Jouni Malinen [Mon, 8 Dec 2014 09:22:52 +0000 (11:22 +0200)]
Check os_snprintf() result more consistently - automatic 3
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size - 1'. These changes were done automatically with spatch
using the following semantic patch:
Jouni Malinen [Mon, 8 Dec 2014 09:18:39 +0000 (11:18 +0200)]
Check os_snprintf() result more consistently - automatic 2
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size'. These changes were done automatically with spatch using
the following semantic patch:
Jouni Malinen [Mon, 8 Dec 2014 09:15:51 +0000 (11:15 +0200)]
Check os_snprintf() result more consistently - automatic 1
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the exact rule used in os_snprintf_error() was
used. These changes were done automatically with spatch using the
following semantic patch:
Jouni Malinen [Sun, 7 Dec 2014 10:15:34 +0000 (12:15 +0200)]
Check os_snprintf() result more consistently - success case
This converts os_snprintf() result validation cases to use
os_snprintf_error() in cases where success condition was used to execute
a step. These changes were done automatically with spatch using the
following semantic patch:
Jouni Malinen [Sun, 7 Dec 2014 10:11:13 +0000 (12:11 +0200)]
Check os_snprintf() result more consistently - maximum length
This adds verification of os_snprintf() result against the maximum
buffer length. These changes were done automatically with spatch
using the following semantic patch:
Jouni Malinen [Sun, 7 Dec 2014 23:37:39 +0000 (01:37 +0200)]
tests: Optimize WPS tests by avoiding full scan
A single channel scan just before WPS_REG, WPS_PBC, and WPS_PIN commands
can be used to avoid having to run a full scan. This saves significant
amount of time in the WPS test cases.
Jouni Malinen [Sun, 7 Dec 2014 23:25:26 +0000 (01:25 +0200)]
WPS: Start EAPOL immediately even without WPA on WPS association
Previously, the immediate EAPOL authenticator startup was scheduled
without having received EAPOL-Start only for the case where WPA/WPA2 was
enabled. This can be extended to speed up non-WPA/WPA2 cases as well if
the STA includes WPS IE in Association Request frame.
Jouni Malinen [Sun, 7 Dec 2014 21:27:45 +0000 (23:27 +0200)]
tests: Additional coverage for SCAN_RESULTS and BSS entry flags
This increases wpa_supplicant_ie_txt(), print_bss_info(), and
wpa_supplicant_ctrl_iface_scan_result() testing coverage to include the
previously missing key management options.
Jouni Malinen [Sun, 7 Dec 2014 20:02:57 +0000 (22:02 +0200)]
base64: Try to avoid static analyzer warning (part 2)
Shift right on unsigned char limits the value to 0..63 which is within
bounds for base64_table[]. Anyway, some static analyzers do not seem to
understand that. See if an otherwise unnecessary masking gets rid of
false warnings. (CID 62858)
Jouni Malinen [Sun, 7 Dec 2014 13:31:38 +0000 (15:31 +0200)]
tests: Remove test names from VM command with parallel-vm.py
There is no need to pass the test case names to the VMs when using
parallel-vm.py. Removing those from the command line helps in avoiding
kernel panic if maximum number of kernel parameters limit is hit.
Jouni Malinen [Sat, 6 Dec 2014 17:03:52 +0000 (19:03 +0200)]
base64: Try to avoid static analyzer warning
Shift right on unsigned char limits the value to 0..63 which is within
bounds for base64_table[]. Anyway, some static analyzers do not seem to
understand that. See if an otherwise unnecessary masking gets rid of
false warnings. (CID 62858)
Jouni Malinen [Sat, 6 Dec 2014 16:51:23 +0000 (18:51 +0200)]
Interworking: Make bounds checking easier for static analyzers
'num * 5 > end - pos' handles bounds checking a bit more efficiently,
but apparently that is not clear enough for all static analyzers.
Replace with 'num > left / 5' to avoid false reports. (CID 68117)
Jouni Malinen [Sat, 6 Dec 2014 16:34:23 +0000 (18:34 +0200)]
TLS: Reorder length bounds checking to avoid static analyzer warning
For some reason, "pos + len > end" is not clear enough, but "len > end -
pos" is recognized. Use that to get rid of a false positive from a
static analyzer (CID 72697).
Jouni Malinen [Sat, 6 Dec 2014 16:28:00 +0000 (18:28 +0200)]
EAP-SIM DB: Make recv() null termination easier for static analyzers
For some reason, the previous version was not understood to be null
terminating the buffer from recv(). It was doing this fine, though. Try
to use a bit more simpler design in hopes of getting static analyzers to
understand this. (CID 72702)
Jouni Malinen [Sat, 6 Dec 2014 16:13:29 +0000 (18:13 +0200)]
Replace send_ft_action() driver_op with send_action()
This reduced number of unnecessarily duplicated driver interface
callback functions for sending Action frames by using the more generic
send_action() instead of FT specific send_ft_action().
Jouni Malinen [Sat, 6 Dec 2014 14:47:12 +0000 (16:47 +0200)]
nl80211: Clean up nl80211_scan_common() to use nl80211_cmd_msg()
This helper function had not used the nl80211_set_iface_id() helper, but
there is no reason why it couldn't re-use the same helper as other
places using nl80211_cmd_msg().
Jouni Malinen [Sat, 6 Dec 2014 11:04:29 +0000 (13:04 +0200)]
nl80211: Use the new nl80211_cmd_msg() helper
This removes duplicated code for building nl80211 commands for a BSS.
This commit handles the functions that were already using
nl80211_set_iface_id().
Jouni Malinen [Fri, 5 Dec 2014 18:33:08 +0000 (20:33 +0200)]
nl80211: Continue getting rid of NLA_PUT* macro use
This gets rid of more NLA_PUT* macro uses in nl80211 to reduce the
number of functions that depend on the hidden behavior of jumping to the
nla_put_failure label.
Jouni Malinen [Fri, 5 Dec 2014 17:24:38 +0000 (19:24 +0200)]
nl80211: Get rid of NLA_PUT* macro use in capability checking
This gets rid of NLA_PUT* macro use in checking nl80211 capabilities to
reduce the number of functions that depend on the hidden behavior of
jumping to the nla_put_failure label.
Jouni Malinen [Fri, 5 Dec 2014 21:05:11 +0000 (23:05 +0200)]
Make GTK length validation easier to analyze
Bounds checking for gd->gtk_len in wpa_supplicant_check_group_cipher()
was apparently too complex for some static analyzers. Use a local
variable and a more explicit validation step to avoid false report.
(CID 62864)
Jouni Malinen [Fri, 5 Dec 2014 20:59:20 +0000 (22:59 +0200)]
FT: Make aes_wrap() call easier to analyze
Using aes_wrap() to initialize a data structure seemed to be too much
for some static analyzers to understand. Make it obvious that the target
is not just the single struct member. (CID 68111)
Jouni Malinen [Fri, 5 Dec 2014 20:52:06 +0000 (22:52 +0200)]
FT: Make aes_unwrap() calls easier to analyze
Using aes_unwrap() to initialize a data structure seemed to be too much
for some static analyzers to understand. Make it obvious that the target
is initialized and that the target is not just the single struct member.
In addition, clean up the design to avoid removal of const with a
typecast. (CID 68112, CID 68134, CID 68135, CID 68136)
Jouni Malinen [Fri, 5 Dec 2014 20:34:27 +0000 (22:34 +0200)]
P2P: Split p2p_channels_union() into two functions
The separate p2p_channels_union_inplace() makes the function easier for
static analyzers to see that the result buffer is always initialized.
(CID 74494)
Jouni Malinen [Fri, 5 Dec 2014 15:12:30 +0000 (17:12 +0200)]
tests: Optimize FT test cases
Use single channel scan instead of full scan to save time. In addition,
use EAP-GPSK which takes significantly less CPU that EAP-EKE with
default parameters.
Jouni Malinen [Fri, 5 Dec 2014 13:22:33 +0000 (15:22 +0200)]
WFD: Allow WFD_SUBELEM_SET/GET all to be used with full IE buffer
This extends the previously used WFD_SUBELEM_SET/GET <subelem id> design
to allow special "all" value to be used as an id to indicate that all
WFD subelements are to be set/get. This uses similar interface as was
previously added over D-Bus.
Jouni Malinen [Fri, 5 Dec 2014 11:08:29 +0000 (13:08 +0200)]
WMM-AC: Use DEBUG verbosity for ignoring Action frame messages
There is no point in flooding the log with WARNING or ERROR level
messages if WMM-AC related Action frames are ignored in cases where they
were not expected. In addition, WARNING/ERROR should not really be used
in cases an invalid frame is dropped especially if this is not related
to a security setup since external devices could otherwise generate log
entries.
Jouni Malinen [Thu, 4 Dec 2014 23:08:40 +0000 (01:08 +0200)]
hostapd: Fix HT40 determination for ACS offload
Commit 16689c7cfc99c66aecbf16eb2f4a8bc941cb5d0f ('hostapd: Allow ACS to
be offloaded to the driver') used incorrect operator to determine
whether HT40 was configured. Fix that to mask the ht_capab bit
correctly. (CID 77286)
Jouni Malinen [Thu, 4 Dec 2014 22:56:05 +0000 (00:56 +0200)]
HS 2.0: Clarify OSU Provider list length validation
The previous version was somewhat too complex for some static analyzers.
Use local variables for the extracted length fields and explicitly
compare these against the remaining buffer length. (CID 68121)
Jouni Malinen [Thu, 4 Dec 2014 22:33:31 +0000 (00:33 +0200)]
ERP: Avoid a static analyzer warning on uninitialized emsk_len
This was not really a real issue since bin_clear_free() would not use
the emsk_len argument when emsk is NULL as it would be on the path where
emsk_len has not been initilized. Anyway, it is better to get rid of the
warning.
Jouni Malinen [Sat, 29 Nov 2014 21:14:40 +0000 (23:14 +0200)]
ERP: Add support for ERP on EAP peer
Derive rRK and rIK on EAP peer if ERP is enabled. The new wpa_supplicant
network configuration parameter erp=1 can now be used to configure the
EAP peer to derive EMSK, rRK, and rIK at the successful completion of an
EAP authentication method. This functionality is not included in the
default build and can be enabled with CONFIG_ERP=y.
If EAP authenticator indicates support for re-authentication protocol,
initiate this with EAP-Initiate/Re-auth and complete protocol when
receiving EAP-Finish/Re-auth.
Jouni Malinen [Sat, 29 Nov 2014 19:28:24 +0000 (21:28 +0200)]
ERP: Add support for ERP on EAP server and authenticator
Derive rRK and rIK on EAP server if ERP is enabled and use these keys to
allow EAP re-authentication to be used and to derive rMSK.
The new hostapd configuration parameter eap_server_erp=1 can now be used
to configure the integrated EAP server to derive EMSK, rRK, and rIK at
the successful completion of an EAP authentication method. This
functionality is not included in the default build and can be enabled
with CONFIG_ERP=y.
hostapd can now be configured to transmit EAP-Initiate/Re-auth-Start
before EAP-Request/Identity to try to initiate ERP. This is disabled by
default and can be enabled with erp_send_reauth_start=1 and optional
erp_reauth_start_domain=<domain>.
Jithu Jance [Wed, 3 Dec 2014 13:24:40 +0000 (18:54 +0530)]
nl80211: Ignore Connect failure for the previous association
Suppose there are two APs (AP1 & AP2) and user attempted to connect to
AP2 before the previous connection with AP1 could succeed. Now, if the
connection event comes for the older AP with failed status, we should
just ignore it as the wpa_supplicant state has moved to "ASSOCIATING"
with the new AP (AP2).
This is a similar to the case where a disconnection event is ignored for
a case where local disconnect request can cause the extra event to show
up during the next association process following that command.
Vinit Deshpande [Tue, 2 Dec 2014 18:59:29 +0000 (10:59 -0800)]
List all networks despite message limit of 4096 bytes
This change creates 'LIST_NETWORK LAST_ID=x' form to allow
retrieval of all networks saved in the system. Without this form,
only first few (whatever fills in first 4096 bytes) can be
retrieved.
Jouni Malinen [Tue, 2 Dec 2014 17:42:23 +0000 (19:42 +0200)]
Allow a BSS entry with all-zeros BSSID to expire
wpa_bss_in_use() used to determine that a BSS with BSSID of
00:00:00:00:00:00 is in use in almost every case since either
wpa_s->bssid or wpa_s->pending_bssid was likely to be cleared. This
could result in a corner case of a BSS entry remaining in the BSS table
indefinitely if one was added there with a (likely bogus) address of
00:00:00:00:00:00. Fix this by ignore wpa_s->bssid and
wpa_s->pending_bssid if the BSSID in the BSS table entry is
00:00:00:00:00:00.
In theory, that address is a valid BSSID, but it is unlikely to be used
in any production AP, so the potential expiration of a BSS entry with
that address during a connection attempt would not be a concern
(especially when a new scan would be enough to recover from that).
Jouni Malinen [Mon, 1 Dec 2014 15:50:58 +0000 (17:50 +0200)]
tests: Make scan_for_auth more robust
It was apparently possible for this test case not to do what it was
supposed to do, i.e., get nl80211 Authenticate command failing due to
cfg80211 BS entry missing. With the external radio work blocking fixed,
this can be cleaned up by explicitly waiting for the scan event. In
addition, a less used channel can be selected to avoid finding other BSS
entries.
Jouni Malinen [Mon, 1 Dec 2014 15:49:19 +0000 (17:49 +0200)]
Do not start new radio work on scan completion during ext work
Externally triggered scan could result in a new radio work item getting
started even when external radio work was in progress. Delay such start
until the external work is completed.
Jouni Malinen [Sat, 29 Nov 2014 22:22:10 +0000 (00:22 +0200)]
EAP peer: Clean up TLS Session-Id derivation function
The comment about library not supporting Session-Id derivation was not
accurate and there is no need to check for master key that is not used
as part of derivation.
Jouni Malinen [Sun, 30 Nov 2014 13:48:37 +0000 (15:48 +0200)]
WPS: Fix current_ssid clearing on duplicate network removal
It was possible for the current network profile to be deleted when
merging duplicated WPS credentials. However, this did not clear
wpa_s->current_ssid and it was possible for something else to end up
dereferencing that pointer to now freed memory. This could be hit, e.g.,
with ap_wps_mixed_cred. Fix this by clearing current_ssid also in this
code path similarly to other cases of network block getting removed.
Jouni Malinen [Sun, 30 Nov 2014 13:47:07 +0000 (15:47 +0200)]
mesh: Skip fast-association when using connect_without_scan
The mesh group addition was designed to use wpa_s->connect_without_scan
to skip a scan. That path was skipped if wpa_supplicant_fast_associate()
allowed previous scan results to be used. This could result in undesired
double-initialization attempt for the mesh interface. Avoid this by not
using wpa_supplicant_fast_associate() when wpa_s->connect_without_scan
is set.
Jouni Malinen [Sun, 30 Nov 2014 13:46:09 +0000 (15:46 +0200)]
mesh: Check for initialization failures
It is possible that these location ended up getting called before mesh
startup operations had been completed and that could result in
dereferencing NULL pointers. Address those error cases by verifying that
the needed parameters are available before using them.
Jouni Malinen [Sun, 30 Nov 2014 13:44:37 +0000 (15:44 +0200)]
tests: Stop connection at the end of monitor_iface_unknown_sta
Do not leave the station trying to connect at the end of the test case
since that can have an effect to the following test case. Such sequences
should be tested in test cases that are specifically designed for that
rather than randomly between test cases.
projects / thirdparty / hostap.git / log
