Jouni Malinen [Mon, 2 Nov 2020 14:52:01 +0000 (16:52 +0200)]
DPP2: Fix error path handling in enterprise provisioning
The allocated memory pointed by the pem pointer was freed on an error
path without clearing the pointer to NULL before returning it from the
function. This could have resulted in use of freed memory in an error
case. Fix this by clearing the pointer so that the function returns NULL
properly in the case of this error.
Jouni Malinen [Mon, 2 Nov 2020 14:36:14 +0000 (16:36 +0200)]
Remove unused variable update
Commit e8b85c078e73 ("iface match: Unspecified matched interfaces should
not log driver fails") removed the only use of the added interface wpa_s
pointer, but left that pointer setting in place. Remove it to keep
static analyzers happy.
Jouni Malinen [Mon, 2 Nov 2020 14:31:02 +0000 (16:31 +0200)]
DPP2: Fix ppkey parsing
DPP_CONFIGURATOR_ADD processing of the new ppkey parameter had a
copy-paste error in determining the correct length of this parameter.
Fix that by referencing the correct pointer.
Fixes: 9c1fbff07404 ("DPP2: Generate a privacy protection key for Configurator") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 GHz: Fix opclasses mapping in ieee80211_freq_to_channel_ext()
Previously only primary channel number used to calculate 6GHz operating
class in ieee80211_freq_to_channel_ext() and it is always giving 131
operating class. Fix this by mapping operating class using chanwidth and
sec_channel also.
This is needed to avoid OCV failures on the 6 GHz band when the channel
width is larger than 20 MHz.
Hai Shalom [Fri, 16 Oct 2020 19:47:28 +0000 (12:47 -0700)]
EAP-SIM peer: Send AT_IDENTITY first
For EAP-SIM connections, reorder the order of the attributes in
EAP-Response/SIM/Start message: Send AT_IDENTITY first, then
AT_NONCE and AT_VERSION instead of AT_IDENTITY last. Even though there
is no order requirements in the RFC, some implementations expect the
order of the attributes to be exactly as described in the RFC figures.
Peer Authenticator
| |
| +------------------------------+
| | Server does not have a |
| | Subscriber identity available|
| | When starting EAP-SIM |
| +------------------------------+
| |
| EAP-Request/SIM/Start |
| (AT_ANY_ID_REQ, AT_VERSION_LIST) |
|<------------------------------------------------|
| |
| |
| EAP-Response/SIM/Start |
| (AT_IDENTITY, AT_NONCE_MT, |
| AT_SELECTED_VERSION) |
|------------------------------------------------>|
| |
Pooventhiran G [Tue, 27 Oct 2020 06:24:21 +0000 (11:54 +0530)]
nl80211: Check for proper nlmsg allocation in send_and_recv_msgs_owner()
When nlmsg allocation fails, nl80211_drv_msg() returns NULL and the call
to send_and_recv_msgs_owner() from nl80211_leave_ibss() could have ended
up dereferencing a NULL pointer. Fix this by make
send_and_recv_msgs_owner() more consistent with other send_and_recv*()
cases that check msg == NULL internally.
Fixes: 12ea7dee311b ("nl80211: Use nl80211 control port for receiving EAPOL frames") Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
P2P: Consider BSS entry pending for P2P joining as a known BSS
Consider the BSS entry that is pending for the P2P group join operation
also as a known network along with the existing configured networks.
This prevents removal of the BSS entry that is still in the process of
P2P join operation from the BSS table when the number of entries exceed
bss_max_count.
Jouni Malinen [Mon, 26 Oct 2020 20:34:07 +0000 (22:34 +0200)]
nl80211: Filter out unsupported bands
If the driver indicates capability for a band that
hostapd/wpa_supplicant does not support, the struct hostapd_hw_modes
array of bands got an empty entry for that with NUM_HOSTAPD_MODES as the
mode. This resulted in various issues, e.g., with fst_hw_mode_to_band()
hitting a WPA_ASSERT(0).
Fix this by filtering out unsupported bands from the internal data
structures.
P2P: Include p2p_add_cli_chan parameter while cloning the configuration
The dynamically created P2P group interface did not consider the
channels that can be used by the P2P client during the P2P group
formation. Copy the p2p_add_cli_chan parameter while cloning the
configuration to the P2P group interface. This allows the dynamically
created group interface case to form the group in the specific
client-only channels when the device is a P2P client in the group.
If SAE_CONFIG_PK is not defined and sae->pk isn't zero (which is
possible as it is controlled by the commit message status code),
sae_derive_keys() may end up deriving PMK and KCK from an
uninitialized array. Fix that.
Fixes: 6b9e99e571ee ("SAE-PK: Extend SAE functionality for AP validation") Fixes: 20ccf97b3dc1 ("SAE-PK: AP functionality") Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
wpa_supplicant: Remove unfeasible conditions in config parsing
pos can't be NULL in wpa_global_config_parse_str(), so there is no point
checking this, especially when pos was already dereferenced earlier.
Remove the redundant conditions.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Pooventhiran G [Sun, 18 Oct 2020 15:30:09 +0000 (21:00 +0530)]
OpenSSL: Make openssl_debug_dump_certificate() more robust
SSL_CTX_get0_certificate() returns NULL if no certificate is installed.
While this should not be the case here due to the loop in
openssl_debug_dump_certificate_chains() proceeding only if the
SSL_CTX_set_current_cert() returns success, it is safer to make
openssl_debug_dump_certificate() explicitly check against NULL before
trying to dump details about the certificate.
Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
Hu Wang [Wed, 29 Jul 2020 03:15:35 +0000 (11:15 +0800)]
P2P: Stop old listen radio work before go to WAIT_PEER_IDLE state
P2P goes to Listen state while waiting for the peer to become ready for
GO Negotiation. If old listen radio work has not been completed, P2P
fails to go to listen state. This could happen in cases where P2P Action
frame transmission reused ongoing p2p-listen radio work.
p2p0: Add radio work 'p2p-listen'@0x
P2P-FIND-STOPPED
p2p0: Starting radio work 'p2p-listen'@0x after 0.010644 second wait
P2P: Use ongoing radio work for Action frame TX
P2P: Use ongoing radio work for Action frame TX
P2P: State CONNECT -> CONNECT
P2P: State CONNECT -> WAIT_PEER_IDLE
P2P: State WAIT_PEER_IDLE -> WAIT_PEER_CONNECT
P2P: Reject start_listen since p2p_listen_work already exists
P2P: Failed to start listen mode
Vamsi Krishna [Thu, 8 Oct 2020 12:17:19 +0000 (17:47 +0530)]
Add QCA interface for driver to report various connect fail reason codes
The connection process fails for several reasons and the status codes
defined in IEEE Std 802.11 do not cover the locally generated reason
codes. Add an attribute to QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO vendor
sub command which can be used by the driver/firmware to report various
additional reason codes for connection failures.
Jouni Malinen [Wed, 14 Oct 2020 19:57:04 +0000 (22:57 +0300)]
build: Fix libeap_peer.a build
The install target at the beginning of src/eap_peer/Makefile was
confusing make about the build rules for libeap_peer.a and overriding of
the install target between src/eap_peer/Makefile and src/lib.rules was
breaking installation of dynamic EAP peer *.so files.
Fix this by lib.rules defining a default for the install target so that
src/*/Makefile can override that and by moving the install target for
eap_peer to the end of the Makefile.
Markus Theil [Tue, 30 Jun 2020 11:53:19 +0000 (13:53 +0200)]
wpa_supplicant: Handle HT40 and mode downgrade in AP mode
Add some missing pieces to the interface configuration of AP/mesh mode
in wpa_supplicant.
- check for secondary channel and HT40 capability
- try to downgrade to IEEE 802.11b if 802.11g is not available
Especially with the HT40 check, this code now performs all settings,
which the deleted/duplicated mesh code did.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
wpa_supplicant_conf_ap_ht() has to happen before
hostapd_setup_interface() in order for its configuration settings to
have effect on interface configuration.
Disable primary and secondary channel switch because of missing tie
breaking rule/frames in mesh networks. A rather long comment about
this issue is placed in mesh.c in the corresponding place.
I was not able to reproduce the memory corruption during
mesh_secure_ocv_mix_legacy, which lead to a revert of a similar patch in
the past.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Markus Theil [Tue, 30 Jun 2020 11:53:17 +0000 (13:53 +0200)]
HE/VHT: Fix frequency setup with HE enabled
Some places in the code base were not using the wrappers like
hostapd_set_oper_centr_freq_seg0_idx and friends. This could lead to
errors, for example when joining 80 MHz mesh networks. Fix this, by
enforcing usage of these wrappers.
wpa_supplicant_conf_ap_ht() now checks for HE capability before dealing
with VHT in order for these wrappers to work, as they first check HE
support in the config.
While doing these changes, I've noticed that the extra channel setup
code for mesh networks in wpa_supplicant/mesh.c should not be necessary
anymore and dropped it. wpa_supplicant_conf_ap_ht() should handle this
setup already.
Acked-by: John Crispin <john@phrozen.org> Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Jouni Malinen [Tue, 13 Oct 2020 17:29:27 +0000 (20:29 +0300)]
DPP2: Copy received ppKey into wpa_supplicant network profile
Store the received privacy protection key from Connector into
wpa_supplicant network profile and indicate it through the control
interface similarly to C-sign-key.
Jouni Malinen [Tue, 13 Oct 2020 16:59:29 +0000 (19:59 +0300)]
DPP2: Generate a privacy protection key for Configurator
Generate a new key for Configurator. This is either generated
automatically for the specified curve or provided from external source
with the new ppkey=<val> argument similarly to the way c-sign-key was
previously generated.
Johannes Berg [Mon, 12 Oct 2020 09:30:53 +0000 (11:30 +0200)]
build: Rebuild libs all the time
When files change that go into a static library such as libutils.a, then
libutils.a doesn't get rebuilt from, e.g., wlantest because the
top-level Makefile just calls the library make if the library doesn't
exist yet.
Change that by making the library depend on a phony target (cannot make
it itself phony due to the pattern) so that the build will always
recurse into the library build, and check there if the library needs to
be rebuilt.
While at it, remove the (actually unnecessary) mkdir so it doesn't get
done each and every time you do 'make'.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sun, 11 Oct 2020 19:24:34 +0000 (21:24 +0200)]
build: Fix dependency file inclusion
The objs.mk include changes for archive files broke things
completely and none of the dependency files (*.d) ever got
included, as the expansion there ended up empty.
Clearly, my mistake, I should've tested that better. As we
don't need the %.a files in the list there use filter-out
to remove them, rather than what I had lazily wanted to do,
which was trying to read %.d files for them. The filter-out
actually works, and avoids looking up files that can never
exist in the first place.
Fixes: 87098d3324e0 ("build: Put archive files into build/ folder too") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jimmy Chen [Wed, 26 Aug 2020 10:55:45 +0000 (18:55 +0800)]
P2P: Set ap_configured_cb during group reform process
We found that if REMOVE-AND-REFORM occurs before a group is started,
it would not send out GROUP-STARTED-EVENT after AP is enabled.
In the remove-and-reform process, ap_configured_cb is cleared. If a
group is not started, p2p_go_configured() will not be called after
completing AP setup. Fix this by preserving the callback parameters.
Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
Jimmy Chen [Wed, 2 Sep 2020 08:50:11 +0000 (16:50 +0800)]
P2P: Fallback to GO negotiation after running out of GO scan attempts
We found a problem that p2p_fallback_to_go_neg is not handled correctly
after running out of GO scan attempts. When autojoin is enabled and a
group is found in old scan results, supplicant would try to scan the
group several times. If the group is still not found, it reports group
formation failure while p2p_fallback_to_go_neg is enabled already.
If p2p_fallback_to_go_neg is enabled, it should fallback to GO
negotiation, but not report group formation failure after running out of
GO scan attempts.
Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
Johannes Berg [Sun, 11 Oct 2020 08:20:51 +0000 (10:20 +0200)]
wpaspy: Allow building with python3
Add the necessary modified module registration code to allow building
wpaspy with python3. Also clean up the wpaspy_close() function to not
poke into the python version specific details.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sun, 11 Oct 2020 08:06:14 +0000 (10:06 +0200)]
gitignore: Clean up a bit
Now that we no longer leave build artifacts outside the build folder, we
can clean up the gitignore a bit. Also move more things to per-folder
files that we mostly had already anyway.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sun, 11 Oct 2020 07:58:58 +0000 (09:58 +0200)]
build: Put archive files into build/ folder too
This is something I hadn't previously done, but there are
cases where it's needed, e.g., building 'wlantest' and then
one of the tests/fuzzing/*/ projects, they use a different
configuration (fuzzing vs. not fuzzing).
Perhaps more importantly, this gets rid of the last thing
that was dumped into the source directories, apart from
the binaries themselves.
Note that due to the use of thin archives, this required
building with absolute paths.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Thomas Pedersen [Thu, 27 Aug 2020 22:59:40 +0000 (15:59 -0700)]
nl80211: Unbreak mode processing due to presence of S1G band
If kernel advertises a band with channels < 2.4 GHz
hostapd/wpa_supplicant gets confused and assumes this is an IEEE
802.11b, corrupting the real IEEE 802.11b band info.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Brian Norris [Thu, 20 Aug 2020 02:09:35 +0000 (19:09 -0700)]
D-Bus: Share 'remove all networks' with CLI
The D-Bus implementation of RemoveAllNetworks differs wildly from the
CLI implementation. Let's share the implementations.
This resolves use-after-free bugs I noticed, where we continue to use
the 'wpa_s->current_ssid' wpa_ssid object after freeing it, because we
didn't bother to disconnect from (and set to NULL) current_ssid before
freeing it.
Signed-off-by: Brian Norris <briannorris@chromium.org>
Georg Müller [Thu, 18 Jun 2020 14:39:12 +0000 (16:39 +0200)]
wpa_supplicant: Do not retry scan if operation is not supported
When using NetworkManager to set up an access point, there seems to be a
race condition which can lead to a new log message every second.
The following message appears in AP mode:
CTRL-EVENT-SCAN-FAILED ret=-95 retry=1
Normally, this log message only appears once. But then (and only then)
the race is triggered and they appear every second, the following log
messages are also present:
Reject scan trigger since one is already pending
Failed to initiate AP scan
This patch just disables the retry for requests where the operation is
not supported anyway.
Signed-off-by: Georg Müller <georgmueller@gmx.net>
Benjamin Berg [Tue, 25 Aug 2020 06:29:02 +0000 (08:29 +0200)]
P2P: Limit P2P_DEVICE name to appropriate ifname size
Otherwise the WPA_IF_P2P_DEVICE cannot be created if the base ifname is
long enough. As this is not a netdev device, it is acceptable if the
name is not completely unique. As such, simply insert a NUL byte at the
appropriate place.
Markus Theil [Fri, 12 Jun 2020 14:49:44 +0000 (16:49 +0200)]
mesh: Set correct address for mesh default broadcast/multicast keys
wpa_drv_set_key() was called with a NULL address for IGTK and MGTK
before this patch. The nl80211 driver will then not add the
NL80211_KEY_DEFAULT_TYPE_MULTICAST flag for the key, which wrongly marks
this key also as a default unicast key in the Linux kernel.
With SAE this is no real problem in practice, as a pairwise key will be
negotiated in mesh mode, before the first data frame gets send. When
using IEEE 802.1X in a mesh network in the future, this gets a problem,
as Linux now will encrypt EAPOL frames with the default key, which is
also marked for unicast usage without this patch.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Jouni Malinen [Sat, 10 Oct 2020 14:48:59 +0000 (17:48 +0300)]
Use consistent spelling of "homogeneous"
The 'H' in HESSID was originally spelled "homogenous" in IEEE Std
802.11-2016 abbreviations and acronyms list, but that was changed in
REVmd to the significantly more common spelling "homonegeneous". Update
this older version to match the new spelling to be consistent throughout
the repository.
Kevin Lund [Thu, 11 Jun 2020 21:11:19 +0000 (14:11 -0700)]
wpa_supplicant: Clear blacklist when SSID configs change
If the stored configurations for an SSID have changed, we can no longer
trust the current blacklist state of that SSID, since the updated
configs could change the behavior of the network. E.g., the BSS could be
blacklisted due to a bad password, and the config could be updated to
store the correct password. In this case, keeping the BSS in the
blacklist will prevent the user from connecting to the BSS after the
correct password has been updated.
Add the value was_changed_recently to the wpa_ssid struct. Update this
value every time a config is changed through wpa_set_config(). Check
this value in wpa_blacklist_get() to clear the blacklist whenever the
configs of current_ssid have changed.
This solution was chosen over simply clearing the blacklist whenever
configs change because the user should be able to change configs on an
inactive SSID without affecting the blacklist for the currently active
SSID. This way, the blacklist won't be cleared until the user attempts
to connect to the inactive network again. Furthermore, the blacklist is
stored per-BSSID while configs are stored per-SSID, so we don't have the
option to just clear out certain blacklist entries that would be
affected by the configs.
Finally, the function wpa_supplicant_reload_configuration() causes the
configs to be reloaded from scratch, so after a call to this function
all bets are off as to the relevance of our current blacklist state.
Thus, we clear the entire blacklist within this function.
Signed-off-by: Kevin Lund <kglund@google.com> Signed-off-by: Brian Norris <briannorris@chromium.org>
Kevin Lund [Thu, 11 Jun 2020 21:11:18 +0000 (14:11 -0700)]
wpa_supplicant: Add new blacklist tests
This change adds some barebones tests for new blacklisting functionality
to wpas_module_tests.c. The tests ensure some basic functionality for
the functions wpa_blacklist_is_blacklisted() and wpa_blacklist_update().
Signed-off-by: Kevin Lund <kglund@google.com> Signed-off-by: Brian Norris <briannorris@chromium.org>
projects / thirdparty / hostap.git / log
