DPP2: GAS comeback response processing for Enrollee over TCP

This is almost identical to processing of the GAS initial response.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/dpp_tcp.c b/src/common/dpp_tcp.c
index 39cb6fd3e93de4cd48d3cd68e08ca427309e8c21..4ed4a3b714896e1e384b9922f0b73617ed7cb054 100644 (file)
--- a/src/common/dpp_tcp.c
+++ b/src/common/dpp_tcp.c
@@ -1255,14 +1255,14 @@ static void dpp_tcp_gas_query_comeback(void *eloop_ctx, void *timeout_ctx)
 
 
 static int dpp_rx_gas_resp(struct dpp_connection *conn, const u8 *msg,
-                          size_t len)
+                          size_t len, bool comeback)
 {
        struct wpabuf *buf;
        u8 dialog_token;
        const u8 *pos, *end, *next, *adv_proto;
        u16 status, slen, comeback_delay;
 
-       if (len < 5 + 2)
+       if (len < 5 + 2 + (comeback ? 1 : 0))
                return -1;
 
        wpa_printf(MSG_DEBUG,
@@ -1278,6 +1278,8 @@ static int dpp_rx_gas_resp(struct dpp_connection *conn, const u8 *msg,
                return -1;
        }
        pos += 2;
+       if (comeback)
+               pos++; /* ignore Fragment ID */
        comeback_delay = WPA_GET_LE16(pos);
        pos += 2;
 
@@ -1441,8 +1443,10 @@ static void dpp_controller_rx(int sd, void *eloop_ctx, void *sock_ctx)
                        dpp_connection_remove(conn);
                break;
        case WLAN_PA_GAS_INITIAL_RESP:
+       case WLAN_PA_GAS_COMEBACK_RESP:
                if (dpp_rx_gas_resp(conn, pos + 1,
-                                   wpabuf_len(conn->msg) - 1) < 0)
+                                   wpabuf_len(conn->msg) - 1,
+                                   *pos == WLAN_PA_GAS_COMEBACK_RESP) < 0)
                        dpp_connection_remove(conn);
                break;
        case WLAN_PA_GAS_COMEBACK_REQ: