WPS: Workaround broken Credential encoding from some D-Link APs
At least D-Link DIR-600 and DIR-825 have been reported to include an extra octet after the Network Key attribute within a Credential attribute. This can happen at least when they are provisioning an open network. Add a workaround to detect this incorrectly encoded attribute and to skip the extra octet when parsing such a Credential.
This commit is contained in:
parent
5582a5d1b3
commit
68d6fe5693
1 changed files with 19 additions and 0 deletions
|
@ -530,6 +530,7 @@ int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr)
|
||||||
{
|
{
|
||||||
const u8 *pos, *end;
|
const u8 *pos, *end;
|
||||||
u16 type, len;
|
u16 type, len;
|
||||||
|
u16 prev_type = 0;
|
||||||
|
|
||||||
os_memset(attr, 0, sizeof(*attr));
|
os_memset(attr, 0, sizeof(*attr));
|
||||||
pos = wpabuf_head(msg);
|
pos = wpabuf_head(msg);
|
||||||
|
@ -552,6 +553,23 @@ int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr)
|
||||||
if (len > end - pos) {
|
if (len > end - pos) {
|
||||||
wpa_printf(MSG_DEBUG, "WPS: Attribute overflow");
|
wpa_printf(MSG_DEBUG, "WPS: Attribute overflow");
|
||||||
wpa_hexdump_buf(MSG_MSGDUMP, "WPS: Message data", msg);
|
wpa_hexdump_buf(MSG_MSGDUMP, "WPS: Message data", msg);
|
||||||
|
#ifdef WPS_WORKAROUNDS
|
||||||
|
/*
|
||||||
|
* Some deployed APs seem to have a bug in encoding of
|
||||||
|
* Network Key attribute in the Credential attribute
|
||||||
|
* where they add an extra octet after the Network Key
|
||||||
|
* attribute at least when open network is being
|
||||||
|
* provisioned.
|
||||||
|
*/
|
||||||
|
if ((type & 0xff00) != 0x1000 &&
|
||||||
|
prev_type == ATTR_NETWORK_KEY) {
|
||||||
|
wpa_printf(MSG_DEBUG, "WPS: Workaround - try "
|
||||||
|
"to skip unexpected octet after "
|
||||||
|
"Network Key");
|
||||||
|
pos -= 3;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
#endif /* WPS_WORKAROUNDS */
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -577,6 +595,7 @@ int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr)
|
||||||
if (wps_set_attr(attr, type, pos, len) < 0)
|
if (wps_set_attr(attr, type, pos, len) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
prev_type = type;
|
||||||
pos += len;
|
pos += len;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue