PATCH: Don't close DPP TCP connection for duplicate Presence Announcements

Eliot Lear lear at lear.ch
Thu Jun 23 03:58:38 PDT 2022 

If wpa_supplicant receives a duplicate DPP chirp over a TCP connection
this causes the connection (and all of its state) to be torn down.
Such a tear-down means that the authentication request state is discarded.
That in turn will cause any otherwise valid authentication response
to not succeed.

This commit addresses that problem.  It also does not attempt to check
for duplicates until at least we know that we know we have an appropriate
hash.

Signed-off-by: Eliot Lear <lear at lear.ch>
---
  src/common/dpp_tcp.c | 12 ++++++------
  1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/common/dpp_tcp.c b/src/common/dpp_tcp.c
index c83fb2da4..99a111af9 100644
--- a/src/common/dpp_tcp.c
+++ b/src/common/dpp_tcp.c
@@ -861,12 +861,6 @@ static int 
dpp_controller_rx_presence_announcement(struct dpp_connection *conn,
         struct dpp_authentication *auth;
         struct dpp_global *dpp = conn->ctrl->global;

-       if (conn->auth) {
-               wpa_printf(MSG_DEBUG,
-                          "DPP: Ignore Presence Announcement during 
ongoing Authentication");
-               return -1;
-       }
-
         wpa_printf(MSG_DEBUG, "DPP: Presence Announcement");

         r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
@@ -885,6 +879,12 @@ static int 
dpp_controller_rx_presence_announcement(struct dpp_connection *conn,
                 return -1;
         }

+       if (conn->auth) {
+               wpa_printf(MSG_DEBUG,
+                          "DPP: Ignore Presence Announcement during 
ongoing Authentication");
+               return 0;
+       }
+
         auth = dpp_auth_init(dpp, conn->msg_ctx, peer_bi, NULL,
                              DPP_CAPAB_CONFIGURATOR, -1, NULL, 0);
         if (!auth)
-- 
2.32.1 (Apple Git-133)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x87B66B46D9D27A33.asc
Type: application/pgp-keys
Size: 5052 bytes
Desc: OpenPGP public key
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20220623/49b46900/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20220623/49b46900/attachment.sig>

More information about the Hostap mailing list