From f27b37a4f01d6639b41a9b34da3f956082d73b71 Mon Sep 17 00:00:00 2001
From: Nachiket Kukade <nachiket.kukade@espressif.com>
Date: Tue, 7 Jan 2020 17:02:56 +0530
Subject: [PATCH 1/2] wpa_supplicant: Allow NULL-padded WPS attributes

Some AP's keep NULL-padding at the end of some variable length WPS
Attributes. This is not as par the WPS2.0 specs, but to avoid interop
issues, ignore the padding by reducing the attribute length by 1.
---
 .../wpa_supplicant/src/wps/wps_attr_parse.c   | 36 +++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/components/wpa_supplicant/src/wps/wps_attr_parse.c b/components/wpa_supplicant/src/wps/wps_attr_parse.c
index a8cf76683..59f85d709 100644
--- a/components/wpa_supplicant/src/wps/wps_attr_parse.c
+++ b/components/wpa_supplicant/src/wps/wps_attr_parse.c
@@ -128,10 +128,42 @@ static int wps_parse_vendor_ext(struct wps_parse_attr *attr, const u8 *pos,
 	return 0;
 }
 
+static u16 wps_ignore_null_padding_in_attr(const u8 *pos, u16 type, u16 attr_data_len)
+{
+	u16 len = attr_data_len;
+
+	if (len == 0)
+		return 0;
+	/*
+	 * Some AP's keep NULL-padding at the end of some variable length WPS Attributes.
+	 * This is not as par the WPS2.0 specs, but to avoid interop issues, ignore the
+	 * padding by reducing the attribute length by 1.
+	 */
+	switch (type) {
+		case ATTR_MANUFACTURER:
+		case ATTR_MODEL_NAME:
+		case ATTR_MODEL_NUMBER:
+		case ATTR_SERIAL_NUMBER:
+		case ATTR_DEV_NAME:
+		case ATTR_SSID:
+		case ATTR_NETWORK_KEY:
+			if (pos[len - 1] == 0)
+				len--;
+			break;
+		default:
+			break;
+	}
+
+	return len;
+}
 
 static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
-			const u8 *pos, u16 len)
+			const u8 *pos, u16 attr_data_len)
 {
+	u16 len;
+
+	len = wps_ignore_null_padding_in_attr(pos, type, attr_data_len);
+
 	switch (type) {
 	case ATTR_VERSION:
 		if (len != 1) {
@@ -637,4 +669,4 @@ int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr)
 	}
 
 	return 0;
-}
\ No newline at end of file
+}

From 90de9f4942c00952ee556a10fa45906c0a063ea6 Mon Sep 17 00:00:00 2001
From: "kapil.gupta" <kapil.gupta@espressif.com>
Date: Mon, 11 May 2020 09:33:17 +0530
Subject: [PATCH 2/2] wpa_supplicant: WPS Inter operatability Fixes

Add WPS IOT fixes under config option

Current fixes under this flag.
1. Allow NULL-padded WPS attributes.
2. Bypass WPS-Config method validation
---
 components/wpa_supplicant/Kconfig             | 21 +++++++++++++++++++
 .../wpa_supplicant/src/wps/wps_attr_parse.c   |  2 ++
 .../wpa_supplicant/src/wps/wps_validate.c     |  2 ++
 3 files changed, 25 insertions(+)
 create mode 100644 components/wpa_supplicant/Kconfig

diff --git a/components/wpa_supplicant/Kconfig b/components/wpa_supplicant/Kconfig
new file mode 100644
index 000000000..6db1fd8c0
--- /dev/null
+++ b/components/wpa_supplicant/Kconfig
@@ -0,0 +1,21 @@
+menu "Supplicant"
+
+config WPA_WPS_WARS
+    bool "Enable WPS Inter operatability Fixes"
+    default n
+    help
+        Select this option to enable WPS related IOT fixes with different 
+        APs. This option fixes IOT related issues with APs which do not 
+        follow some of the standard of WPS-2.0 specification. However 
+        these do not include any of the security related bypassing, just 
+        simple configuration corrections. Current fixes under this flag:
+        1. Allow NULL-padded WPS attributes: Some APs keep NULL-padding
+        at the end of some variable length WPS Attributes. This is not 
+        as par the WPS2.0 specs, but to avoid interop issues, ignore the 
+        padding by reducing the attribute length by 1.
+        2. Bypass WPS-Config method validation: Some APs set display/pbc
+        button bit without setting virtual/phycial display/button bit
+        which will cause M2 validation fail, bypassing WPS-Config method 
+        validation.
+
+endmenu
diff --git a/components/wpa_supplicant/src/wps/wps_attr_parse.c b/components/wpa_supplicant/src/wps/wps_attr_parse.c
index 59f85d709..95ec4234d 100644
--- a/components/wpa_supplicant/src/wps/wps_attr_parse.c
+++ b/components/wpa_supplicant/src/wps/wps_attr_parse.c
@@ -132,6 +132,7 @@ static u16 wps_ignore_null_padding_in_attr(const u8 *pos, u16 type, u16 attr_dat
 {
 	u16 len = attr_data_len;
 
+#ifdef CONFIG_WPA_WPS_WARS
 	if (len == 0)
 		return 0;
 	/*
@@ -153,6 +154,7 @@ static u16 wps_ignore_null_padding_in_attr(const u8 *pos, u16 type, u16 attr_dat
 		default:
 			break;
 	}
+#endif
 
 	return len;
 }
diff --git a/components/wpa_supplicant/src/wps/wps_validate.c b/components/wpa_supplicant/src/wps/wps_validate.c
index 8fdfc3303..f02e2fa18 100644
--- a/components/wpa_supplicant/src/wps/wps_validate.c
+++ b/components/wpa_supplicant/src/wps/wps_validate.c
@@ -95,6 +95,7 @@ static int wps_validate_response_type(const u8 *response_type, int mandatory)
 
 static int valid_config_methods(u16 val, int wps2)
 {
+#ifndef CONFIG_WPA_WPS_WARS
 	if (wps2) {
 		if (!(val & 0x6000) && (val & WPS_CONFIG_DISPLAY)) {
 			wpa_printf(MSG_INFO, "WPS-STRICT: Display flag "
@@ -108,6 +109,7 @@ static int valid_config_methods(u16 val, int wps2)
 		}
 	}
 
+#endif
 	return 1;
 }