DPP: Ignore GAS server status callback for unknown response

It was possible for a timeout from an old GAS server operation to
trigger DPP configuration failure during the subsequent DPP operation.
Fix this by verifying that the status callback is for the response
generated during the same DPP Authentication/Configuration exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/common/dpp.h b/src/common/dpp.h
index c5806d96b681d9844205e2e822aaedd0a0e10584..b2b97614bc99a9d50ab515546f6463f34507d39b 100644 (file)
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -202,6 +202,7 @@ struct dpp_authentication {
        int remove_on_tx_status;
        int auth_success;
        struct wpabuf *conf_req;
+       const struct wpabuf *conf_resp; /* owned by GAS server */
        struct dpp_configuration *conf_ap;
        struct dpp_configuration *conf_sta;
        struct dpp_configurator *conf;

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 13b5326d1d75cb2c7be72efc3e8648f361b0ab3e..05fe0c84d44168f38db44d26c2b4dd40071ecea5 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -2045,6 +2045,7 @@ wpas_dpp_gas_req_handler(void *ctx, const u8 *sa, const u8 *query,
        resp = dpp_conf_req_rx(auth, query, query_len);
        if (!resp)
                wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
+       auth->conf_resp = resp;
        return resp;
 }
 
@@ -2059,6 +2060,13 @@ wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok)
                wpabuf_free(resp);
                return;
        }
+       if (auth->conf_resp != resp) {
+               wpa_printf(MSG_DEBUG,
+                          "DPP: Ignore GAS status report (ok=%d) for unknown response",
+                       ok);
+               wpabuf_free(resp);
+               return;
+       }
 
        wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
                   ok);