DPP2: Add Protocol Version attr to Auth Resp only if peer is R2 or newer

There is no need for the Protocol Version attribute in Authentication
Response if the peer is a DPP R1 device since such device would not know
how to use this attribute. To reduce risk for interoperability issues,
add this new attribute only if the peer included it in Authentication
Request.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 80b6e1767af245cc069f5990326b182815839352..ab1111c5a6835e7578210231908a4082f08d0a84 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -1920,9 +1920,11 @@ static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,
 
 #ifdef CONFIG_DPP2
        /* Protocol Version */
-       wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
-       wpabuf_put_le16(msg, 1);
-       wpabuf_put_u8(msg, 2);
+       if (auth->peer_version >= 2) {
+               wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
+               wpabuf_put_le16(msg, 1);
+               wpabuf_put_u8(msg, 2);
+       }
 #endif /* CONFIG_DPP2 */
 
        attr_end = wpabuf_put(msg, 0);