From: Ganesh Prasadh <garumuga@qca.qualcomm.com>
Date: Wed, 8 Feb 2012 10:37:57 +0000 (+0200)
Subject: WPS: Allow wildcard UUID PIN to be used twice
X-Git-Tag: aosp-jb-start~19
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=84751b98c151f70c322b6b7f70d967400e147852;p=thirdparty%2Fhostap.git

WPS: Allow wildcard UUID PIN to be used twice

Previously, PINs that are added with a wildcard UUID were allowed to
be used only by a single Enrollee. However, there may be more than one
Enrollee trying to connect when an AP indicates that active Registrar
is present. As a minimal workaround, allow two Enrollees to try to use
the wildcard PIN. More complete extension could use timeout and allow
larger set of Enrollees to try to connect (while still keeping in mind
PIN disabling requirement after 10 failed attempts).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index e5e8d287f..9eb479563 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -804,10 +804,11 @@ static const u8 * wps_registrar_get_pin(struct wps_registrar *reg,
 		/* Check for wildcard UUIDs since none of the UUID-specific
 		 * PINs matched */
 		dl_list_for_each(pin, &reg->pins, struct wps_uuid_pin, list) {
-			if (pin->wildcard_uuid == 1) {
+			if (pin->wildcard_uuid == 1 ||
+			    pin->wildcard_uuid == 2) {
 				wpa_printf(MSG_DEBUG, "WPS: Found a wildcard "
 					   "PIN. Assigned it for this UUID-E");
-				pin->wildcard_uuid = 2;
+				pin->wildcard_uuid++;
 				os_memcpy(pin->uuid, uuid, WPS_UUID_LEN);
 				found = pin;
 				break;
@@ -849,7 +850,7 @@ int wps_registrar_unlock_pin(struct wps_registrar *reg, const u8 *uuid)
 
 	dl_list_for_each(pin, &reg->pins, struct wps_uuid_pin, list) {
 		if (os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) {
-			if (pin->wildcard_uuid == 2) {
+			if (pin->wildcard_uuid == 3) {
 				wpa_printf(MSG_DEBUG, "WPS: Invalidating used "
 					   "wildcard PIN");
 				return wps_registrar_invalidate_pin(reg, uuid);
@@ -2104,6 +2105,13 @@ static int wps_process_e_snonce2(struct wps_data *wps, const u8 *e_snonce2)
 	wps->wps_pin_revealed = 0;
 	wps_registrar_unlock_pin(wps->wps->registrar, wps->uuid_e);
 
+	/*
+	 * In case wildcard PIN is used and WPS handshake succeeds in the first
+	 * attempt, wps_registrar_unlock_pin() would not free the PIN, so make
+	 * sure the PIN gets invalidated here.
+	 */
+	wps_registrar_invalidate_pin(wps->wps->registrar, wps->uuid_e);
+
 	return 0;
 }