VLAN: Avoid access to non-existing interfaces

Currently, hostapd_get_vlan_id_ifname() is used to determine if a given
vlan is valid *and* to actually determine the interface. This leads to
wpa_set_keys() sometimes setting the key on the wildcard interface name,
which does not make sense.

This patch therefore adds hostapd_vlan_id_valid() and makes
hostapd_get_vlan_id_ifname() not return a wildcard interface.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 7ab86fca9f69e4815d36d99376c0e71b5cd87d72..051c453733f19799306560f9a651f98ced296216 100644 (file)
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -606,11 +606,23 @@ int hostapd_rate_found(int *list, int rate)
 }
 
 
-const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
+int hostapd_vlan_id_valid(struct hostapd_vlan *vlan, int vlan_id)
 {
        struct hostapd_vlan *v = vlan;
        while (v) {
                if (v->vlan_id == vlan_id || v->vlan_id == VLAN_ID_WILDCARD)
+                       return 1;
+               v = v->next;
+       }
+       return 0;
+}
+
+
+const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
+{
+       struct hostapd_vlan *v = vlan;
+       while (v) {
+               if (v->vlan_id == vlan_id)
                        return v->ifname;
                v = v->next;
        }

diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 5cb951fc8666ad72153fa44381d9080a3b7f1b48..d1ae9c2a546155a3aaff972ead7229e00a7770bd 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -547,6 +547,7 @@ int hostapd_wep_key_cmp(struct hostapd_wep_keys *a,
 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
                           const u8 *addr, const u8 *prev_psk);
 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
+int hostapd_vlan_id_valid(struct hostapd_vlan *vlan, int vlan_id);
 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan,
                                        int vlan_id);
 struct hostapd_radius_attr *

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 2e570c098352f7a08f4faa542040fd429a208117..5503af157936adf428f19d3bcb080bee6f869812 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -650,8 +650,7 @@ static void handle_auth(struct hostapd_data *hapd,
        }
 
        if (vlan_id > 0) {
-               if (hostapd_get_vlan_id_ifname(hapd->conf->vlan,
-                                              vlan_id) == NULL) {
+               if (!hostapd_vlan_id_valid(hapd->conf->vlan, vlan_id)) {
                        hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
                                       HOSTAPD_LEVEL_INFO, "Invalid VLAN ID "
                                       "%d received from RADIUS server",

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index cc5f83c8fb0ced86c6a858af979cc198e24f62e1..d3dda145dcf30b95ea40d569d22770b83c15ee91 100644 (file)
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -1438,8 +1438,7 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
                        sta->vlan_id = radius_msg_get_vlanid(msg);
                }
                if (sta->vlan_id > 0 &&
-                   hostapd_get_vlan_id_ifname(hapd->conf->vlan,
-                                              sta->vlan_id)) {
+                   hostapd_vlan_id_valid(hapd->conf->vlan, sta->vlan_id)) {
                        hostapd_logger(hapd, sta->addr,
                                       HOSTAPD_MODULE_RADIUS,
                                       HOSTAPD_LEVEL_INFO,