From a00d65e79fe611355d5d069c8eba5bbaefafa7ce Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Fri, 30 Nov 2018 17:14:49 +0200
Subject: [PATCH] DPP: Reject invalid no-psk/pass legacy configurator
 parameters

Instead of going through the configuration exchange, reject invalid
legacy configurator parameters explicitly. Previously, configuring
legacy (psk/sae) parameters without psk/pass resulted in a config object
that used a zero length passphrase. With this change, that config object
is not sent and instead, either the initialization attempts is rejected
or the incoming initialization attempt is ignored.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 src/ap/dpp_hostapd.c            | 37 +++++++++++++++++++++------------
 wpa_supplicant/dpp_supplicant.c | 36 ++++++++++++++++++++------------
 2 files changed, 47 insertions(+), 26 deletions(-)

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 4ec044e17..9e2ce55af 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -505,9 +505,9 @@ static void hostapd_dpp_set_testing_options(struct hostapd_data *hapd,
 }
 
 
-static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
-					 struct dpp_authentication *auth,
-					 const char *cmd)
+static int hostapd_dpp_set_configurator(struct hostapd_data *hapd,
+					struct dpp_authentication *auth,
+					const char *cmd)
 {
 	const char *pos, *end;
 	struct dpp_configuration *conf_sta = NULL, *conf_ap = NULL;
@@ -521,7 +521,7 @@ static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
 	char *group_id = NULL;
 
 	if (!cmd)
-		return;
+		return 0;
 
 	wpa_printf(MSG_DEBUG, "DPP: Set configurator parameters: %s", cmd);
 	pos = os_strstr(cmd, " ssid=");
@@ -618,10 +618,12 @@ static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
 				conf_ap->akm = DPP_AKM_PSK;
 			if (psk_set) {
 				os_memcpy(conf_ap->psk, psk, PMK_LEN);
-			} else {
+			} else if (pass_len > 0) {
 				conf_ap->passphrase = os_strdup(pass);
 				if (!conf_ap->passphrase)
 					goto fail;
+			} else {
+				goto fail;
 			}
 		} else if (os_strstr(cmd, " conf=ap-dpp")) {
 			conf_ap->akm = DPP_AKM_DPP;
@@ -663,13 +665,15 @@ static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
 	auth->conf_ap = conf_ap;
 	auth->conf = conf;
 	os_free(group_id);
-	return;
+	return 0;
 
 fail:
-	wpa_printf(MSG_DEBUG, "DPP: Failed to set configurator parameters");
+	wpa_msg(hapd->msg_ctx, MSG_INFO,
+		"DPP: Failed to set configurator parameters");
 	dpp_configuration_free(conf_sta);
 	dpp_configuration_free(conf_ap);
 	os_free(group_id);
+	return -1;
 }
 
 
@@ -842,7 +846,11 @@ int hostapd_dpp_auth_init(struct hostapd_data *hapd, const char *cmd)
 	if (!hapd->dpp_auth)
 		goto fail;
 	hostapd_dpp_set_testing_options(hapd, hapd->dpp_auth);
-	hostapd_dpp_set_configurator(hapd, hapd->dpp_auth, cmd);
+	if (hostapd_dpp_set_configurator(hapd, hapd->dpp_auth, cmd) < 0) {
+		dpp_auth_deinit(hapd->dpp_auth);
+		hapd->dpp_auth = NULL;
+		goto fail;
+	}
 
 	hapd->dpp_auth->neg_freq = neg_freq;
 
@@ -967,8 +975,12 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
 		return;
 	}
 	hostapd_dpp_set_testing_options(hapd, hapd->dpp_auth);
-	hostapd_dpp_set_configurator(hapd, hapd->dpp_auth,
-				     hapd->dpp_configurator_params);
+	if (hostapd_dpp_set_configurator(hapd, hapd->dpp_auth,
+					 hapd->dpp_configurator_params) < 0) {
+		dpp_auth_deinit(hapd->dpp_auth);
+		hapd->dpp_auth = NULL;
+		return;
+	}
 	os_memcpy(hapd->dpp_auth->peer_mac_addr, src, ETH_ALEN);
 
 	wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
@@ -1892,9 +1904,8 @@ int hostapd_dpp_configurator_sign(struct hostapd_data *hapd, const char *cmd)
 		return -1;
 
 	curve = get_param(cmd, " curve=");
-	hostapd_dpp_set_configurator(hapd, auth, cmd);
-
-	if (dpp_configurator_own_config(auth, curve, 1) == 0) {
+	if (hostapd_dpp_set_configurator(hapd, auth, cmd) == 0 &&
+	    dpp_configurator_own_config(auth, curve, 1) == 0) {
 		hostapd_dpp_handle_config_obj(hapd, auth);
 		ret = 0;
 	}
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index f8e2c831d..6226ce8bc 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -527,9 +527,9 @@ static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
 }
 
 
-static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
-				      struct dpp_authentication *auth,
-				      const char *cmd)
+static int wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
+				     struct dpp_authentication *auth,
+				     const char *cmd)
 {
 	const char *pos, *end;
 	struct dpp_configuration *conf_sta = NULL, *conf_ap = NULL;
@@ -543,7 +543,7 @@ static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
 	char *group_id = NULL;
 
 	if (!cmd)
-		return;
+		return 0;
 
 	wpa_printf(MSG_DEBUG, "DPP: Set configurator parameters: %s", cmd);
 	pos = os_strstr(cmd, " ssid=");
@@ -607,10 +607,12 @@ static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
 				conf_sta->akm = DPP_AKM_PSK;
 			if (psk_set) {
 				os_memcpy(conf_sta->psk, psk, PMK_LEN);
-			} else {
+			} else if (pass_len > 0) {
 				conf_sta->passphrase = os_strdup(pass);
 				if (!conf_sta->passphrase)
 					goto fail;
+			} else {
+				goto fail;
 			}
 		} else if (os_strstr(cmd, " conf=sta-dpp")) {
 			conf_sta->akm = DPP_AKM_DPP;
@@ -684,13 +686,14 @@ static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
 	auth->conf_ap = conf_ap;
 	auth->conf = conf;
 	os_free(group_id);
-	return;
+	return 0;
 
 fail:
-	wpa_printf(MSG_DEBUG, "DPP: Failed to set configurator parameters");
+	wpa_msg(wpa_s, MSG_INFO, "DPP: Failed to set configurator parameters");
 	dpp_configuration_free(conf_sta);
 	dpp_configuration_free(conf_ap);
 	os_free(group_id);
+	return -1;
 }
 
 
@@ -869,7 +872,11 @@ int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
 	if (!wpa_s->dpp_auth)
 		goto fail;
 	wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
-	wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth, cmd);
+	if (wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth, cmd) < 0) {
+		dpp_auth_deinit(wpa_s->dpp_auth);
+		wpa_s->dpp_auth = NULL;
+		goto fail;
+	}
 
 	wpa_s->dpp_auth->neg_freq = neg_freq;
 
@@ -1142,8 +1149,12 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
 		return;
 	}
 	wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
-	wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth,
-				  wpa_s->dpp_configurator_params);
+	if (wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth,
+				      wpa_s->dpp_configurator_params) < 0) {
+		dpp_auth_deinit(wpa_s->dpp_auth);
+		wpa_s->dpp_auth = NULL;
+		return;
+	}
 	os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
 
 	if (wpa_s->dpp_listen_freq &&
@@ -2287,9 +2298,8 @@ int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
 		return -1;
 
 	curve = get_param(cmd, " curve=");
-	wpas_dpp_set_configurator(wpa_s, auth, cmd);
-
-	if (dpp_configurator_own_config(auth, curve, 0) == 0) {
+	if (wpas_dpp_set_configurator(wpa_s, auth, cmd) == 0 &&
+	    dpp_configurator_own_config(auth, curve, 0) == 0) {
 		wpas_dpp_handle_config_obj(wpa_s, auth);
 		ret = 0;
 	}
-- 
2.47.2