Reduce the amount of time PTK/TPTK/GTK is kept in memory
Some of the buffers used to keep a copy of PTK/TPTK/GTK in the
supplicant implementation maintained a copy of the keys longer than
necessary. Clear these buffers to zero when the key is not needed
anymore to minimize the amount of time key material is kept in memory.
Fix P2P redirection of global ctrl_iface SET command
The previous version prevented all use of wpas_global_ctrl_iface_set().
That's not desirable since there may be more global parameters added in
the future. Instead, try to use the global version first and redirect to
P2P interface only if the global version returns an error.
Remove SAVE_CONFIG redirect from global control interface
The P2P redirection for SAVE_CONFIG issued on the global control
interface was preventing wpas_global_ctrl_iface_save_config() from being
reached. The global version of SAVE_CONFIG was supposed to try to save
configuration files for all interface rather than just the P2P
management interface, so fix this by removing the unneeded and undesired
redirection.
Modify the global SAVE_CONFIG handler to return FAIL if no configuration
files were saved. This makes the behavior match with the per-interface
SAVE_CONFIG.
eap_proxy: Use unique Makefile names for Android and non-Android
Rename the eap_proxy_*.mk file to eap_proxy_*.mak for non-Android builds
so that the same eap_proxy implementation can be more easily included in
the same directory for both cases.
tests: Fix progressive p2p_find to actually use progressive part
It turned out that the initial test case found the GO based on the
initial full scan instead of the progressive search part. Fix this by
started the GO only after the initial full scan.
P2P: Fix interface remove to terminate all P2P groups
Previously, it was possible to remove the main interface and leave
behind dynamic P2P group interfaces. This would eventually result in
references freed memory, so it is not really suitable behavior. Instesd,
remove all the dynamic P2P group interfaces that were created through an
interface that is now removed.
The sample code here ended up trying to register an eloop socket with fd
== -1. This was not really ever supposed to be used, but it is now also
hitting an assert in eloop. Skip the unnecessary
eloop_register_read_sock() to avoid this.
This was causing issues for hostapd since CONFIG_L2_PACKET is not set by
default. If CONFIG_RSN_PREAUTH=y was not used for CONFIG_L2_PACKET was
not set in .config explicitly, the defaul use of l2_packet_none.c ended
up hitting the newly added assert() in eloop.
tests: Work around invalid ap_wps_ie_fragmentation failures
This can fail if Probe Response frame is missed and Beacon frame was
used to fill in the BSS entry. This can happen, e.g., during heavy load
every now and then and is not really an error, so try to workaround by
runnign another scan.
tests: Try to work around bogus errors in wpas_ctrl_country
It seems like it is possible for a CTRL-EVENT-REGDOM-CHANGE event from a
previous test case to "leak" through to the execution of this test case.
That can result in the validation steps here failing, so wait a bit and clear the pending events before starting the test.
tests: Work around mac80211_hwsim survey limitations
ap_multi_bss_acs test case was failing if it was executed immediately
after a test case that used 5 GHz band since the current mac80211_hwsim
channel survey implementation is very limited and reports only a single
channel. For this test case, that channel has to be from the 2.4 GHz
band.
Johannes Berg [Wed, 9 Apr 2014 09:53:16 +0000 (11:53 +0200)]
wlantest: Tag and ignore generated packets
Rather than ignoring packets with a minimal 8-byte radiotap
header, which may occur elsewhere, tag generated (decrypted)
packets with an empty vendor namespace tag and ignore those.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
WPS: Split eapol_cb reconnect to a separate code path
Use eloop timeout to run the reconnect command after eapol_cb has
returned. This reduces stack use and can simplify the driver
command/event sequence by allowing the disconnection events from the
provisioning step to be processed before starting the actual data
connection.
WPS: Close p2p_group and temporary parameters to all network blocks
If a P2P GO issues multiple credentials for some reason, clone the
p2p_group and temporary parameters to all those based on the initial
network block that gets used for the first credential.
nl80211: Mask out deauth even after own deauth request
This was already done for the disconnect event, but
SME-in-wpa_supplicant case needs to do same with the deauth event to
avoid getting extra events during WPS disconnect-and-reconnect sequence.
This can speed up WPS processing by removing unnecessary failures or
retries due to the extra event being processed during the next
association attempt.
This used to work, but it looks like the disabled-PSK-network check
ended up rejecting confiurations that configured a wildcard SSID with a
passphrase (instead of PSK).
Adding a new entry was returning FAIL on success due to incorrect
assumption of wpa_blacklist_add() returning 0 on success (it returns the
positive blacklist count).
Felix Fietkau [Sun, 6 Apr 2014 11:11:53 +0000 (13:11 +0200)]
nl80211: Handle multiple interface combinations for P2P
The first combination may allow single-channel concurrency for
P2P + managed, but there may be others that allow multi-channel
concurrency. Parse all of them to find the maximum number of channels.
Nirav Shah [Mon, 7 Apr 2014 22:12:19 +0000 (03:42 +0530)]
P2P: Add retry mechanism for GO Negotiation Confirmation
wpa_supplicant now retries for P2P_GO_NEG_CNF_MAX_RETRY_COUNT times if
it doesn't receive acknowledgement for GO Negotiation Confirmation
frame. Currently, P2P_GO_NEG_CNF_MAX_RETRY_COUNT is set to 1.
While this is not strictly speaking following the P2P specification,
this can improve robustness of GO Negotiation in environments with
interference and also with peer devices that do not behave properly
(e.g., by not remaining awake on the negotiation channel through the
full GO Negotiation).
P2P: Mark the scan in p2p_in_invitation as p2p_probe
Mark the scan performed by the P2P Client in search of the GO
during the persistant reinvocation as a p2p_probe to avoid
unnecessary use of 802.11b rates.
Some OpenSSL versions have vulnerability in TLS heartbeat request
processing. Check the processed message to determine if the attack has
been used and if so, do not send the response to the peer. This does not
prevent the buffer read overflow within OpenSSL, but this prevents the
attacker from receiving the information.
This change is an additional layer of protection if some yet to be
identified paths were to expose this OpenSSL vulnerability. However, the
way OpenSSL is used for EAP-TLS/TTLS/PEAP/FAST in hostapd/wpa_supplicant
was already rejecting the messages before the response goes out and as
such, this additional change is unlikely to be needed to avoid the
issue.
WNM: Fix neighbor report subelement parser to not leak memory
If a subelement is unexpectedly included multiple times, the parser must
not re-allocate memory for the entry without first freeing the old
allocation.
Only the Neighbor Report element should be included here, so verify that
the element id matches. In addition, verify that each subelement has
valid length before using the data.
Document and rename HT Capability/Operation fields
This makes the definitions match the terminology used in IEEE Std
802.11-2012 and makes it easier to understand how the HT Operation
element subfields are used.
This was used to fill in the "PSMP support" subfield that was defined
during P802.11n development. However, this subfield was marked reserved
in the published IEEE Std 802.11n-2009 and it is not supported by
current drivers that use hostapd for SME either. As such, there is not
much point in maintaining this field as ht_capab parameter within
hostapd either.
projects / thirdparty / hostap.git / log
