[PATCH 1/2] DPP: Add Configuration Request timeout in hostapd

Jouni Malinen j at w1.fi
Mon Nov 8 10:28:35 PST 2021

On Mon, Apr 19, 2021 at 11:05:18PM +0000, Andrew Beltrano wrote:
> Add 10s timeout for receipt of Configuration Request frame from
> enrollee.

It would be good to copy the description of the need for this change
from the cover letter (0/2) into the actual commit message here since
the cover letter is not going to be stored in the repository.
Furthermore, I would combine these patches into a single commit instead
of splitting the practically same functionality between hostapd and

> diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
> @@ -440,6 +442,24 @@ static void hostapd_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)

> @@ -2001,6 +2025,8 @@ hostapd_dpp_gas_req_handler(struct hostapd_data *hapd, const u8 *sa,
> +	if (auth->configurator)
> +		eloop_cancel_timeout(hostapd_dpp_conf_req_rx_wait_timeout, hapd, NULL);

In addition to this normal case, the timeout should likely be canceled
in some other paths as well. At least the one in hostapd_dpp_auth_init()
when a previous session is terminated to start a new one should cancel
this timeout to avoid unexpected calls during a consecutive exchange.
Similarly, hostapd_dpp_deinit() needs to cancel this to avoid
dereferencing freed memory after interface removal if that removal were
to happen during this timeout.
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list