Jouni Malinen [Tue, 3 Jun 2014 12:35:01 +0000 (15:35 +0300)]
Fix offchannel TX not to retransmit pending frame on callback
If the offchannel TX frame command was offloaded to the driver in
offchannel_send_action(), we must not send another copy of the frame if
a remain-on-channel event happens to be delivered between this TX
command and the matching TX status event. It was possible for the
duplicated frame to cause problems, e.g., with P2P invitation exchange
if the same Invitation Request frame got sent twice and only the first
one getting accepted by the peer.
Add rsn_pairwise bits to set_ieee8021x() driver_ops
This fixes an issue where a driver using the deprecated set_ieee8021x()
callback did not include rsn_pairwise bits in the driver configuration
even if mixed WPA+WPA2 configuration was used. This could result, e.g.,
in CCMP not being enabled properly when wpa_pairwise=TKIP and
rsn_pairwise=CCMP was used in the configuration. Fix this by using
bitwise OR of the wpa_pairwise and rsn_pairwise values to allow the
driver to enable all pairwise ciphers.
In addition, make the newer set_ap() driver_ops use the same bitwise OR
design instead of picking between rsn_pairwise and wpa_pairwise. This
makes the code paths consistent and can also fix issues with mixed mode
configuration with set_ap().
Jouni Malinen [Mon, 2 Jun 2014 12:50:31 +0000 (15:50 +0300)]
RADIUS/EAP server: Use longer username buffer to avoid truncation
If the peer provides a username with large part of it being non-ASCII
characters, the previously used buffers may not have been long enough to
include the full string in debug logs and database search due to forced
truncation of the string by printf_encode(). Avoid this by increasing
the buffer sizes to fit in the maximum result.
The off-by-one error in printf_encode() bounds checking could have
allowed buffer overflow with 0x00 being written to the memory position
following the last octet of the target buffer. Since this output is used
as \0-terminated string, the following operation would likely read past
the buffer as well. Either of these operations can result in the process
dying either due to buffer overflow protection or by a read from
unallowed address.
This has been seen to cause wpa_supplicant crash on OpenBSD when control
interface client attaches (debug print shows the client socket address).
Similarly, it may be possible to trigger the issue in RADIUS/EAP server
implementation within hostapd with a suitable constructed user name.
Signed-off-by: Stuart Henderson <sthen@openbsd.org>
Fix validation of RSN EAPOL-Key version for GCMP with PMF
If PMF was enabled, the validation step for EAPOL-Key descriptor version
ended up rejecting the message if GCMP had been negotiated as the
pairwise cipher. Fix this by making the GCMP check skipped similarly to
the CCMP case if a SHA256-based AKM is used.
Jouni Malinen [Mon, 2 Jun 2014 13:20:08 +0000 (16:20 +0300)]
tests: Run hostapd-AS under valgrind if requested
Previously, only hostapd-AP and wpa_supplicant processed were run under
valgrind when valgrind testing was enabled. Extend this to include
hostapd as authentication server.
Jouni Malinen [Sun, 1 Jun 2014 19:47:44 +0000 (22:47 +0300)]
tests: Remove CONFIG_DRIVER_TEST=y from example config
This was still present in hostapd example configuration even though the
test driver wrapper is not used anywhere in the hwsim testing and there
are no plans of using it either.
Jouni Malinen [Sun, 1 Jun 2014 09:24:49 +0000 (12:24 +0300)]
FT: Fix GTK rekeying after FT protocol
Move to PTKINITDONE state and mark PTK valid after successful completion
of FT protocol. This allows the AP/Authenticator to start GTK rekeying
when FT protocol is used. Previously, the station using FT protocol did
not get the new GTK which would break delivery of group addressed
frames.
In JellyBean libnl_2 code, I see that the nl_recvmsgs returns postive values
too. In some cases, nl_recvmgs return the output of nl_recv function. nl_recv
function can return Number of bytes read, 0 or a negative error code.
Looks like this positive return value for nl_recvmsgs may be specific to
Android. While this is not how the API is supposed to work, this does no
harm with upstream libnl which returns only 0 or -1 from the function.
Jouni Malinen [Sat, 31 May 2014 21:52:03 +0000 (00:52 +0300)]
tests: Initial mechanism for RADIUS protocol testing
This brings in a minimal pyrad-based RADIUS server to allow various
protocol tests to be run. For now, the server is not adding
Message-Authenticator, so that error case is checked. Additional tests
can be added in the future.
Jouni Malinen [Sat, 31 May 2014 20:10:33 +0000 (23:10 +0300)]
P2P NFC: Fix use of freed memory
The dev_found() callback from NFC connection handover message processing
ended up using the p2p_dev_addr pointer that points to the parsed
message. However, that parsed data was freed just before the call. Fix
this by reordering the calls.
Jouni Malinen [Sat, 31 May 2014 19:58:51 +0000 (22:58 +0300)]
Fix external radio work stopping to not read freed memory
The dynamically allocated struct wpa_external_work contains the name of
the radio work in the type field and this is used in a debug print
within radio_work_done(). Re-order radio_work_done() and os_free() calls
on couple of paths where the memory was freed before that final user of
the buffer.
Jouni Malinen [Sat, 31 May 2014 19:24:31 +0000 (22:24 +0300)]
SAE: Fix memory leak in random number generation
If the randomly generated bignum does not meet the validation steps, the
iteration loop in sae_get_rand() did not free the data properly. Fix the
memory leak by freeing the temporary bignum before starting the next
attempt at generating the value.
Jouni Malinen [Sat, 31 May 2014 14:11:04 +0000 (17:11 +0300)]
hostapd: Make sure hapd->drv_priv gets cleared on driver deinit
Couple of code paths in hostapd.c could have left hapd->drv_priv
pointing to memory that was freed in driver_nl80211.c when a secondary
BSS interface is removed. This could result in use of freed memory and
segfault when the next driver operation (likely during interface
deinit/removal). Fix this by clearing hapd->drv_priv when there is
reason to believe that the old value is not valid within the driver
wrapper anymore.
Michal Kazior [Wed, 28 May 2014 09:57:12 +0000 (11:57 +0200)]
hostapd: Clean up if interface setup fails
If for some reason interface setup fails mid-way when setting up
multi-BSS AP it was possible to get segmentation fault because driver
was not properly cleaned up.
One possible trigger, when using nl80211 driver, was udev renaming an
interface created by hostapd causing, e.g., linux_set_iface_flags() to
fail.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Michal Kazior [Wed, 28 May 2014 09:57:10 +0000 (11:57 +0200)]
hostapd: Prevent double interface disabling from segfaulting
Performing, e.g. `wpa_cli -p /var/run/hostapd raw DISABLE` twice led to
hostapd segmentation fault if multiple BSSes were configured. Fix this
by checking if there is anything to disable at all before trying.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Amit Khatri [Sat, 31 May 2014 10:36:59 +0000 (13:36 +0300)]
tests: Makefile change avoiding compiler error for module test
wpa_supplicant was giving below error when "CONFIG_MODULE_TESTS=y" and
"CONFIG_P2P=y" are in .config file:
"wpas_module_tests.c:84: undefined reference to `wps_module_tests'"
This error is coming because "CONFIG_WPS=y" is commented out in .config
file but CONFIG_WPS is getting enabled by CONFIG_P2P in Makefile.
Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
Jouni Malinen [Sat, 31 May 2014 10:25:12 +0000 (13:25 +0300)]
tests: Verify auto_interworking=1 with partiall matching network
This is a regression test for an issue where scanning sequence could be
terminated if interworking_find_network_match() finds a matching
network, but wpa_s->auto_select is not set. This could stop connection
attempts when auto_interworking=1 is used and the scan results have a
partially matching network and no cred match.
Mikael Kanstrup [Sat, 31 May 2014 10:23:00 +0000 (13:23 +0300)]
Interworking: Re-trigger scan if no connect attempt is done
For one specific case when running with Interworking enabled the
re-initialisation of the scan timer is missing. This makes auto connect
to a configured network fail.
The case is:
- Interworking credentials available, but do not match
- Auto interworking is enabled (auto_interworking=1)
- Interworking auto select is disabled (i.e., this is from
auto_interworking=1, not from INTERWORKING_SELECT auto)
- No configured (enabled and non blacklisted) networks are present
in scan results list with full match
- Interworking finds matching networks (it does not do full security
policy match)
This patch covers the case and re-initialises the scan timer to allow
search for a suitable network to continue.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Jouni Malinen [Fri, 30 May 2014 17:52:08 +0000 (20:52 +0300)]
RADIUS client: Trigger failover more quickly if socket is not valid
It is possible for the connect() call to fail (e.g., due to unreachable
network based on local routing table), so the current auth/acct_sock may
be left to -1. Use that as an addition trigger to allow server failover
operation to be performed more quickly if it is known that the
retransmission attempt will not succeed anyway.
Jouni Malinen [Fri, 30 May 2014 17:46:20 +0000 (20:46 +0300)]
RADIUS client: Do not flush pending messages if server did not change
The re-open socket to the current RADIUS server code path did not work
in the expected way here. The pending authentication messages do not
need to be flushed in that case and neither should the retransmission
parameters be cleared. Fix this by performing these operations only if
the server did actually change as a part of a failover operation.
Jouni Malinen [Fri, 30 May 2014 17:40:11 +0000 (20:40 +0300)]
hostapd: Fix configuration of multiple RADIUS servers with SET
The current RADIUS server pointer was updated after each SET command
which broke parsing of multiple RADIUS servers over the control
interface. Fix this by doing the final RADIUS server pointer updates
only once the full configuration is available.
Jouni Malinen [Fri, 30 May 2014 13:38:40 +0000 (16:38 +0300)]
tests: RADIUS server unreachable with error handling
radius_{auth,acct}_unreachable tested some parts of RADIUS client code
error handling. However, they did not test everything since the send()
calls for unreachable port on localhost did not return an error (that
error was reported on receive side). Extend this with similar test cases
using unreachable IP address to get send() error returns covered as
well.
Jouni Malinen [Fri, 30 May 2014 14:21:28 +0000 (17:21 +0300)]
RADIUS client: Fix socket close/re-open on server change
Both IPv4 and IPv6 sockets were not closed consistently in the paths
that tried to change RADIUS servers. This could result in leaking
sockets and leaving behind registered eloop events to freed memory on
interface removal.
Jerry Yang [Thu, 29 May 2014 06:32:33 +0000 (14:32 +0800)]
RADIUS client: Fix crash issue in radius_client_timer()
While iterating through RADIUS messages in radius_client_timer(), one
message entry may get flushed by "radius_client_retransmit -->
radius_client_handle_send_error --> radius_client_init_auth -->
radius_change_server --> radius_client_flush". This could result in
freed memory being accessed afterwards.
Jouni Malinen [Fri, 30 May 2014 08:33:01 +0000 (11:33 +0300)]
RADIUS client: Do not try to send message without socket
It is possible for the RADIUS authentication/accounting socket to not be
open even if partial RADIUS server configuration has been done through
the control interface SET commands. Previously, this resulted in send()
attempt using fd=-1 which fails with bad file descriptor. Clean this up
by logging this as a missing configuration instead of trying to send the
message when that is known to fail.
Eduardo Abinader [Thu, 29 May 2014 21:42:07 +0000 (17:42 -0400)]
hostapd_cli: Fix segmentation fault with interface command
ctrl_ifname was not being freed and allocated consistently by using
proper functions: os_free() and os_strdup(). This can result in
segmentation fault when these OS specific wrappers use different
implementation (e.g., with CONFIG_WPA_TRACE=y).
Jouni Malinen [Thu, 29 May 2014 13:45:48 +0000 (16:45 +0300)]
P2P: Debug print channel lists for invitation processing
This makes invitation process more consistent with GO Negotiation as far
as the debug log entries are concerned and the resulting log is more
helpful for understanding channel selection.
Jouni Malinen [Thu, 29 May 2014 10:51:19 +0000 (13:51 +0300)]
OpenSSL: Fix OCSP certificate debug print to use wpa_printf
Instead of using X509_print_fp() to print directly to stdout, print the
certificate dump to a memory BIO and use wpa_printf() to get this into
the debug log. This allows redirection of debug log to work better and
avoids undesired stdout prints when debugging is not enabled.
Jouni Malinen [Thu, 29 May 2014 10:43:01 +0000 (13:43 +0300)]
tests: Hide stdout from Popen() to avoid undesired stdout prints
ap_cipher_tkip_countermeasures_{ap,sta} printed out the MAC addresses in
stdout which resulted in the debug log not starting the PASS/FAIL
information at the beginning of the line. Hide these unnecessary prints
to avoid that.
Jouni Malinen [Tue, 27 May 2014 15:47:41 +0000 (18:47 +0300)]
nl80211: Do not add all virtual interfaces to drv->if_indices
Commit 04eff7d5ba96b5b452e4e1a70db3af6668762b08 or something around that
timeframe may have caused a regression on how drv->if_indices gets used
with wpa_supplicant. Most (curretly likely all) wpa_supplicant virtual
interface use cases should not actually use this. This could result in
issues with P2P group interfaces delivering events to incorrect
interface (parent rather than the group interface). The previous commit
removed some of the issues, but more complete fix is to undo some of
those merged hostapd/wpa_supplicant operations.
Filter add_ifidx() uses based on hostapd vs. wpa_supplicant and iftype
to get closer to the earlier wpa_supplicant behavior for the driver
events from virtual interfaces.
Jouni Malinen [Tue, 27 May 2014 15:16:58 +0000 (18:16 +0300)]
nl80211: Fix del_ifidx() with mixed parent interface cases
It is possible for a virtual interface to be added and removed by
different parent interfaces. This can happen, e.g., with P2P group
interfaces if the P2P parent interface does not happen to be the first
entry in the wpa_supplicant global interface list. That first entry is
used to remove the group interface while the addition would have
happened with the dedicated P2P management interface.
This can result in the interface that added a new virtual interface
getting stuck with an obsolete ifindex value in the drv->if_indeces list
and as such, deliver some extra events to incorrect destination wpa_s
instance. In particular, this can result in INTERFACE_DISABLED event
from deletion of a P2P group interface getting delivered incorrectly to
the parent wpa_s instance which would disable that interface even though
the interface remains in enabled state.
Fix this by clearing the removed interface from all if_indeces lists
instead of just the one that was used to delete the interface. This is
the simplest approach since the ifindex is unique and there is no need
to track which interface added the new virtual interface to always hit
the same one when removing the interface.
Jouni Malinen [Tue, 27 May 2014 09:09:25 +0000 (12:09 +0300)]
P2P: Clear p2p_auth_invite after each persistent group invitation
This makes the operations more consistent when going through multiple
persistent group re-invocation sequences in a row. Each invitation needs
to be accepted separately if persistent reconnect is not enabled.
Jouni Malinen [Sun, 25 May 2014 15:34:10 +0000 (18:34 +0300)]
GAS: Send error response if no room for pending dialog context
Instead of silently dropping the response that requires fragmentation,
send an error response to the station to make it aware that no full
response will be available.
Jithu Jance [Thu, 22 May 2014 06:55:53 +0000 (12:25 +0530)]
P2P: Avoid resetting pending_listen_freq if p2p_listen is pending
If p2p_listen is called while previous listen command's
remain_on_channel event is pending, the p2p_listen would fail
and it used to clear pending_listen_freq. Now when the remain-
on-channel event comes from the driver, the pending_listen_freq
doesn't match and gets ignored. This was leading to a case
where listen state was getting stuck (in case of WAIT_PEER_CONNECT
state).
Jouni Malinen [Wed, 21 May 2014 11:56:34 +0000 (14:56 +0300)]
tests: Add -rdynamic to fix TNC IMV/IMC loading on some platforms
The example IMV and IMC used for TNC testing has references to
wpa_printf and other functions from hostapd/wpa_supplicant. Link the
binaries in a way that allows these symbols to be resolved while loading
the libraries at run time.
Jouni Malinen [Mon, 19 May 2014 20:22:49 +0000 (23:22 +0300)]
tests: Add CAVP test vectors for RSA/PKCS #1 v1.5 signature validation
This allow the PKCS #1 and RSA implementation to be validated against
the test vectors from
http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-2rsatestvectors.zip
and
http://csrc.nist.gov/groups/STM/cavp/documents/dss/SigVer15EMTest.txt.
Jouni Malinen [Mon, 19 May 2014 20:19:08 +0000 (23:19 +0300)]
Add function for building RSA public key from n and e parameters
This is similar to the existing functionality that parsed ASN.1-encoded
RSA public key by generating a similar public key instance from already
parsed n and e parameters.
Jouni Malinen [Mon, 19 May 2014 20:26:43 +0000 (23:26 +0300)]
PKCS #1: Enforce minimum padding for decryption in internal TLS
Follow the PKCS #1 v1.5, 8.1 constraint of at least eight octets long PS
for the case where the internal TLS implementation decrypts PKCS #1
formatted data. Similar limit was already in place for signature
validation, but not for this decryption routine.
Jouni Malinen [Mon, 19 May 2014 20:26:19 +0000 (23:26 +0300)]
PKCS #1: Allow only BT=01 for signature in internal TLS
Based on PKCS #1, v1.5, 10.1.3, the block type shall be 01 for a
signature. This avoids a potential attack vector for internal TLS/X.509
implementation.
Jouni Malinen [Mon, 19 May 2014 20:25:38 +0000 (23:25 +0300)]
X.509: Fix internal TLS/X.509 validation of PKCS#1 signature
Verify that there is no extra data after the hash field. This is needed
to avoid potential attacks using additional data to construct a value
that passes the RSA operation and allows the hash value to be forged.
Jouni Malinen [Sun, 18 May 2014 16:47:59 +0000 (19:47 +0300)]
tests: Add CAVP test vectors for byte-oriented SHA-1 and SHA-256
This allows the SHA-1 implementation to be validated against the
SHA1ShortMsg.rsp and SHA1LongMsg.rsp test vectors from
http://csrc.nist.gov/groups/STM/cavp/documents/shs/shabytetestvectors.zip.
Similarly, the SHA-256 can be validated against the SHA256ShortMsg.rsp
and SHA256LongMsg.rsp.
Jouni Malinen [Sat, 17 May 2014 19:52:40 +0000 (22:52 +0300)]
tests: Incorrect/missing password with TTLS non-EAP methods
Incorrect password was already tested with TTLS/MSCHAPv2, but the other
non-EAP inner methods in TTLS use their own implementation of password
validation, so check each and also verify the case of no matching EAP
user entry for the specific method.