Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

WPS: Disable WPS(v2) in WPA/TKIP-only configuration

When using wpa_supplicant AP mode, WPS support is enabled by default for
WPA/WPA2-Personal. Change this to enforce the WPS2 rules on not allowing
WPS to be used with WPA/TKIP-only configuration (i.e., at minimum, mixed
mode with WPA/TKIP and WPA2/CCMP has to be used for WPS to be enabled).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 13 years ago
parent
56d24b4ee0
commit
c0f83f3104
1 changed files with 6 additions and 0 deletions
Unified View Show Diff Stats
  1. 6 0
      wpa_supplicant/ap.c

+ 6 - 0
wpa_supplicant/ap.c
View File 

@@ -237,6 +237,12 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
 
 	if (bss->ssid.security_policy != SECURITY_WPA_PSK &&
 
 	if (bss->ssid.security_policy != SECURITY_WPA_PSK &&
 
 	    bss->ssid.security_policy != SECURITY_PLAINTEXT)
 
 	    bss->ssid.security_policy != SECURITY_PLAINTEXT)
 
 		goto no_wps;
 
 		goto no_wps;
 
+#ifdef CONFIG_WPS2
 
+	if (bss->ssid.security_policy == SECURITY_WPA_PSK &&
 
+	    (!(pairwise & WPA_CIPHER_CCMP) || !(bss->wpa & 2)))
 
+		goto no_wps; /* WPS2 does not allow WPA/TKIP-only
 
+			      * configuration */
 
+#endif /* CONFIG_WPS2 */
 
 	bss->eap_server = 1;
 
 	bss->eap_server = 1;
 
 	bss->wps_state = 2;
 
 	bss->wps_state = 2;
 
 	bss->ap_setup_locked = 2;
 
 	bss->ap_setup_locked = 2;