From patchwork Tue Mar 6 11:49:58 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masashi Honma X-Patchwork-Id: 144930 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "maxx.shmoo.com", Issuer "CA Cert Signing Authority" (not verified)) by ozlabs.org (Postfix) with ESMTPS id 639B6B6FA2 for ; Tue, 6 Mar 2012 22:50:14 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 4ED4B9C165; Tue, 6 Mar 2012 06:50:10 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FqqNRqtgsG8V; Tue, 6 Mar 2012 06:50:10 -0500 (EST) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 16F829C17C; Tue, 6 Mar 2012 06:50:06 -0500 (EST) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 2EE189C17C for ; Tue, 6 Mar 2012 06:50:04 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6gTjH8WuMzGH for ; Tue, 6 Mar 2012 06:50:00 -0500 (EST) Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (not verified)) by maxx.maxx.shmoo.com (Postfix) with ESMTPS id 1A5B69C165 for ; Tue, 6 Mar 2012 06:49:59 -0500 (EST) Received: by bkuw5 with SMTP id w5so6660902bku.17 for ; Tue, 06 Mar 2012 03:49:58 -0800 (PST) Received-SPF: pass (google.com: domain of masashi.honma@gmail.com designates 10.204.153.215 as permitted sender) client-ip=10.204.153.215; Authentication-Results: mr.google.com; spf=pass (google.com: domain of masashi.honma@gmail.com designates 10.204.153.215 as permitted sender) smtp.mail=masashi.honma@gmail.com; dkim=pass header.i=masashi.honma@gmail.com Received: from mr.google.com ([10.204.153.215]) by 10.204.153.215 with SMTP id l23mr12767449bkw.11.1331034598426 (num_hops = 1); Tue, 06 Mar 2012 03:49:58 -0800 (PST) MIME-Version: 1.0 Received: by 10.204.153.215 with SMTP id l23mr10031742bkw.11.1331034598310; Tue, 06 Mar 2012 03:49:58 -0800 (PST) Received: by 10.204.130.214 with HTTP; Tue, 6 Mar 2012 03:49:58 -0800 (PST) In-Reply-To: <20120305143635.GE2845@w1.fi> References: <20120305143635.GE2845@w1.fi> Date: Tue, 6 Mar 2012 20:49:58 +0900 Message-ID: Subject: Re: [PATCH] P2P: Add error message for invalid PIN From: Masashi Honma To: hostap@lists.shmoo.com X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com 2012/3/5 Jouni Malinen : > On Sun, Mar 04, 2012 at 12:09:37PM +0900, Masashi Honma wrote: >> The second argument of p2p_connect command is "pin", "pbc" or PIN number. >> >> But PIN number is not checked. So the user typed "pbd" can not >> recognize he mistyped. >> Because the command returns "OK". >> >> So I made a patch adds a error message. > > This may be a bit too restrictive conditions. While 4-digit PINs are not > very commonly used, I think that they would be allowed for P2P use > cases. As such, I don't think I can apply this patch in its current > form. In addition, user-generated 8-digit PINs are not required to > include a checksum digit, so the use of wps_pin_valid() may not actually > be valid for some use cases. > > I would be fine with a change that verifies that the PIN value is either > a 4-digit or 8-digit number, but I'm not sure whether we can make this > command any more restrictive than that. Please note that the separate > wps_check_pin command was added for this same reason instead of making > wps_pin command validate the PIN values. Thanks for your advice. I relaxed the restriction of new patch. > > > PS. > > Please read the CONTRIBUTIONS file in the top of the tree and use the > Signed-hostap: line in future contributions to the project. Signed-hostap: Masashi Honma int ret; @@ -2704,6 +2705,7 @@ static int p2p_ctrl_connect(struct wpa_supplicant *wpa_s, char *cmd, int auth; int go_intent = -1; int freq = 0; + long int val; /* <"pbc" | "pin" | PIN> [label|display|keypad] [persistent] * [join] [auth] [go_intent=<0..15>] [freq=] */ @@ -2750,6 +2752,13 @@ static int p2p_ctrl_connect(struct wpa_supplicant *wpa_s, char *cmd, if (os_strncmp(pos, "display", 7) == 0) wps_method = WPS_PIN_DISPLAY; } + val = strtol(pin, &end, 10); + val = val; // workaround for a compiler warning + if ((os_strlen(pin) != 4 && os_strlen(pin) != 8) || + *end != '\0') { + os_memcpy(buf, "FAIL-INVALID-PIN\n", 17); + return 17; + } } new_pin = wpas_p2p_connect(wpa_s, addr, pin, wps_method, Regards, Masashi Honma. diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index 11f4674..f98d403 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -2696,6 +2696,7 @@ static int p2p_ctrl_connect(struct wpa_supplicant *wpa_s, char *cmd, u8 addr[ETH_ALEN]; char *pos, *pos2; char *pin = NULL; + char *end; enum p2p_wps_method wps_method; int new_pin;