| Message ID | 1387447410-8101-5-git-send-email-arik@wizery.com |
|---|---|
| State | Not Applicable |
| Headers | show |
On Thu, Dec 19, 2013 at 12:03:27PM +0200, Arik Nemtsov wrote: > If there are other saved enabled networks a scan following > a successful WPS provisioing may connect to one of those > instead of the AP with which the provisioning was just done. > Avoid that by allowing only selection of a scan result with > a matching bssid to the WPS AP. This will be limited to a number > of scans following WPS provisioing using the same counter > wpa_s->after_wps used to optimize scan frequency post provisioning. Are you trying to address selection of the same BSS here? Different networks (SSID) should already be handled by other network blocks getting disabled temporarily. I'm not sure that I would agree with the connection having to be with the same BSS, though, so I would like to understand why this change would be needed.
On Mon, Dec 23, 2013 at 8:11 PM, Jouni Malinen <j@w1.fi> wrote: > On Thu, Dec 19, 2013 at 12:03:27PM +0200, Arik Nemtsov wrote: >> If there are other saved enabled networks a scan following >> a successful WPS provisioing may connect to one of those >> instead of the AP with which the provisioning was just done. >> Avoid that by allowing only selection of a scan result with >> a matching bssid to the WPS AP. This will be limited to a number >> of scans following WPS provisioing using the same counter >> wpa_s->after_wps used to optimize scan frequency post provisioning. > > Are you trying to address selection of the same BSS here? Different > networks (SSID) should already be handled by other network blocks > getting disabled temporarily. I'm not sure that I would agree with the > connection having to be with the same BSS, though, so I would like to > understand why this change would be needed. > Sorry for the noise. Please drop this. It's an old patch being upstreamed only now. The problem it fixes was already fixed differently in ec947ff "WPS: Reenable the networks disabled during wpa_wpas_reassoc" as you've indicated.
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index 517d812..f421f4f 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -744,6 +744,14 @@ static struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s, } } +#ifdef CONFIG_WPS + if (wpa_s->after_wps && + os_memcmp(wpa_s->wps_bssid, bss->bssid, ETH_ALEN)) { + wpa_dbg(wpa_s, MSG_DEBUG, " skip - mismatching BSSID (WPS)"); + return NULL; + } +#endif /* CONFIG_WPS */ + if (bss->ssid_len == 0) { wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID not known"); return NULL; diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index bdc085b..ea3f43f 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -680,6 +680,7 @@ void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s, #endif /* IEEE8021X_EAPOL */ wpa_s->after_wps = 0; wpa_s->known_wps_freq = 0; + os_memset(wpa_s->wps_bssid, 0, ETH_ALEN); #ifdef CONFIG_P2P wpas_p2p_completed(wpa_s); #endif /* CONFIG_P2P */ diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index 8cc813c..2aec511 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -681,6 +681,7 @@ struct wpa_supplicant { int wps_ap_iter; int after_wps; + u8 wps_bssid[ETH_ALEN]; int known_wps_freq; unsigned int wps_freq; u16 wps_ap_channel; diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c index 0b3c892..4ead60b 100644 --- a/wpa_supplicant/wps_supplicant.c +++ b/wpa_supplicant/wps_supplicant.c @@ -656,6 +656,7 @@ static void wpa_supplicant_wps_event_success(struct wpa_supplicant *wpa_s) { wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_SUCCESS); wpa_s->wps_success = 1; + os_memcpy(wpa_s->wps_bssid, wpa_s->bssid, ETH_ALEN); wpas_notify_wps_event_success(wpa_s); if (wpa_s->current_ssid) wpas_clear_temp_disabled(wpa_s, wpa_s->current_ssid, 1);
From: Eyal Shapira <eyal@wizery.com> If there are other saved enabled networks a scan following a successful WPS provisioing may connect to one of those instead of the AP with which the provisioning was just done. Avoid that by allowing only selection of a scan result with a matching bssid to the WPS AP. This will be limited to a number of scans following WPS provisioing using the same counter wpa_s->after_wps used to optimize scan frequency post provisioning. Signed-hostap: Eyal Shapira <eyal@wizery.com> --- wpa_supplicant/events.c | 8 ++++++++ wpa_supplicant/wpa_supplicant.c | 1 + wpa_supplicant/wpa_supplicant_i.h | 1 + wpa_supplicant/wps_supplicant.c | 1 + 4 files changed, 11 insertions(+)