_methods ||
+ !(WPA_GET_BE16(attr.sel_reg_config_methods) &
+ WPS_CONFIG_PUSHBUTTON))
+ return 0;
+#endif /* CONFIG_WPS_STRICT */
+
return 1;
}
WPA_GET_BE16(attr->dev_password_id) == DEV_PW_PUSHBUTTON)
return 0;
+#ifdef CONFIG_WPS_STRICT
+ if (!attr->sel_reg_config_methods ||
+ !(WPA_GET_BE16(attr->sel_reg_config_methods) &
+ (WPS_CONFIG_LABEL | WPS_CONFIG_DISPLAY | WPS_CONFIG_KEYPAD)))
+ return 0;
+#endif /* CONFIG_WPS_STRICT */
+
return 1;
}
#include "common.h"
#include "wps_i.h"
+#ifndef CONFIG_WPS_STRICT
#define WPS_WORKAROUNDS
+#endif /* CONFIG_WPS_STRICT */
static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
}
-static void wps_workaround_cred_key(struct wps_credential *cred)
+static int wps_workaround_cred_key(struct wps_credential *cred)
{
if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
cred->key_len > 8 && cred->key_len < 64 &&
cred->key[cred->key_len - 1] == 0) {
+#ifdef CONFIG_WPS_STRICT
+ wpa_printf(MSG_INFO, "WPS: WPA/WPA2-Personal passphrase uses "
+ "forbidden NULL termination");
+ wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
+ cred->key, cred->key_len);
+ return -1;
+#else /* CONFIG_WPS_STRICT */
/*
* A deployed external registrar is known to encode ASCII
* passphrases incorrectly. Remove the extra NULL termination
wpa_printf(MSG_DEBUG, "WPS: Workaround - remove NULL "
"termination from ASCII passphrase");
cred->key_len--;
+#endif /* CONFIG_WPS_STRICT */
}
+ return 0;
}
wps_process_cred_802_1x_enabled(cred, attr->dot1x_enabled))
return -1;
- wps_workaround_cred_key(cred);
-
- return 0;
+ return wps_workaround_cred_key(cred);
}
wps_process_cred_mac_addr(cred, attr->mac_addr))
return -1;
- wps_workaround_cred_key(cred);
-
- return 0;
+ return wps_workaround_cred_key(cred);
}
static int wps_process_cred_e(struct wps_data *wps, const u8 *cred,
- size_t cred_len)
+ size_t cred_len, int wps2)
{
struct wps_parse_attr attr;
struct wpabuf msg;
* reasons, allow this to be processed since we do not really
* use the MAC Address information for anything.
*/
+#ifdef CONFIG_WPS_STRICT
+ if (wps2) {
+ wpa_printf(MSG_INFO, "WPS: Do not accept incorrect "
+ "MAC Address in AP Settings");
+ return -1;
+ }
+#endif /* CONFIG_WPS_STRICT */
}
if (wps->wps->cred_cb) {
static int wps_process_creds(struct wps_data *wps, const u8 *cred[],
- size_t cred_len[], size_t num_cred)
+ size_t cred_len[], size_t num_cred, int wps2)
{
size_t i;
}
for (i = 0; i < num_cred; i++) {
- if (wps_process_cred_e(wps, cred[i], cred_len[i]))
+ if (wps_process_cred_e(wps, cred[i], cred_len[i], wps2))
return -1;
}
static int wps_process_ap_settings_e(struct wps_data *wps,
struct wps_parse_attr *attr,
- struct wpabuf *attrs)
+ struct wpabuf *attrs, int wps2)
{
struct wps_credential cred;
* reasons, allow this to be processed since we do not really
* use the MAC Address information for anything.
*/
+#ifdef CONFIG_WPS_STRICT
+ if (wps2) {
+ wpa_printf(MSG_INFO, "WPS: Do not accept incorrect "
+ "MAC Address in AP Settings");
+ return -1;
+ }
+#endif /* CONFIG_WPS_STRICT */
}
if (wps->wps->cred_cb) {
if (wps_parse_msg(decrypted, &eattr) < 0 ||
wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
wps_process_creds(wps, eattr.cred, eattr.cred_len,
- eattr.num_cred) ||
- wps_process_ap_settings_e(wps, &eattr, decrypted)) {
+ eattr.num_cred, attr->version2 != NULL) ||
+ wps_process_ap_settings_e(wps, &eattr, decrypted,
+ attr->version2 != NULL)) {
wpabuf_free(decrypted);
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
#include "wps_upnp.h"
#include "wps_upnp_i.h"
+#ifndef CONFIG_WPS_STRICT
#define WPS_WORKAROUNDS
+#endif /* CONFIG_WPS_STRICT */
struct wps_uuid_pin {
struct dl_list list;
if (hwaddr_aton(val, macaddr)) {
wpa_printf(MSG_DEBUG, "WPS UPnP: Invalid NewWLANEventMAC in "
"PutWLANResponse: '%s'", val);
+#ifdef CONFIG_WPS_STRICT
+ wpabuf_free(msg);
+ os_free(val);
+ return UPNP_ARG_VALUE_INVALID;
+#else /* CONFIG_WPS_STRICT */
if (hwaddr_aton2(val, macaddr) > 0) {
/*
* At least some versions of Intel PROset seem to be
os_free(val);
return UPNP_ARG_VALUE_INVALID;
}
+#endif /* CONFIG_WPS_STRICT */
}
os_free(val);
if (ev_type == UPNP_WPS_WLANEVENT_TYPE_EAP) {