diff mbox series

[1/2] DPP: Add Configuration Request timeout in hostapd

Message ID CH2PR21MB14457FA89C3985EE34219E43C2499@CH2PR21MB1445.namprd21.prod.outlook.com
State Changes Requested
Headers show
Series DPP: Add Configuration Request timeout | expand

Commit Message

Andrew Beltrano April 19, 2021, 11:05 p.m. UTC 
Add 10s timeout for receipt of Configuration Request frame from
enrollee.

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
---
 src/ap/dpp_hostapd.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

Comments

Jouni Malinen Nov. 8, 2021, 6:28 p.m. UTC | #1 
On Mon, Apr 19, 2021 at 11:05:18PM +0000, Andrew Beltrano wrote:
> Add 10s timeout for receipt of Configuration Request frame from
> enrollee.

It would be good to copy the description of the need for this change
from the cover letter (0/2) into the actual commit message here since
the cover letter is not going to be stored in the repository.
Furthermore, I would combine these patches into a single commit instead
of splitting the practically same functionality between hostapd and
wpa_supplicant.

> diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
> @@ -440,6 +442,24 @@ static void hostapd_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)

> @@ -2001,6 +2025,8 @@ hostapd_dpp_gas_req_handler(struct hostapd_data *hapd, const u8 *sa,
> +	if (auth->configurator)
> +		eloop_cancel_timeout(hostapd_dpp_conf_req_rx_wait_timeout, hapd, NULL);

In addition to this normal case, the timeout should likely be canceled
in some other paths as well. At least the one in hostapd_dpp_auth_init()
when a previous session is terminated to start a new one should cancel
this timeout to avoid unexpected calls during a consecutive exchange.
Similarly, hostapd_dpp_deinit() needs to cancel this to avoid
dereferencing freed memory after interface removal if that removal were
to happen during this timeout.
diff mbox series

Patch

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index aaeb94c2f..2e1a79a78 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -28,6 +28,8 @@  static void hostapd_dpp_auth_conf_wait_timeout(void *eloop_ctx,
 static void hostapd_dpp_auth_success(struct hostapd_data *hapd, int initiator);
 static void hostapd_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx);
 static int hostapd_dpp_auth_init_next(struct hostapd_data *hapd);
+static void hostapd_dpp_conf_req_rx_wait_timeout(void *eloop_ctx, 
+							void *timeout_ctx);
 #ifdef CONFIG_DPP2
 static void hostapd_dpp_reconfig_reply_wait_timeout(void *eloop_ctx,
 						    void *timeout_ctx);
@@ -440,6 +442,24 @@  static void hostapd_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)
 }
 
 
+static void hostapd_dpp_conf_req_rx_wait_timeout(void *eloop_ctx, 
+							void *timeout_ctx)
+{
+	struct hostapd_data *hapd = eloop_ctx;
+
+	if (!hapd->dpp_auth || !hapd->dpp_auth->auth_success)
+		return;
+
+	wpa_printf(MSG_DEBUG, 
+		"DPP: terminate exchange due to Configuration Request rx timeout");
+	wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED 
+		"No Configuration Request received");
+
+	dpp_auth_deinit(hapd->dpp_auth);
+	hapd->dpp_auth = NULL;
+}
+
+
 static int hostapd_dpp_auth_init_next(struct hostapd_data *hapd)
 {
 	struct dpp_authentication *auth = hapd->dpp_auth;
@@ -1039,6 +1059,10 @@  static void hostapd_dpp_auth_success(struct hostapd_data *hapd, int initiator)
 
 	if (!hapd->dpp_auth->configurator)
 		hostapd_dpp_start_gas_client(hapd);
+	else
+		eloop_register_timeout(10, 0,
+				       hostapd_dpp_conf_req_rx_wait_timeout,
+				       hapd, NULL);
 }
 
 
@@ -2001,6 +2025,8 @@  hostapd_dpp_gas_req_handler(struct hostapd_data *hapd, const u8 *sa,
 		    query, query_len);
 	wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_REQ_RX "src=" MACSTR,
 		MAC2STR(sa));
+	if (auth->configurator)
+		eloop_cancel_timeout(hostapd_dpp_conf_req_rx_wait_timeout, hapd, NULL);
 	resp = dpp_conf_req_rx(auth, query, query_len);
 	if (!resp)
 		wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED);