Commit
84751b98c151f70c322b6b7f70d967400e147852 ('WPS: Allow wildcard
UUID PIN to be used twice') relaxed the constraints on how many time a
wildcard PIN can be used to allow two attempts. However, it did this in
a way that could result in concurrent attempts resulting in the wildcard
PIN being invalidated even without the second attempt actually going as
far as trying to use the PIN and a WPS protocol run.
wildcard_uuid is a flag/counter set for wildcard PINs and it is
incremented whenever the PIN is retrieved by wps_registrar_get_pin().
Eventually it causes the wildcard PIN to be released, effectively
limiting the number of registration attempts with a wildcard PIN.
With the previous implementation, when the PIN is in use and locked
(PIN_LOCKED), it is not returned from wps_registrar_get_pin() but
wildcard_uuid is still incremented which can cause the PIN to be
released earlier and stations will have fewer registration attempts with
it. Fix this scenario by only incrementing wildcard_uuid if the PIN is
actually going to be returned and used.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
const u8 *uuid, size_t *pin_len)
{
struct wps_uuid_pin *pin, *found = NULL;
+ int wildcard = 0;
wps_registrar_expire_pins(reg);
pin->wildcard_uuid == 2) {
wpa_printf(MSG_DEBUG, "WPS: Found a wildcard "
"PIN. Assigned it for this UUID-E");
- pin->wildcard_uuid++;
+ wildcard = 1;
os_memcpy(pin->uuid, uuid, WPS_UUID_LEN);
found = pin;
break;
}
*pin_len = found->pin_len;
found->flags |= PIN_LOCKED;
+ if (wildcard)
+ found->wildcard_uuid++;
return found->pin;
}
projects / thirdparty / hostap.git / commitdiff
