Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

WPS: Fix nonce comparisons

Multiple memcmps of nonces were actually comparing only the first byte
instead of all 16 bytes. [Bug 462]

Signed-hostap: Eyal Shapira <eyal@wizery.com>
intended-for: hostap-1
Eyal Shapira 12 years ago
parent
623ecdd5a2
commit
b4e9e2659b
2 changed files with 12 additions and 12 deletions
Split View Show Diff Stats
  1. 5 5
      src/wps/wps_enrollee.c
  2. 7 7
      src/wps/wps_registrar.c

+ 5 - 5
src/wps/wps_enrollee.c
View File 

@@ -1150,7 +1150,7 @@ static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps,
 
 		return WPS_FAILURE;
 
 
 	if (attr.enrollee_nonce == NULL ||
 
-	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
 
+	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
 
 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
 
 		return WPS_FAILURE;
 
 	}
 
@@ -1242,14 +1242,14 @@ static enum wps_process_res wps_process_wsc_ack(struct wps_data *wps,
 
 	}
 
 
 	if (attr.registrar_nonce == NULL ||
 
-	    os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
 
+	    os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
 
 	{
 
 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
 
 		return WPS_FAILURE;
 
 	}
 
 
 	if (attr.enrollee_nonce == NULL ||
 
-	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
 
+	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
 
 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
 
 		return WPS_FAILURE;
 
 	}
 
@@ -1289,7 +1289,7 @@ static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps,
 
 	}
 
 
 	if (attr.registrar_nonce == NULL ||
 
-	    os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
 
+	    os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
 
 	{
 
 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
 
 		wpa_hexdump(MSG_DEBUG, "WPS: Received Registrar Nonce",
 
@@ -1300,7 +1300,7 @@ static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps,
 
 	}
 
 
 	if (attr.enrollee_nonce == NULL ||
 
-	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
 
+	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
 
 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
 
 		wpa_hexdump(MSG_DEBUG, "WPS: Received Enrollee Nonce",
 
 			    attr.enrollee_nonce, WPS_NONCE_LEN);

+ 7 - 7
src/wps/wps_registrar.c
View File 

@@ -2849,7 +2849,7 @@ static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps,
 
 	if (*attr.msg_type != WPS_M1 &&
 
 	    (attr.registrar_nonce == NULL ||
 
 	     os_memcmp(wps->nonce_r, attr.registrar_nonce,
 
-		       WPS_NONCE_LEN != 0))) {
 
+		       WPS_NONCE_LEN) != 0)) {
 
 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
 
 		return WPS_FAILURE;
 
 	}
 
@@ -2945,14 +2945,14 @@ static enum wps_process_res wps_process_wsc_ack(struct wps_data *wps,
 
 #endif /* CONFIG_WPS_UPNP */
 
 
 	if (attr.registrar_nonce == NULL ||
 
-	    os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
 
+	    os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
 
 	{
 
 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
 
 		return WPS_FAILURE;
 
 	}
 
 
 	if (attr.enrollee_nonce == NULL ||
 
-	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
 
+	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
 
 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
 
 		return WPS_FAILURE;
 
 	}
 
@@ -3014,14 +3014,14 @@ static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps,
 
 #endif /* CONFIG_WPS_UPNP */
 
 
 	if (attr.registrar_nonce == NULL ||
 
-	    os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
 
+	    os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
 
 	{
 
 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
 
 		return WPS_FAILURE;
 
 	}
 
 
 	if (attr.enrollee_nonce == NULL ||
 
-	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
 
+	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
 
 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
 
 		return WPS_FAILURE;
 
 	}
 
@@ -3100,14 +3100,14 @@ static enum wps_process_res wps_process_wsc_done(struct wps_data *wps,
 
 #endif /* CONFIG_WPS_UPNP */
 
 
 	if (attr.registrar_nonce == NULL ||
 
-	    os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
 
+	    os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
 
 	{
 
 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
 
 		return WPS_FAILURE;
 
 	}
 
 
 	if (attr.enrollee_nonce == NULL ||
 
-	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
 
+	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
 
 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
 
 		return WPS_FAILURE;
 
 	}