Ilan Peer [Tue, 12 May 2015 14:40:00 +0000 (17:40 +0300)]
P2P: Fix wpas_p2p_add_persistent_group_client() to use P2P mgmt interface
The function used wpa_s->parent->conf to iterate the P2P networks and
update the configuration file. However, wpa_s->parent is not
necessarily the interface used to manage the P2P Device operations.
Fix this by accessing the configuration file of the interface initialized
to managed the P2P Device operations.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Ilan Peer [Tue, 12 May 2015 14:39:59 +0000 (17:39 +0300)]
P2P: Fix wpas_p2p_set_own_freq_preference() to use P2P mgmt interface
wpas_p2p_set_own_freq_preference() accessed wpa_s->parent->conf to test
if p2p_ignore_shared_freq is set, but wpa_s->parent is not necessarily
the interface used to manage the P2P Device operations.
Fix this by accessing the configuration file of the interface
initialized to manage the P2P Device operations.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Ben Rosenfeld [Tue, 12 May 2015 14:39:57 +0000 (17:39 +0300)]
P2P: Use the P2P Device management interface in wpas_p2p_remove_client()
As wpas_p2p_remove_client() is not necessarily called from the interface
used to manage the P2P Device operations, when removing a client, use
the P2P management interface to iterate over the saved networks and
remove the relevant entries form the P2P GO network blocks.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Jouni Malinen [Mon, 25 May 2015 15:08:27 +0000 (18:08 +0300)]
tests: D-Bus FindStopped signal
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Nishant Chaprana [Wed, 13 May 2015 12:03:48 +0000 (17:33 +0530)]
P2P: Add D-Bus FindStopped to notify P2P-FIND-STOPPED event
Add D-Bus notification mechanism of P2P-FIND-STOPPED event on
fi.w1.wpa_supplicant1.Interface.P2PDevice interface.
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Sunil Dutt [Sat, 9 May 2015 09:25:03 +0000 (14:55 +0530)]
P2P: Advertize cross connection to WLAN AP on a non-P2P interface
Commit
1c2aa04c96626f5b000d167bb5274a8c39b7dac2 ('P2P: Do not add P2P
IEs on P2P disabled interface') removed the P2P IEs from association on
non-P2P interface. However, an AP functioning as a P2P manager needs the
cross connection capability of the station (P2P Device). This needs to
be done to meet the P2P specification requirements even if the station
interface has p2p_disabled=1 in case P2P in general is enabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 24 May 2015 10:44:42 +0000 (13:44 +0300)]
wlantest: Fix a copy-paste error in a debug message
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 17 May 2015 22:21:50 +0000 (01:21 +0300)]
tests: UPDATE_BEACON to change vendor_elements at runtime
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 24 May 2015 10:36:16 +0000 (13:36 +0300)]
tests: EAP-EKE with server OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 24 May 2015 09:48:52 +0000 (12:48 +0300)]
tests: WPA2-Enterprise connection using EAP-EKE with serverid NAI
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 24 May 2015 09:01:25 +0000 (12:01 +0300)]
tests: ERP with EAP-EKE
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 24 May 2015 08:58:45 +0000 (11:58 +0300)]
EAP-EKE: Add Session-Id
While RFC 6124 does not define how Session-Id is constructed for
EAP-EKE, there seems to be consensus among the authors on the
construction. Use this Type | Nonce_P | Nonce_S construction based on
the following email:
From: Yaron Sheffer <yaronf.ietf at gmail.com>
To: ietf at ietf.org
Date: Wed, 17 Nov 2010 13:13:42 +0200
Expanding on my previous response, I suggest to resolve Bernard's
concern by adding the following text:
5.6 EAP Key Generation
EAP-EKE can be used for EAP key generation, as defined by [RFC 5247].
When used in this manner, the values required to establish the key
hierarchy are defined as follows:
- Peer-Id is the EAP-EKE ID_P value.
- Server-Id is the EAP-EKE ID_S value.
- Session-Id is the concatenated Type | Nonce_P | Nonce_S, where Type is
the method type defined for EAP-EKE in [Sec. 4.1], a single octet.
Thanks,
Yaron
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 24 May 2015 08:24:35 +0000 (11:24 +0300)]
tests: EAP-TTLS with server certificate valid beyond UNIX time 2^31
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 24 May 2015 08:03:42 +0000 (11:03 +0300)]
tests: DH params with 2048-bit key
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 24 May 2015 07:47:21 +0000 (10:47 +0300)]
Increase DH key size in the hostapd.conf example
OpenSSL is moving to use 2048-bit DH key size as the default with
dhparam. Increase the value in the hostapd.conf to match that to reduce
likelihood of ending up using a shorter key.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 24 May 2015 07:43:44 +0000 (10:43 +0300)]
tests: Automatic channel selection with chanlist set
Signed-off-by: Jouni Malinen <j@w1.fi>
Srinivasa Duvvuri [Fri, 15 May 2015 03:35:09 +0000 (20:35 -0700)]
ACS: Scan only channels specified in the channel list
The ACS code part of hostapd scans all the channels even if the channel
list is specified in the hostapd.conf. Limit the ACS scan channels to
the list specified in the config file.
Signed-off-by: Srinivasa Duvvuri<sduvvuri@chromium.org>
Jouni Malinen [Sun, 24 May 2015 07:33:26 +0000 (10:33 +0300)]
WPS: Fix build without CONFIG_WPS=y
Commit
5add4101626b23c11f073630770896465d9cc8f3 ('WPS: Use shorter
authentication timeout during no-SelReg iteration') broke the build with
WPS disabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 8 May 2015 15:21:54 +0000 (18:21 +0300)]
tests: Fix persistent_group_per_sta_psk for P2P Device case
The dev[1] <--> dev[2] data connectivity test was using incorrect
function. dev[2] is also using a P2P group and as such, can have a
different group interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 8 May 2015 15:15:56 +0000 (18:15 +0300)]
tests: Fix go_neg_with_bss_connected with P2P Device
Group interface name was fetched from the results of an incorrect group
formation and because of this, group removal failed in case P2P Device
is used and dev[1] ends up getting different group ifname for the
groups.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 8 May 2015 14:59:52 +0000 (17:59 +0300)]
tests: Add P2P Device support for persistent_group
The network operations need to use the global control interface to be
performed on the interface that stores the network profiles for
persistent groups.
Signed-off-by: Jouni Malinen <j@w1.fi>
Ben Rosenfeld [Tue, 5 May 2015 09:37:04 +0000 (12:37 +0300)]
tests: Update group_ifname after group start
After P2P-GROUP-STARTED event, use group_form_result in order to update
the group_ifname for the device. This is needed when using P2P Device
for managing P2P operations which results in a separate group interface
being used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ben Rosenfeld [Tue, 5 May 2015 09:37:03 +0000 (12:37 +0300)]
tests: Use list_networks with p2p=true in test_p2p_channel
In case that there is a need to list the persistent P2P networks,
the global control interface needs to be used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ben Rosenfeld [Tue, 5 May 2015 09:37:00 +0000 (12:37 +0300)]
tests: Change persistent_go_client_list to use global interface
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ben Rosenfeld [Tue, 5 May 2015 09:36:59 +0000 (12:36 +0300)]
tests: Use global interface in persistent_group_invite_removed_client
When removing a persistent P2P group, global interface needs to be used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ben Rosenfeld [Tue, 5 May 2015 09:36:58 +0000 (12:36 +0300)]
tests: Change list_networks() to use global interface with P2P
list_networks() always used the wlanX control interface to query for the
current list of networks. However, when a dedicated P2P Device is used,
the global control interface should be used when checking persistent
group network profiles.
Fix this by adding an optional parameter indicating that the P2P
networks are requested, and in such a case use the global control
interface.
In addition update test_p2p_persistent to use the argument when needed.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ben Rosenfeld [Tue, 5 May 2015 09:36:57 +0000 (12:36 +0300)]
tests: Change persistent_group_per_sta_psk to use global interface
This is required for cases that a dedicated P2P Device interface
is used and then the event will happen on the global interface.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ben Rosenfeld [Tue, 5 May 2015 09:36:53 +0000 (12:36 +0300)]
tests: Change test_p2p_persistent to use the global control interface
Send request to set persistent_reconnect on the global control
interface so it would also work when using a dedicated P2P Device
interface.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ben Rosenfeld [Tue, 5 May 2015 09:37:05 +0000 (12:37 +0300)]
tests: Change p2p_device_nfc_invite to use global interface
When testing P2P invitation flow, setting the NFC selector
should be done using the global control interface.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ben Rosenfeld [Tue, 5 May 2015 09:37:01 +0000 (12:37 +0300)]
tests: Change p2p_device_misuses() to use group interface
Calling "DISASSOCIATE" should be done on the group interface.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ilan Peer [Tue, 5 May 2015 09:36:56 +0000 (12:36 +0300)]
tests: Skip some tests in P2PS when a dedicated P2P Device is used
Some tests in test_p2ps.py test a scenario where a separate P2P
group interface is not used. However, this is not a valid case
when a dedicated P2P Device interface is used, as in such a case
a separate group interface must be used.
Handle this by skipping such tests in case a dedicated P2P Device is
used.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Ilan Peer [Tue, 5 May 2015 09:36:55 +0000 (12:36 +0300)]
tests: Fix test_p2ps.py to save group results
Call group_form_result() whenever a new group is started, so that
group_ifname gets updated and later, the group can be removed when
needed.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Ben Rosenfeld [Tue, 5 May 2015 09:36:54 +0000 (12:36 +0300)]
tests: Remove all P2P networks in call to reset
When resetting a device, remove all the P2P networks to prevent
unexpected behavior in following tests. This is needed for the case
where P2P Device interface is used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ben Rosenfeld [Tue, 5 May 2015 09:36:52 +0000 (12:36 +0300)]
tests: Change test_p2p_messages to use global interface
This is required for cases where P2P Device is used and the event
happens on the global interface.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ben Rosenfeld [Tue, 5 May 2015 09:36:51 +0000 (12:36 +0300)]
tests: Change set_country() to use the global interface to get event
This is required for cases that multiple interfaces are used and the
event can happen on any of them, for example when a dedicated P2P Device
interface is used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ben Rosenfeld [Tue, 5 May 2015 09:36:50 +0000 (12:36 +0300)]
tests: Change p2p_set_ssid_postfix to use the group interface for SSID
This is required for cases where thea P2P Device interface is used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ben Rosenfeld [Tue, 5 May 2015 09:36:49 +0000 (12:36 +0300)]
tests: Fix test_ap_pmf to use own_addr
The tests used p2p_dev_addr that can be different from own_addr,
if a dedicated P2P Device interface is used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ilan Peer [Mon, 4 May 2015 12:50:46 +0000 (15:50 +0300)]
P2P: Fix association with an AP/P2P GO that is not a P2P manager
Do not add a P2P IE when a station interface is trying to associate
to an AP or P2P GO that publishes a P2P IE but does not include
a P2P manageability attribute.
This addresses an interoperability issue that was reported in
https://bugzilla.kernel.org/show_bug.cgi?id=96471, where a P2P GO
rejects association from a station interface without a specified
reason.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Matthias May [Wed, 6 May 2015 07:18:07 +0000 (09:18 +0200)]
hostapd: check validity of cwMin/cwMax values
Signed-off-by: Matthias May <matthias.may@neratec.com>
Michael Braun [Wed, 6 May 2015 11:44:04 +0000 (13:44 +0200)]
vlan: Print libnl error message on vlan_add / vlan_del
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Sunil Dutt [Wed, 6 May 2015 11:25:10 +0000 (16:55 +0530)]
Add QCA vendor subcmd for Link Property Query
Link Property query vendor command shall facilitate the information
of the Wi-Fi link. MAC address of the Wi-Fi peer is given as an input
for querying the link properties.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 3 May 2015 07:39:28 +0000 (10:39 +0300)]
EAP-pwd server: Make sure in_frag_pos is cleared to zero on allocation
The cleanup code will handle this, but it is more robust to make sure
this is cleared to zero when allocating a new buffer.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 3 May 2015 07:38:20 +0000 (10:38 +0300)]
EAP-pwd peer: Make sure in_frag_pos is cleared to zero on allocation
The cleanup code will handle this, but it is more robust to make sure
this is cleared to zero when allocating a new buffer.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 May 2015 16:26:28 +0000 (19:26 +0300)]
EAP-pwd peer: Fix asymmetric fragmentation behavior
The L (Length) and M (More) flags needs to be cleared before deciding
whether the locally generated response requires fragmentation. This
fixes an issue where these flags from the server could have been invalid
for the following message. In some cases, this could have resulted in
triggering the wpabuf security check that would terminate the process
due to invalid buffer allocation.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 May 2015 16:26:06 +0000 (19:26 +0300)]
EAP-pwd server: Fix Total-Length parsing for fragment reassembly
The remaining number of bytes in the message could be smaller than the
Total-Length field size, so the length needs to be explicitly checked
prior to reading the field and decrementing the len variable. This could
have resulted in the remaining length becoming negative and interpreted
as a huge positive integer.
In addition, check that there is no already started fragment in progress
before allocating a new buffer for reassembling fragments. This avoid a
potential memory leak when processing invalid message.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 May 2015 16:23:04 +0000 (19:23 +0300)]
EAP-pwd peer: Fix Total-Length parsing for fragment reassembly
The remaining number of bytes in the message could be smaller than the
Total-Length field size, so the length needs to be explicitly checked
prior to reading the field and decrementing the len variable. This could
have resulted in the remaining length becoming negative and interpreted
as a huge positive integer.
In addition, check that there is no already started fragment in progress
before allocating a new buffer for reassembling fragments. This avoid a
potential memory leak when processing invalid message.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 1 May 2015 13:40:44 +0000 (16:40 +0300)]
EAP-pwd server: Fix payload length validation for Commit and Confirm
The length of the received Commit and Confirm message payloads was not
checked before reading them. This could result in a buffer read
overflow when processing an invalid message.
Fix this by verifying that the payload is of expected length before
processing it. In addition, enforce correct state transition sequence to
make sure there is no unexpected behavior if receiving a Commit/Confirm
message before the previous exchanges have been completed.
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 1 May 2015 13:37:45 +0000 (16:37 +0300)]
EAP-pwd peer: Fix payload length validation for Commit and Confirm
The length of the received Commit and Confirm message payloads was not
checked before reading them. This could result in a buffer read
overflow when processing an invalid message.
Fix this by verifying that the payload is of expected length before
processing it. In addition, enforce correct state transition sequence to
make sure there is no unexpected behavior if receiving a Commit/Confirm
message before the previous exchanges have been completed.
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 28 Apr 2015 23:10:24 +0000 (02:10 +0300)]
tests: Add a STA entry for ap-mgmt-fuzzer
This increases the coverage for AP mode management frame fuzzing by
allowing number of additional Action frame code paths to be executed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 28 Apr 2015 23:44:59 +0000 (02:44 +0300)]
tests: Invalid WMM Action frame
This is a regression test case for a AP mode WMM Action frame parsing
issue.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 28 Apr 2015 23:21:53 +0000 (02:21 +0300)]
AP WMM: Fix integer underflow in WMM Action frame parser
The length of the WMM Action frame was not properly validated and the
length of the information elements (int left) could end up being
negative. This would result in reading significantly past the stack
buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
so, resulting in segmentation fault.
This can result in an invalid frame being used for a denial of service
attack (hostapd process killed) against an AP with a driver that uses
hostapd for management frame processing (e.g., all mac80211-based
drivers).
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 28 Apr 2015 14:30:38 +0000 (17:30 +0300)]
tests: WPS HTTP protocol tests
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 28 Apr 2015 14:30:08 +0000 (17:30 +0300)]
WPS: Add more debug prints to httpread
These can be helpful when debugging HTTP error cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 28 Apr 2015 14:27:13 +0000 (17:27 +0300)]
WPS: Replace the httpread_debug design with standard debug prints
The debug information from httpread can be helpful in figuring out error
cases in general and as such, should be enabled by default. Get rid of
the hardcoded httpread_debug value that would require source code
changes to enable.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 28 Apr 2015 14:23:06 +0000 (17:23 +0300)]
WPS: Check maximum HTTP body length earlier in the process
There is no need to continue processing a HTTP body when it becomes
clear that the end result would be over the maximum length.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 28 Apr 2015 14:20:09 +0000 (17:20 +0300)]
WPS: Extra validation step for HTTP reader
Verify that ncopy parameter to memcpy is not negative. While this is not
supposed to be needed, it is a good additional protection against
unknown implementation issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 28 Apr 2015 14:08:33 +0000 (17:08 +0300)]
WPS: Fix HTTP chunked transfer encoding parser
strtoul() return value may end up overflowing the int h->chunk_size and
resulting in a negative value to be stored as the chunk_size. This could
result in the following memcpy operation using a very large length
argument which would result in a buffer overflow and segmentation fault.
This could have been used to cause a denial service by any device that
has been authorized for network access (either wireless or wired). This
would affect both the WPS UPnP functionality in a WPS AP (hostapd with
upnp_iface parameter set in the configuration) and WPS ER
(wpa_supplicant with WPS_ER_START control interface command used).
Validate the parsed chunk length value to avoid this. In addition to
rejecting negative values, we can also reject chunk size that would be
larger than the maximum configured body length.
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
Signed-off-by: Jouni Malinen <j@w1.fi>
Avraham Stern [Tue, 28 Apr 2015 11:01:03 +0000 (14:01 +0300)]
dbus: Stop ongoing scheduled scan when scan is requested
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Matti Gottlieb [Tue, 28 Apr 2015 11:01:04 +0000 (14:01 +0300)]
Fix sending ANQP request to an unknown BSS while associated
While being associated, if an ANQP request is received for a different
AP that doesn't exist in the BSS list, the ANQP request will be sent on
the frequency of the AP that we are currently associated to.
In such a case, it is possible that the ANQP request would be sent on
a channel different than that of the requested AP, potentially delaying
other requests/activities.
Avoid sending the ANQP request to an AP that is not in the BSS list.
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
Andrei Otcheretianski [Tue, 28 Apr 2015 11:01:02 +0000 (14:01 +0300)]
wpa_cli: Fix memory leak when tracking networks
Fix memory leak introduced in commit
32a097fdd26b9401fbd22054a2a01ba2d71f139a ("wpa_cli: Keep track of
available networks") by tracking networks only when in interactive mode.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Oren Givon [Tue, 28 Apr 2015 11:00:51 +0000 (14:00 +0300)]
tests: TDLS link status test
Add a test case for checking TDLS link status.
Signed-off-by: Oren Givon <oren.givon@intel.com>
Oren Givon [Tue, 28 Apr 2015 11:00:50 +0000 (14:00 +0300)]
TDLS: Add TDLS_LINK_STATUS command to the control interface
Add the TDLS_LINK_STATUS command to the control interface. This command
shows what is the status of our current TDLS connection with the given
peer. Also, add the TDLS_LINK_STATUS command to wpa_cli.
Signed-off-by: Oren Givon <oren.givon@intel.com>
Jouni Malinen [Sun, 3 May 2015 14:15:45 +0000 (17:15 +0300)]
tests: IBSS RSN regression test for IBSS_RSN prior IBSS setup
Signed-off-by: Jouni Malinen <j@w1.fi>
Eduardo Abinader [Fri, 1 May 2015 14:14:16 +0000 (10:14 -0400)]
IBSS: Check ibss_rsn init before starting new IBSS authentication
Sanity check added to avoid segmentation fault which occurs, when
issuing ibss_rsn ctrl iface cmd and IBSS was not initialized previously
via IBSS network selection.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Maks Naumov [Sat, 2 May 2015 20:21:37 +0000 (23:21 +0300)]
libtommath: Fix check mp_init_multi() result
If the mp_init_multi() call had failed due to memory allocation failure,
mp_div() would have returned 1 instead of MP_MEM (-2). It looks like all
callers are checking the return value against MP_OKAY instead of <1
(etc.), so this does not seem to result in difference in behavior.
Anyway, it's best to fix the mp_div() return value for the MP_MEM error
case to avoid unexpected behavior.
Signed-off-by: Maks Naumov <maksqwe1@ukr.net>
Jouni Malinen [Sun, 3 May 2015 13:24:01 +0000 (16:24 +0300)]
Check Public Action length explicitly before reading Action Code
In theory, the previous version could have resulted in reading one byte
beyond the end of the management frame RX buffer if the local driver
were to deliver a truncated Public Action frame for processing. In
practice, this did not seem to happen with mac80211-based drivers and
even if it were, the extra octet would be an uninitialized value in a
buffer rather than read beyond the end of the buffer.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 3 May 2015 08:18:31 +0000 (11:18 +0300)]
EAP-SIM/AKA: Explicitly check for header to include Reserved field
This was previously checked as part of the eap_sim_parse_attr()
processing, but it is easier to review the code if there is an
additional explicit check for confirming that the Reserved field is
present since the pos variable is advanced beyond it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 3 May 2015 08:17:06 +0000 (11:17 +0300)]
tests: Fix EAP-SIM/AKA protocol tests to use full header
Couple of the EAP-SIM/AKA protocol test cases were leaving out the
Reserved field. This was not intentional since these test cases were
targeting a specific Subtype processing instead of verifying truncated
header case (which is covered separately). Add the Reserved field to
allow the implementation to add an explicit, earlier check for this.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 3 May 2015 07:55:00 +0000 (10:55 +0300)]
EAP-SAKE: Make attribute parser more readable
Clean up eap_sake_parse_add_attr() design by passing in pointer to the
payload of the attribute instead of parsing these separately for each
attribute within the function.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 3 May 2015 07:46:17 +0000 (10:46 +0300)]
EAP-SAKE: Pass EAP identifier instead of full request
This simplifies analysis of areas that get access to unverified message
payload.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 May 2015 21:52:59 +0000 (00:52 +0300)]
TLS: Fix debug dump of X.509 certificate
The length of the extra data following the encoded certificate was
printed out in debug hexdump.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 May 2015 15:18:51 +0000 (18:18 +0300)]
EAP-PAX: Fix PAX_STD-1 and PAX_STD-3 payload length validation
The req_plen argument to eap_pax_process_std_1() and
eap_pax_process_std_3() could be smaller than sizeof(struct eap_pax_hdr)
since the main processing function was only verifying that there is
enough room for the ICV and then removed ICV length from the remaining
payload length.
In theory, this could have resulted in the size_t left parameter being
set to a negative value that would be interpreted as a huge positive
integer. That could then result in a small buffer read overflow and
process termination if MSGDUMP debug verbosity was in use.
In practice, it does not seem to be feasible to construct a short
message that would be able to pass the ICV validation (calculated using
HMAC-SHA1-128) even for the case where an empty password is used.
Anyway, the implementation should really check the length explicitly
instead of depending on implicit check through ICV validation.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 May 2015 13:50:15 +0000 (16:50 +0300)]
EAP-GPSK: Pass EAP identifier instead of full request
This simplifies analysis of areas that get access to unverified message
payload.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 May 2015 13:42:19 +0000 (16:42 +0300)]
EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf
The EAP-TLS-based helper functions can easily use struct wpabuf in more
places, so continue cleanup in that direction by replacing separate
pointer and length arguments with a single struct wpabuf argument.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 May 2015 13:19:47 +0000 (16:19 +0300)]
EAP-FAST: Do not use type cast to remove const specification
All the uses here are read only, so there is no need to type case the
const specification away.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 May 2015 13:15:57 +0000 (16:15 +0300)]
EAP-FAST: Pass EAP identifier instead of full request
This simplifies analysis of areas that get access to unverified message
payload.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 May 2015 13:03:12 +0000 (16:03 +0300)]
EAP-EKE: Do not pass full request to eap_eke_build_fail()
This function is only using the Identifier field from the EAP request
header, so there is no need to pass it a pointer to the full message.
This makes it a bit easier to analyze the area that gets access to
unverified message payload.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 May 2015 12:55:33 +0000 (15:55 +0300)]
Fix a typo in function documentation
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 29 Apr 2015 17:48:07 +0000 (20:48 +0300)]
D-Bus Fix network_is_persistent_group() for P2P operations
Commit
c2762e410fa319f75a174aeb12343beddf99fce4 ('P2P: Update D-Bus
network object semantics during group formation') added this helper
function to determine whether a network block is used for storing a
persistent group information. However, it implemented this in a way that
matches both persistent group storage and an operating persist group
instance. This does not seem to match the expected behavior for the
D-Bus objects, so fix this to match only the persistent group storage
case to avoid registering/unregistered incorrect D-Bus objects for
groups.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 29 Apr 2015 17:47:14 +0000 (20:47 +0300)]
Fix wpas_notify_network_removed()
Commit
bb3df9a569e4a33445c89ebc50019ba46b4f6704 ('notify: Do not raise
any signal from a P2P management interface') was supposed to only change
D-Bus behavior, but it ended up disabling non-D-Bus functionality as
well for some sequences where the P2P Device interface is used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 29 Apr 2015 17:44:23 +0000 (20:44 +0300)]
tests: Extend D-Bus test cases to cover separate P2P Device operations
Number of the P2P test cases through D-Bus commands were not prepared
for there being a separate group interface when the P2P Device concept
is used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 29 Apr 2015 17:43:23 +0000 (20:43 +0300)]
dbus: Add a debug print on fill_dict_with_properties() getter failures
This makes it easier to debug issues with D-Bus property getter
operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 29 Apr 2015 10:13:34 +0000 (13:13 +0300)]
D-Bus: Fix operations when P2P management interface is used
Commit
21efc940f6e7f07b84b7e5c5867f3d81594c4fb0 ('wpa_supplicant: Do not
register a P2P management interface on DBus') hides the special P2P
management interface from D-Bus. However, it did not take into account
the possibility of wpa_s->dbus_path and wpa_s->dbus_new_path being NULL
in such cases on number of code paths within the D-Bus handlers. This
could result in invalid arguments (NULL path) being provided to D-Bus
functions (mainly, dbus_message_iter_append_basic) and NULL pointer
dereference when iterating over all interfaces. Either of these could
make wpa_supplicant process terminate.
Fix this by explicitly checking that the interface-specific D-Bus path
has been registered before using it anywhere with D-Bus handlers. In
addition, find the correct wpa_s instance to fix P2P operations through
D-Bus when the P2P Device interface is used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 28 Apr 2015 23:38:40 +0000 (02:38 +0300)]
RADIUS: Fix a copy-paste error in variable name
MS-MPPE-Recv-Key generation in radius_msg_add_mppe_keys() used incorrect
function argument (send_key_len; should be recv_key_len) when allocating
a temporary buffer. Fix this by using the correct argument.
The only caller of the function uses the same length for both
send_key_len and recv_key_len, so this copy-paste error did not result
in any difference in the behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Hamad Kadmany [Mon, 27 Apr 2015 17:42:08 +0000 (20:42 +0300)]
WPS: Add support for 60 GHz band
Handling of WPS RF band for 60 GHz was missing. Add it in all relevant
places and also map "AES" as the cipher to GCMP instead of CCMP when
operating on the 60 GHz band.
Signed-off-by: Hamad Kadmany <qca_hkadmany@qca.qualcomm.com>
Jouni Malinen [Mon, 27 Apr 2015 21:12:36 +0000 (00:12 +0300)]
WPS: Fix shorter authentication timeout during no-SelReg iteration
Commit
5add4101626b23c11f073630770896465d9cc8f3 ('WPS: Use shorter
authentication timeout during no-SelReg iteration') added a new
condition on reducing the authentication timeout for the WPS AP
iteration process. However, due it ended up copy-pasting an incorrect
condition for this. This was supposed to apply for PIN-based config
method advertisement, not PBC.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 27 Apr 2015 13:49:06 +0000 (16:49 +0300)]
nl80211: Verify that cipher suite conversion succeeds
It was possible for the WPA_ALG_PMK algorithm in set_key() to result in
trying to configure a key with cipher suite 0. While this results in a
failure from cfg80211 or driver, this is not really desirable operation,
so add a check for cipher suite conversion result before issuing the
nl80211 command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 27 Apr 2015 13:47:07 +0000 (16:47 +0300)]
Try to set PMK only with key mgmt offload support in the driver
Previously, it was possible for the set_key() handler to be used with
WPA_ALG_PMK even if the driver did not indicate support for key
management offload. While this is not really supposed to result in any
difference, it makes the debug logs somewhat confusing. Avoid that by
using driver capability flag for key management offload as an additional
condition for setting the PMK.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 27 Apr 2015 09:33:43 +0000 (12:33 +0300)]
tests: ProxyARP with na_mcast_to_ucast=1
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 27 Apr 2015 09:30:09 +0000 (12:30 +0300)]
Make IPv6 NA multicast-to-unicast conversion configurable
This can be used with Proxy ARP to allow multicast NAs to be forwarded
to associated STAs using link layer unicast delivery. This used to be
hardcoded to be enabled, but it is now disabled by default and can be
enabled with na_mcast_to_ucast=1. This functionality may not be desired
in all networks and most cases work without it, so the new
default-to-disabled is more appropriate.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 26 Apr 2015 14:00:26 +0000 (17:00 +0300)]
Interworking: Fix network selection warning without SIM/USIM support
interworking_credentials_available_3gpp() would have left excluded2
uninitialized without INTERWORKING_3GPP in the build. This could result
in a static analyzer warning within
interworking_credentials_available_helper() about use of uninitialized
variable. Get rid of that warning by explicitly initializing excluded2
even though this does not really result in any difference in behavior
since the excluded2 value would be used only if the non-NULL is returned
and that could not have been the case here without INTERWORKING_3GPP.
Signed-off-by: Jouni Malinen <j@w1.fi>
Michael Braun [Sun, 26 Apr 2015 12:22:56 +0000 (14:22 +0200)]
tests: Change vlan_id back and forth
Enhance test ap_vlan_wpa2_radius_id_change to change the VLAN-ID
back as a last step. This ensures that the wpa_group for VLAN-ID 1
did not enter FATAL_FAILURE state during the test.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Sun, 26 Apr 2015 12:22:55 +0000 (14:22 +0200)]
Remove WPA per-VLAN groups when no more stations remain
Previously, struct wpa_group was created when the first station enters
the group and the struct wpa_group was not freed when all station left
the group. This causes a problem because wpa_group will enter
FATAL_FAILURE when a wpa_group is running while the AP_VLAN interface
has already been removed.
Fix this by adding a reference counter to struct wpa_group and free a
group if it is unused.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Jouni Malinen [Sun, 26 Apr 2015 12:59:19 +0000 (15:59 +0300)]
tests: Check vlan_id information in STA output
In addition, this adds some delay between the authentication and data
connectivity test through the newly added VLAN and by doing so, makes
ap_vlan_wpa2_radius_id_change a bit more robust. It was possible for the
EAPOL-Key message 4/4 not having yet been processed by hostapd at the
time the data test started.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 26 Apr 2015 12:58:10 +0000 (15:58 +0300)]
Make VLAN ID available in STA info over control interface
If hostapd has bound a STA into a specific VLAN, the new vlan_id
parameter in the control interface STA command can now be used to check
which VLAN ID is in use.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 26 Apr 2015 10:59:06 +0000 (13:59 +0300)]
P2P: Allow wpa_supplicant to start if social channels are not supported
It was possible for an nl80211-based driver to be determined to support
P2P even when the radio supports only the 5 GHz band. This resulted in
P2P initialization failing due to not being able to pick a social
channel and wpa_supplicant not starting. Fix this by not enabling P2P,
but still allowing wpa_supplicant initialization to complete.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 26 Apr 2015 10:16:16 +0000 (13:16 +0300)]
vlan: Move CONFIG_FULL_DYNAMIC_VLAN includes to proper places
All the system header files are supposed to be included before any other
internal header file apart from utils/includes.h.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 26 Apr 2015 10:09:47 +0000 (13:09 +0300)]
Do not use C++ reserved words as variable names
Signed-off-by: Jouni Malinen <j@w1.fi>
Arkadiusz (Arkq) Bokowy [Mon, 20 Apr 2015 21:36:43 +0000 (23:36 +0200)]
wpa_gui: Themed icon loader
Signal strength meter uses non-standard icons (not included in the
freedesktop icon specification), which might not be available in all
icon sets on the market. What's more, according to the latest Ubuntu
practices, in the status-like places one should use symbolic icons.
Unfortunately not all icon sets provide them.
In order to overcome this inconsistency, we are going to try to load
more than one icon from the current theme in the fallback-like
fashion.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
Jouni Malinen [Sat, 25 Apr 2015 14:37:53 +0000 (17:37 +0300)]
Fix wpa_priv (CONFIG_PRIVSEP=y) build
Signed-off-by: Jouni Malinen <j@w1.fi>