Yu Ouyang [Mon, 3 Dec 2018 06:18:53 +0000 (14:18 +0800)]
WPS NFC: Fix potential NULL pointer dereference on an error path
The NFC connection handover specific case of WPS public key generation
did not verify whether the two wpabuf_dup() calls succeed. Those may
return NULL due to an allocation failure and that would result in a NULL
pointer dereference in dh5_init_fixed().
Fix this by checking memory allocation results explicitly. If either of
the allocations fail, do not try to initialize wps->dh_ctx and instead,
report the failure through the existing error case handler below.
Jouni Malinen [Mon, 3 Dec 2018 22:11:37 +0000 (00:11 +0200)]
HS 2.0 server: Clear remediation requirement for certificate credentials
Previous implementation updated user database only for username/password
credentials. While client certificates do not need the updated password
to be written, they do need the remediation requirement to be cleared,
so fix that.
Jouni Malinen [Mon, 3 Dec 2018 21:29:56 +0000 (23:29 +0200)]
EAP-TLS server: Update user information based on serial number
This allows EAP user database entries for "cert-<serial number>" to be
used for client certificate based parameters when using EAP-TLS. This
commit addresses only the full authentication case and TLS session
resumption is not yet covered.
Jouni Malinen [Sun, 2 Dec 2018 19:25:08 +0000 (21:25 +0200)]
Uncomment CONFIG_LIBNL32=y in defconfig
libnl 3.2 release is much more likely to be used nowadays than the
versions using the older API, so uncomment this in wpa_supplicant and
hostapd defconfig.
Ashok Kumar [Thu, 1 Nov 2018 11:03:21 +0000 (16:33 +0530)]
OWE: Try another group only on association rejection with status 77
Do not change the OWE group if association is rejected for any other
reason than WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED to avoid
unnecessary latency in cases where the APs reject association, e.g., for
load balancing reasons.
Jouni Malinen [Sun, 2 Dec 2018 18:21:21 +0000 (20:21 +0200)]
OWE: Fix association rejection behavior
If association failed for any non-OWE specific reason, the previous
implementation tried to add the OWE related IEs into the (Re)Association
Response frame. This is not needed and could actually result in
dereferencing a NULL pointer. Fix this by adding those OWE related IEs
only for successful association and only if the RSN state machine has
been initialized.
Jouni Malinen [Sun, 2 Dec 2018 17:50:59 +0000 (19:50 +0200)]
nl80211: Debug print TX queue parameter values and result
Some mac80211_hwsim test cases have failed with mysterious sequence
where mac80211 has claimed the parameters are invalid ("wlan3: invalid
CW_min/CW_max: 9484/40"). Those values look strange since they are not
from hostapd configuration or default values.. hostapd is seeing TX
queue parameter set failing for queues 0, 1, and 3 (but not 2) for these
cases. Add debug prints to hostapd to get more details on what exactly
is happening if such error cases can be reproduced.
Jouni Malinen [Sun, 2 Dec 2018 10:30:11 +0000 (12:30 +0200)]
DPP: Do not reply to PKEX request with identifier if no local identifier
The reverse case (local identifier configured but no identifier
received) was already covered, but PKEX is not going to complete
successfully if there is any difference in identifier configuration, so
ignore this other case as well. This avoids unnecessary responses to
PKEX requests with identifier from a device that is ready for PKEX in
general, but not for that particular request.
Jouni Malinen [Sat, 1 Dec 2018 18:10:54 +0000 (20:10 +0200)]
FT: Fix Reassociation Request IEs during FT protocol
The previous implementation ended up replacing all pending IEs prepared
for Association Request frame with the FT specific IEs (RSNE, MDE, FTE)
when going through FT protocol reassociation with the wpa_supplicant
SME. This resulted in dropping all other IEs that might have been
prepared for the association (e.g., Extended Capabilities, RM Enabled
Capabilities, Supported Operating Classes, vendor specific additions).
Fix this by replacing only the known FT specific IEs with the
appropriate values for FT protocol while maintaining other already
prepared elements.
Jouni Malinen [Sat, 1 Dec 2018 11:19:47 +0000 (13:19 +0200)]
Use more consistent Action frame RX handling in both AP mode paths
Both handle_action() and hostapd_action_rx() are used for processing
received Action frames depending on what type of driver architecture is
used (MLME in hostapd vs. driver) and which build options were used to
build hostapd. These functions had a bit different sequence for checking
the frame and printing debug prints. Make those more consistent by
checking that the frame includes the category-specific action field and
some payload. Add a debug print for both functions to make it easier to
see which path various Action frames use.
Instead of going through the configuration exchange, reject invalid
legacy configurator parameters explicitly. Previously, configuring
legacy (psk/sae) parameters without psk/pass resulted in a config object
that used a zero length passphrase. With this change, that config object
is not sent and instead, either the initialization attempts is rejected
or the incoming initialization attempt is ignored.
Jouni Malinen [Tue, 27 Nov 2018 18:49:53 +0000 (20:49 +0200)]
OWE: Fix a compiler warning in non-testing build
The new conf variable was used only within the CONFIG_TESTING_OPTIONS
block and as such, added a warning about unused variable into
non-testing builds. Fix that by using that variable outside the
conditional block as well.
Fixes: a22e235fd0df ("OWE: Add testing RSNE for OWE assoc response with driver SME/MLME") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Sunil Dutt [Wed, 21 Nov 2018 13:49:53 +0000 (19:19 +0530)]
Define QCA_NL80211_VENDOR_SUBCMD_LINK_PROPERTIES also as an event
This commit enhances QCA_NL80211_VENDOR_SUBCMD_LINK_PROPERTIES to
also be an event, aimed to notify the link status (EX: connected
stations status on an AP link).
Cedric Izoard [Mon, 26 Nov 2018 07:44:02 +0000 (07:44 +0000)]
nl80211: Use netlink connect socket for disconnect (ext auth)
When external authentication is used, a specific netlink socket is used
to send the connect command. If the same socket is not used for
disconnect command, cfg80211 will discard the command. This constraint
was added into the kernel in commit bad292973363 ("nl80211: Reject
disconnect commands except from conn_owner"). That requires an update
for the hostap.git commit 40a68f33844f ("nl80211: Create a netlink
socket handle for the Connect interface").
Add a new flag into struct i802_bss to indicate if the special
nl_connect socket was used for the connect command. When sending
disconnect command this flag is tested to select the correct socket.
Cedric Izoard [Mon, 26 Nov 2018 11:47:37 +0000 (11:47 +0000)]
external-auth: Check key_mgmt when selecting SSID
When selecting SSID to start external authentication procedure also
check the key_mgmt field as several network configuration may be defined
for the same SSID/BSSID pair. The external authentication mechanism is
only available for SAE.
Avraham Stern [Wed, 22 Aug 2018 16:49:07 +0000 (19:49 +0300)]
tests: Call remove_group() after other cleanup is done
The call to remove_group() may fail, in which case all following
cleanup is skipped. This may result in failing many tests since
cleanup did not complete successfully.
Fix this by calling remove_group() after other cleanup is done so
even it fails it will not affect the following tests.
Jouni Malinen [Sun, 25 Nov 2018 22:51:38 +0000 (00:51 +0200)]
Fix hostapd config file reloading with BSS addition/removal
BSS additional/removal cases were not considered at all in the previous
implementation of hostapd configuration file reloading on SIGHUP. Such
changes resulted in num_bss values getting out of sync in runtime data
and configuration data and likely dereferencing of freed memory (e.g.,
when removing a BSS).
Fix this by forcing a full disable/enable sequence for the interface if
any BSS entry is added/removed or if an interface name changes between
the old and the new configuration.
Jouni Malinen [Sun, 25 Nov 2018 20:01:35 +0000 (22:01 +0200)]
tests: DPP Connector testing with ECDSA signature in Python
Implement ECDSA signing functionality in the Python test script for
generating a valid signedConnector. This allows coverage of DPP config
object testing to be increased more easily.
Jouni Malinen [Sun, 25 Nov 2018 11:51:26 +0000 (13:51 +0200)]
DPP: Fix error path handling for GAS Comeback Response building
A local memory allocation failuring during GAS Comeback Response frame
generation could result in freeing the response context without removing
it from the list. This would result in dereferencing freed memory when
processing the next comeback request.
Jouni Malinen [Sun, 25 Nov 2018 11:49:44 +0000 (13:49 +0200)]
DPP: Fix memory leaks in GAS server error path handling
If local memory allocation for the GAS response failed, couple of error
paths ended up leaking some memory maintaining the state for the
exchange. Fix that by freeing the context properly.
Jouni Malinen [Sun, 25 Nov 2018 11:33:39 +0000 (13:33 +0200)]
DPP: Fix GAS client error case handling
The GAS client processing of the response callback for DPP did not
properly check for GAS query success. This could result in trying to
check the Advertisement Protocol information in failure cases where that
information is not available and that would have resulted in
dereferencing a NULL pointer. Fix this by checking the GAS query result
before processing with processing of the response.
It is basically all wrong. The Pmf property did exist, with a signature of
"s" as documented in doc/dbus.doxygen. It was synthesized from
global_fields[].
The patch added a duplicate one, with a signature of "u", in violation
of D-Bus specification and to bemusement of tools that are careful
enough:
Jouni Malinen [Sat, 24 Nov 2018 11:36:54 +0000 (13:36 +0200)]
mesh: Add Category and Action field to maximum buffer length
Make the buf_len calculation match more closely with the following
wpa_buf*() operations. The extra room from the existing elements was
apparently sufficiently large to cover this, but better add the two
octet header explicitly.
Bob Copeland [Fri, 23 Nov 2018 15:15:42 +0000 (10:15 -0500)]
mesh: Fix off-by-one in buf length calculation
The maximum size of a Mesh Peering Management element in the case
of an AMPE close frame is actually 24 bytes, not 23 bytes, plus the
two bytes of the IE header (IEEE Std 802.11-2016, 9.4.2.102). Found by
inspection.
The other buffer components seem to use large enough extra room in their
allocations to avoid hitting issues with the full buffer size even
without this fix.
tests: Store the correct PID in hostapd-test.pid file
The hwsim's start.sh script spawns hostapd process using "sudo".
Since sudo forks a child process, $! holds the pid of sudo itself.
Fix that by storing the PID of the child process instead.
Since in VM "sudo" is replaced with a dummy script, pass an additional
argument to run-all.sh and start.sh scripts to indicate that they are
running inside a VM.
This is needed to fix ap_config_reload and ap_config_reload_file test
cases on some platforms where sudo is apparently not relaying the
signals properly.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ayala Beker [Tue, 23 Oct 2018 11:23:52 +0000 (14:23 +0300)]
tests: Fix ap_acl_deny test
In ap_acl_deny test, the AP doesn't send probe responses during scan due
to ACL reject. As the result, dev[0] might miss the AP's Beacon frame
because the dwell time is too short. Make the test more robust and
trigger passive scan, and by that increase the probability of hearing
the AP.
Johannes Berg [Fri, 26 Oct 2018 13:50:48 +0000 (15:50 +0200)]
nl80211: Use correct u8 size for NL80211_ATTR_SMPS_MODE
Back in December 2017, Jouni fixed the output side since that was
causing a kernel message to be printed, but the input side should
also be fixed, otherwise it will not work correctly on big-endian
platforms.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Fix dpp_configurator_get_key command name in hostapd_cli
The option to get DPP configurator key in hostapd_cli was named
incorrectly. It was wrongly pointing to dpp_configurator_remove. Fix
this by using the correct name.
Jouni Malinen [Fri, 9 Nov 2018 16:07:16 +0000 (18:07 +0200)]
HS 2.0: Generate AssocReq OSEN IE based on AP advertisement
Parse the OSEN IE from the AP to determine values used in the AssocReq
instead of using hardcoded cipher suites. This is needed to be able to
set the group cipher based on AP advertisement now that two possible
options exists for this (GTK_NOT_USED in separate OSEN BSS; CCMP or
GTK_NOT_USED in shared BSS case). Furthermore, this is a step towards
allowing other ciphers than CCMP to be used with OSEN.
Sachin Ahuja [Mon, 29 Oct 2018 11:31:12 +0000 (17:01 +0530)]
Define new QCA vendor command for coex priority config
Add QCA_NL80211_VENDOR_SUBCMD_COEX_CONFIG vendor command
to set the priorities among different types of traffic of
WLAN/BT/Zigbee during coex scenarios.
vamsi krishna [Wed, 31 Oct 2018 21:50:21 +0000 (03:20 +0530)]
Add QCA vendor event to indicate throughput changes
Add interface for drivers to report changes in TX/RX throughput
dynamically to user space. This information can be used by userspace
tools to tune kernel's TCP parameters in order to achieve peak
throughput. The driver may optionally provide guidance on which TCP
parameters to be configured for optimal performance along with the
values to be configured.
The TCP parameters that need to be tuned for peak performance are not
interface specific. Based on the guidance from the driver and
considering the other interfaces that may be affected with the new
configurations, a userspace tool has to choose the values to be
configured for these parameters to achieve optimal performance across
interfaces.
The throughput levels informed by the driver with this event are only
for providing guidance on TCP parameter tuning from userspace. The
driver may change the thresholds used to decide low or medium or high
throughput levels based on several parameters based on the PHY layer
capacity in the current connection, the number of packets being
dispatched per second, or the number of packets pending in queues, etc.
The throughput levels may not be consistent with the actual throughput
of the link.
projects / thirdparty / hostap.git / log
