[PATCH 5/8] WPS: Select only correct AP following provisioning

[Arik Nemtsov]

From: Eyal Shapira <eyal at wizery.com>

If there are other saved enabled networks a scan following
a successful WPS provisioing may connect to one of those
instead of the AP with which the provisioning was just done.
Avoid that by allowing only selection of a scan result with
a matching bssid to the WPS AP. This will be limited to a number
of scans following WPS provisioing using the same counter
wpa_s->after_wps used to optimize scan frequency post provisioning.

Signed-hostap: Eyal Shapira <eyal at wizery.com>
---
 wpa_supplicant/events.c           | 8 ++++++++
 wpa_supplicant/wpa_supplicant.c   | 1 +
 wpa_supplicant/wpa_supplicant_i.h | 1 +
 wpa_supplicant/wps_supplicant.c   | 1 +
 4 files changed, 11 insertions(+)

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 517d812..f421f4f 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -744,6 +744,14 @@ static struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s,
 		}
 	}
 
+#ifdef CONFIG_WPS
+	if (wpa_s->after_wps &&
+	    os_memcmp(wpa_s->wps_bssid, bss->bssid, ETH_ALEN)) {
+		wpa_dbg(wpa_s, MSG_DEBUG, "   skip - mismatching BSSID (WPS)");
+		return NULL;
+	}
+#endif /* CONFIG_WPS */
+
 	if (bss->ssid_len == 0) {
 		wpa_dbg(wpa_s, MSG_DEBUG, "   skip - SSID not known");
 		return NULL;
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index bdc085b..ea3f43f 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -680,6 +680,7 @@ void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
 #endif /* IEEE8021X_EAPOL */
 		wpa_s->after_wps = 0;
 		wpa_s->known_wps_freq = 0;
+		os_memset(wpa_s->wps_bssid, 0, ETH_ALEN);
 #ifdef CONFIG_P2P
 		wpas_p2p_completed(wpa_s);
 #endif /* CONFIG_P2P */
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 8cc813c..2aec511 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -681,6 +681,7 @@ struct wpa_supplicant {
 	int wps_ap_iter;
 
 	int after_wps;
+	u8 wps_bssid[ETH_ALEN];
 	int known_wps_freq;
 	unsigned int wps_freq;
 	u16 wps_ap_channel;
diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index 0b3c892..4ead60b 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -656,6 +656,7 @@ static void wpa_supplicant_wps_event_success(struct wpa_supplicant *wpa_s)
 {
 	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_SUCCESS);
 	wpa_s->wps_success = 1;
+	os_memcpy(wpa_s->wps_bssid, wpa_s->bssid, ETH_ALEN);
 	wpas_notify_wps_event_success(wpa_s);
 	if (wpa_s->current_ssid)
 		wpas_clear_temp_disabled(wpa_s, wpa_s->current_ssid, 1);
-- 
1.8.1.2