PATCH: Don't close DPP TCP connection for duplicate Presence Announcements

Eliot Lear lear at lear.ch
Fri Sep 23 01:29:02 PDT 2022


I think this patch got lost in the shuffle.

On 23.06.22 12:58, Eliot Lear wrote:
>
> If wpa_supplicant receives a duplicate DPP chirp over a TCP connection
> this causes the connection (and all of its state) to be torn down.
> Such a tear-down means that the authentication request state is 
> discarded.
> That in turn will cause any otherwise valid authentication response
> to not succeed.
>
> This commit addresses that problem.  It also does not attempt to check
> for duplicates until at least we know that we know we have an appropriate
> hash.
>
> Signed-off-by: Eliot Lear <lear at lear.ch>
> ---
>  src/common/dpp_tcp.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/src/common/dpp_tcp.c b/src/common/dpp_tcp.c
> index c83fb2da4..99a111af9 100644
> --- a/src/common/dpp_tcp.c
> +++ b/src/common/dpp_tcp.c
> @@ -861,12 +861,6 @@ static int 
> dpp_controller_rx_presence_announcement(struct dpp_connection *conn,
>         struct dpp_authentication *auth;
>         struct dpp_global *dpp = conn->ctrl->global;
>
> -       if (conn->auth) {
> -               wpa_printf(MSG_DEBUG,
> -                          "DPP: Ignore Presence Announcement during 
> ongoing Authentication");
> -               return -1;
> -       }
> -
>         wpa_printf(MSG_DEBUG, "DPP: Presence Announcement");
>
>         r_bootstrap = dpp_get_attr(buf, len, 
> DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
> @@ -885,6 +879,12 @@ static int 
> dpp_controller_rx_presence_announcement(struct dpp_connection *conn,
>                 return -1;
>         }
>
> +       if (conn->auth) {
> +               wpa_printf(MSG_DEBUG,
> +                          "DPP: Ignore Presence Announcement during 
> ongoing Authentication");
> +               return 0;
> +       }
> +
>         auth = dpp_auth_init(dpp, conn->msg_ctx, peer_bi, NULL,
>                              DPP_CAPAB_CONFIGURATOR, -1, NULL, 0);
>         if (!auth)
>
> _______________________________________________
> Hostap mailing list
> Hostap at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/hostap
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20220923/98cfb21e/attachment.sig>


More information about the Hostap mailing list