diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index 20be2d47e..fbedb6294 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -566,15 +566,15 @@ hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity, return &wsc_enrollee; } - if (conf->wps_state && conf->ap_pin && - identity_len == WSC_ID_REGISTRAR_LEN && + if (conf->wps_state && identity_len == WSC_ID_REGISTRAR_LEN && os_memcmp(identity, WSC_ID_REGISTRAR, WSC_ID_REGISTRAR_LEN) == 0) { static struct hostapd_eap_user wsc_registrar; os_memset(&wsc_registrar, 0, sizeof(wsc_registrar)); wsc_registrar.methods[0].method = eap_server_get_type( "WSC", &wsc_registrar.methods[0].vendor); wsc_registrar.password = (u8 *) conf->ap_pin; - wsc_registrar.password_len = os_strlen(conf->ap_pin); + wsc_registrar.password_len = conf->ap_pin ? + os_strlen(conf->ap_pin) : 0; return &wsc_registrar; } #endif /* CONFIG_WPS */ diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c index 902a65aca..c63b7fc89 100644 --- a/src/ap/wps_hostapd.c +++ b/src/ap/wps_hostapd.c @@ -426,7 +426,7 @@ static void hostapd_pwd_auth_fail(struct hostapd_data *hapd, { FILE *f; - if (!data->enrollee) + if (!data->enrollee || hapd->conf->ap_pin == NULL) return; /* diff --git a/src/eap_server/eap_server_wsc.c b/src/eap_server/eap_server_wsc.c index 272a6195b..28d4f67dd 100644 --- a/src/eap_server/eap_server_wsc.c +++ b/src/eap_server/eap_server_wsc.c @@ -119,10 +119,15 @@ static void * eap_wsc_init(struct eap_sm *sm) } } else { if (sm->user == NULL || sm->user->password == NULL) { - wpa_printf(MSG_INFO, "EAP-WSC: No AP PIN (password) " - "configured for Enrollee functionality"); - os_free(data); - return NULL; + /* + * In theory, this should not really be needed, but + * Windows 7 uses Registrar mode to probe AP's WPS + * capabilities before trying to use Enrollee and fails + * if the AP does not allow that probing to happen.. + */ + wpa_printf(MSG_DEBUG, "EAP-WSC: No AP PIN (password) " + "configured for Enrollee functionality - " + "allow for probing capabilities (M1)"); } cfg.pin = sm->user->password; cfg.pin_len = sm->user->password_len; diff --git a/src/wps/wps_upnp_web.c b/src/wps/wps_upnp_web.c index 2e60607e8..9a6b36e02 100644 --- a/src/wps/wps_upnp_web.c +++ b/src/wps/wps_upnp_web.c @@ -412,6 +412,9 @@ web_process_get_device_info(struct upnp_wps_device_sm *sm, wpa_printf(MSG_DEBUG, "WPS UPnP: GetDeviceInfo"); + if (sm->ctx->ap_pin == NULL) + return HTTP_INTERNAL_SERVER_ERROR; + /* * Request for DeviceInfo, i.e., M1 TLVs. This is a start of WPS * registration over UPnP with the AP acting as an Enrollee. It should