[patch] WPS: supplicant may select non-WPS AP for connection

Andriy Tkachuk andriy.v.tkachuk
Thu Oct 22 06:58:44 PDT 2009 

On 2009-10-15 22:03, Jouni Malinen wrote:
>> On 2009-07-03 14:53, Andriy Tkachuk wrote:
>>     
>>> When non-WPS AP have *hidden* SSID set, supplicant may select this AP  
>>> for WPS connection that is wrong. Moreover such AP may cause false  
>>> overlap detection. Attached patch solve this issue.
>>>       
>
> The selecting part seems to be a valid issue, but I do not see how this
> would trigger false overlap detection.

It happen when such AP is selected for connection while the real AP 
which was activated for PBC connection is checked in 
wpas_wps_scan_pbc_overlap() against it and generates false overlap 
error. See following loop:

        for (i = 0; i < wpa_s->scan_res->num; i++) {
                struct wpa_scan_res *bss = wpa_s->scan_res->res[i];
                struct wpabuf *ie;
                if (bss == selected)
                        continue;         
/* HERE THE SELECTED ODD AP IS PASSED */


                ie = wpa_scan_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
                if (!ie)
                        continue;
                if (!wps_is_selected_pbc_registrar(ie)) {
                        wpabuf_free(ie);
                        continue;
                }

/* HERE WE CHECK SELECTED ODD AP WITH THE REAL ACTIVATED AP */
                uuid = wps_get_uuid_e(ie);
                if (sel_uuid == NULL || uuid == NULL ||
                    os_memcmp(sel_uuid, uuid, 16) != 0) {  
                        ret = 1; /* PBC overlap */
/* AND OVERLAP IS DETECTED */

                        wpabuf_free(ie);
                        break;
                }

                /* TODO: verify that this is reasonable dual-band situation */

                wpabuf_free(ie);
        }



>  In addition, this is actually
> more generic issue with wildcard SSID matching and not limited to just
> WPS. As such, the proper fix is also more generic: skip BSSes for which
> we do not know the SSID (ssid_len == 0). This applies both to
> wpa_supplicant_select_bss_non_wpa() and wpa_supplicant_select_bss_wpa()
> (the latter one, though, only applies for WPS case; the former for
> non-WPS, too).
>   

But what if user would like to connect by BSSID regardless of ESSID of 
the AP (regardless whether it is set or not)? Now you requires all the 
APs to have ESSID set to connect to it even if you know the BSSID.

Regards,
    Andriy

More information about the Hostap mailing list