DPP: Reject invalid no-psk/pass legacy configurator parameters

Instead of going through the configuration exchange, reject invalid
legacy configurator parameters explicitly. Previously, configuring
legacy (psk/sae) parameters without psk/pass resulted in a config object
that used a zero length passphrase. With this change, that config object
is not sent and instead, either the initialization attempts is rejected
or the incoming initialization attempt is ignored.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 4ec044e175cae4cb6a57a25e613d13715df12cf1..9e2ce55af083e62f7903f5eebcec4518a1c6386e 100644 (file)
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -505,9 +505,9 @@ static void hostapd_dpp_set_testing_options(struct hostapd_data *hapd,
 }
 
 
-static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
-                                        struct dpp_authentication *auth,
-                                        const char *cmd)
+static int hostapd_dpp_set_configurator(struct hostapd_data *hapd,
+                                       struct dpp_authentication *auth,
+                                       const char *cmd)
 {
        const char *pos, *end;
        struct dpp_configuration *conf_sta = NULL, *conf_ap = NULL;
@@ -521,7 +521,7 @@ static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
        char *group_id = NULL;
 
        if (!cmd)
-               return;
+               return 0;
 
        wpa_printf(MSG_DEBUG, "DPP: Set configurator parameters: %s", cmd);
        pos = os_strstr(cmd, " ssid=");
@@ -618,10 +618,12 @@ static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
                                conf_ap->akm = DPP_AKM_PSK;
                        if (psk_set) {
                                os_memcpy(conf_ap->psk, psk, PMK_LEN);
-                       } else {
+                       } else if (pass_len > 0) {
                                conf_ap->passphrase = os_strdup(pass);
                                if (!conf_ap->passphrase)
                                        goto fail;
+                       } else {
+                               goto fail;
                        }
                } else if (os_strstr(cmd, " conf=ap-dpp")) {
                        conf_ap->akm = DPP_AKM_DPP;
@@ -663,13 +665,15 @@ static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
        auth->conf_ap = conf_ap;
        auth->conf = conf;
        os_free(group_id);
-       return;
+       return 0;
 
 fail:
-       wpa_printf(MSG_DEBUG, "DPP: Failed to set configurator parameters");
+       wpa_msg(hapd->msg_ctx, MSG_INFO,
+               "DPP: Failed to set configurator parameters");
        dpp_configuration_free(conf_sta);
        dpp_configuration_free(conf_ap);
        os_free(group_id);
+       return -1;
 }
 
 
@@ -842,7 +846,11 @@ int hostapd_dpp_auth_init(struct hostapd_data *hapd, const char *cmd)
        if (!hapd->dpp_auth)
                goto fail;
        hostapd_dpp_set_testing_options(hapd, hapd->dpp_auth);
-       hostapd_dpp_set_configurator(hapd, hapd->dpp_auth, cmd);
+       if (hostapd_dpp_set_configurator(hapd, hapd->dpp_auth, cmd) < 0) {
+               dpp_auth_deinit(hapd->dpp_auth);
+               hapd->dpp_auth = NULL;
+               goto fail;
+       }
 
        hapd->dpp_auth->neg_freq = neg_freq;
 
@@ -967,8 +975,12 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
                return;
        }
        hostapd_dpp_set_testing_options(hapd, hapd->dpp_auth);
-       hostapd_dpp_set_configurator(hapd, hapd->dpp_auth,
-                                    hapd->dpp_configurator_params);
+       if (hostapd_dpp_set_configurator(hapd, hapd->dpp_auth,
+                                        hapd->dpp_configurator_params) < 0) {
+               dpp_auth_deinit(hapd->dpp_auth);
+               hapd->dpp_auth = NULL;
+               return;
+       }
        os_memcpy(hapd->dpp_auth->peer_mac_addr, src, ETH_ALEN);
 
        wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
@@ -1892,9 +1904,8 @@ int hostapd_dpp_configurator_sign(struct hostapd_data *hapd, const char *cmd)
                return -1;
 
        curve = get_param(cmd, " curve=");
-       hostapd_dpp_set_configurator(hapd, auth, cmd);
-
-       if (dpp_configurator_own_config(auth, curve, 1) == 0) {
+       if (hostapd_dpp_set_configurator(hapd, auth, cmd) == 0 &&
+           dpp_configurator_own_config(auth, curve, 1) == 0) {
                hostapd_dpp_handle_config_obj(hapd, auth);
                ret = 0;
        }

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index f8e2c831d40a132688a94d93be6a4cf4a267c6c7..6226ce8bc9580a70d337bc0c2d87895b9e4f0cb8 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -527,9 +527,9 @@ static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
 }
 
 
-static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
-                                     struct dpp_authentication *auth,
-                                     const char *cmd)
+static int wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
+                                    struct dpp_authentication *auth,
+                                    const char *cmd)
 {
        const char *pos, *end;
        struct dpp_configuration *conf_sta = NULL, *conf_ap = NULL;
@@ -543,7 +543,7 @@ static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
        char *group_id = NULL;
 
        if (!cmd)
-               return;
+               return 0;
 
        wpa_printf(MSG_DEBUG, "DPP: Set configurator parameters: %s", cmd);
        pos = os_strstr(cmd, " ssid=");
@@ -607,10 +607,12 @@ static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
                                conf_sta->akm = DPP_AKM_PSK;
                        if (psk_set) {
                                os_memcpy(conf_sta->psk, psk, PMK_LEN);
-                       } else {
+                       } else if (pass_len > 0) {
                                conf_sta->passphrase = os_strdup(pass);
                                if (!conf_sta->passphrase)
                                        goto fail;
+                       } else {
+                               goto fail;
                        }
                } else if (os_strstr(cmd, " conf=sta-dpp")) {
                        conf_sta->akm = DPP_AKM_DPP;
@@ -684,13 +686,14 @@ static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
        auth->conf_ap = conf_ap;
        auth->conf = conf;
        os_free(group_id);
-       return;
+       return 0;
 
 fail:
-       wpa_printf(MSG_DEBUG, "DPP: Failed to set configurator parameters");
+       wpa_msg(wpa_s, MSG_INFO, "DPP: Failed to set configurator parameters");
        dpp_configuration_free(conf_sta);
        dpp_configuration_free(conf_ap);
        os_free(group_id);
+       return -1;
 }
 
 
@@ -869,7 +872,11 @@ int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
        if (!wpa_s->dpp_auth)
                goto fail;
        wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
-       wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth, cmd);
+       if (wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth, cmd) < 0) {
+               dpp_auth_deinit(wpa_s->dpp_auth);
+               wpa_s->dpp_auth = NULL;
+               goto fail;
+       }
 
        wpa_s->dpp_auth->neg_freq = neg_freq;
 
@@ -1142,8 +1149,12 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
                return;
        }
        wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
-       wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth,
-                                 wpa_s->dpp_configurator_params);
+       if (wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth,
+                                     wpa_s->dpp_configurator_params) < 0) {
+               dpp_auth_deinit(wpa_s->dpp_auth);
+               wpa_s->dpp_auth = NULL;
+               return;
+       }
        os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
 
        if (wpa_s->dpp_listen_freq &&
@@ -2287,9 +2298,8 @@ int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
                return -1;
 
        curve = get_param(cmd, " curve=");
-       wpas_dpp_set_configurator(wpa_s, auth, cmd);
-
-       if (dpp_configurator_own_config(auth, curve, 0) == 0) {
+       if (wpas_dpp_set_configurator(wpa_s, auth, cmd) == 0 &&
+           dpp_configurator_own_config(auth, curve, 0) == 0) {
                wpas_dpp_handle_config_obj(wpa_s, auth);
                ret = 0;
        }