Fix a regression in storing of external_auth SSID/BSSID

An earlier change in drivers_ops API for struct external_auth broke the
way SSID and BSSID for an external authentication request were stored.
The implementation depended on the memory array being available in the
API struct with a use of memcpy() to copy the full structure even though
when only SSID and BSSID was needed. Fix this by replacing that
easy-to-break storing mechanism with explicit arrays for the exact set
of needed information.

Fixes: dd1a8cef4c05 ("Remove unnecessary copying of SSID and BSSID for external_auth")
Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 17a984d1a17d0d18d40d8e341c1d5e1904f014ba..e2cc439ea2a78dc9a8c6e5909537a76fe2180c6b 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -965,9 +965,9 @@ static void sme_send_external_auth_status(struct wpa_supplicant *wpa_s,
 
        os_memset(&params, 0, sizeof(params));
        params.status = status;
-       params.ssid = wpa_s->sme.ext_auth.ssid;
-       params.ssid_len = wpa_s->sme.ext_auth.ssid_len;
-       params.bssid = wpa_s->sme.ext_auth.bssid;
+       params.ssid = wpa_s->sme.ext_auth_ssid;
+       params.ssid_len = wpa_s->sme.ext_auth_ssid_len;
+       params.bssid = wpa_s->sme.ext_auth_bssid;
        wpa_drv_send_external_auth_status(wpa_s, &params);
 }
 
@@ -1032,8 +1032,13 @@ void sme_external_auth_trigger(struct wpa_supplicant *wpa_s,
                return;
 
        if (data->external_auth.action == EXT_AUTH_START) {
-               os_memcpy(&wpa_s->sme.ext_auth, data,
-                         sizeof(struct external_auth));
+               if (!data->external_auth.bssid || !data->external_auth.ssid)
+                       return;
+               os_memcpy(wpa_s->sme.ext_auth_bssid, data->external_auth.bssid,
+                         ETH_ALEN);
+               os_memcpy(wpa_s->sme.ext_auth_ssid, data->external_auth.ssid,
+                         data->external_auth.ssid_len);
+               wpa_s->sme.ext_auth_ssid_len = data->external_auth.ssid_len;
                wpa_s->sme.seq_num = 0;
                wpa_s->sme.sae.state = SAE_NOTHING;
                wpa_s->sme.sae.send_confirm = 0;
@@ -1091,7 +1096,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
                                                wpa_s->current_ssid, 2);
                else
                        sme_external_auth_send_sae_commit(
-                               wpa_s, wpa_s->sme.ext_auth.bssid,
+                               wpa_s, wpa_s->sme.ext_auth_bssid,
                                wpa_s->current_ssid);
                return 0;
        }
@@ -1110,7 +1115,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
                                                wpa_s->current_ssid, 1);
                else
                        sme_external_auth_send_sae_commit(
-                               wpa_s, wpa_s->sme.ext_auth.bssid,
+                               wpa_s, wpa_s->sme.ext_auth_bssid,
                                wpa_s->current_ssid);
                return 0;
        }

diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 8ea3c5a1d7c7987b95eec047da6f0e2de26c5716..b51390ba3b2488e3fb7b1a30d717e4be3f8a0bd6 100644 (file)
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -802,7 +802,9 @@ struct wpa_supplicant {
                int sae_group_index;
                unsigned int sae_pmksa_caching:1;
                u16 seq_num;
-               struct external_auth ext_auth;
+               u8 ext_auth_bssid[ETH_ALEN];
+               u8 ext_auth_ssid[SSID_MAX_LEN];
+               size_t ext_auth_ssid_len;
 #endif /* CONFIG_SAE */
        } sme;
 #endif /* CONFIG_SME */