]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 56d24b4)
WPS: Disable WPS(v2) in WPA/TKIP-only configuration
authorJouni Malinen <jouni@qca.qualcomm.com>
Thu, 1 Dec 2011 19:46:19 +0000 (21:46 +0200)
committerJouni Malinen <j@w1.fi>
Thu, 1 Dec 2011 19:46:19 +0000 (21:46 +0200)
When using wpa_supplicant AP mode, WPS support is enabled by default for
WPA/WPA2-Personal. Change this to enforce the WPS2 rules on not allowing
WPS to be used with WPA/TKIP-only configuration (i.e., at minimum, mixed
mode with WPA/TKIP and WPA2/CCMP has to be used for WPS to be enabled).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

wpa_supplicant/ap.c patch | blob | blame | history

diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 2a86436e4137a19ecf1061b3acf9a1733a68d96c..db0259d86c60e14429605e87a93c659ca814d363 100644 (file)
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -237,6 +237,12 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
        if (bss->ssid.security_policy != SECURITY_WPA_PSK &&
            bss->ssid.security_policy != SECURITY_PLAINTEXT)
                goto no_wps;
+#ifdef CONFIG_WPS2
+       if (bss->ssid.security_policy == SECURITY_WPA_PSK &&
+           (!(pairwise & WPA_CIPHER_CCMP) || !(bss->wpa & 2)))
+               goto no_wps; /* WPS2 does not allow WPA/TKIP-only
+                             * configuration */
+#endif /* CONFIG_WPS2 */
        bss->eap_server = 1;
        bss->wps_state = 2;
        bss->ap_setup_locked = 2;
Unnamed repository; edit this file 'description' to name the repository.