DPP: Ignore unexpected duplicated Authentication Confirm

Previously, unexpected Authentication Confirm messages were ignored in
cases where no Authentication Confirm message was expected at all, but
if this message was received twice in a state where it was expected, the
duplicated version was also processed. This resulted in unexpected
behavior when authentication result was processed multiple times (e.g.,
two instances of GAS client could have been started).

Fix this by checking auth->waiting_auth_conf before processing
Authetication Confirm. That boolean was already tracked, but it was used
only for other purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index f4f080cdba51db37d3ad91931e518c8e2b6783b6..55e7bde4a4b16e2d59a27e9eb1749c7cb47c42a2 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -4235,7 +4235,11 @@ int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,
        }
 #endif /* CONFIG_TESTING_OPTIONS */
 
-       if (auth->initiator || !auth->own_bi) {
+       if (auth->initiator || !auth->own_bi || !auth->waiting_auth_conf) {
+               wpa_printf(MSG_DEBUG,
+                          "DPP: initiator=%d own_bi=%d waiting_auth_conf=%d",
+                          auth->initiator, !!auth->own_bi,
+                          auth->waiting_auth_conf);
                dpp_auth_fail(auth, "Unexpected Authentication Confirm");
                return -1;
        }