Fix a regression in storing of external_auth SSID/BSSID

An earlier change in drivers_ops API for struct external_auth broke the
way SSID and BSSID for an external authentication request were stored.
The implementation depended on the memory array being available in the
API struct with a use of memcpy() to copy the full structure even though
when only SSID and BSSID was needed. Fix this by replacing that
easy-to-break storing mechanism with explicit arrays for the exact set
of needed information.

Fixes: dd1a8cef4c ("Remove unnecessary copying of SSID and BSSID for external_auth")
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-04-28 16:24:32 +03:00
parent 9ff2b85e73
commit d42df8d6ce
2 changed files with 15 additions and 8 deletions

View file

@ -965,9 +965,9 @@ static void sme_send_external_auth_status(struct wpa_supplicant *wpa_s,
os_memset(&params, 0, sizeof(params)); os_memset(&params, 0, sizeof(params));
params.status = status; params.status = status;
params.ssid = wpa_s->sme.ext_auth.ssid; params.ssid = wpa_s->sme.ext_auth_ssid;
params.ssid_len = wpa_s->sme.ext_auth.ssid_len; params.ssid_len = wpa_s->sme.ext_auth_ssid_len;
params.bssid = wpa_s->sme.ext_auth.bssid; params.bssid = wpa_s->sme.ext_auth_bssid;
wpa_drv_send_external_auth_status(wpa_s, &params); wpa_drv_send_external_auth_status(wpa_s, &params);
} }
@ -1032,8 +1032,13 @@ void sme_external_auth_trigger(struct wpa_supplicant *wpa_s,
return; return;
if (data->external_auth.action == EXT_AUTH_START) { if (data->external_auth.action == EXT_AUTH_START) {
os_memcpy(&wpa_s->sme.ext_auth, data, if (!data->external_auth.bssid || !data->external_auth.ssid)
sizeof(struct external_auth)); return;
os_memcpy(wpa_s->sme.ext_auth_bssid, data->external_auth.bssid,
ETH_ALEN);
os_memcpy(wpa_s->sme.ext_auth_ssid, data->external_auth.ssid,
data->external_auth.ssid_len);
wpa_s->sme.ext_auth_ssid_len = data->external_auth.ssid_len;
wpa_s->sme.seq_num = 0; wpa_s->sme.seq_num = 0;
wpa_s->sme.sae.state = SAE_NOTHING; wpa_s->sme.sae.state = SAE_NOTHING;
wpa_s->sme.sae.send_confirm = 0; wpa_s->sme.sae.send_confirm = 0;
@ -1091,7 +1096,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
wpa_s->current_ssid, 2); wpa_s->current_ssid, 2);
else else
sme_external_auth_send_sae_commit( sme_external_auth_send_sae_commit(
wpa_s, wpa_s->sme.ext_auth.bssid, wpa_s, wpa_s->sme.ext_auth_bssid,
wpa_s->current_ssid); wpa_s->current_ssid);
return 0; return 0;
} }
@ -1110,7 +1115,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
wpa_s->current_ssid, 1); wpa_s->current_ssid, 1);
else else
sme_external_auth_send_sae_commit( sme_external_auth_send_sae_commit(
wpa_s, wpa_s->sme.ext_auth.bssid, wpa_s, wpa_s->sme.ext_auth_bssid,
wpa_s->current_ssid); wpa_s->current_ssid);
return 0; return 0;
} }

View file

@ -802,7 +802,9 @@ struct wpa_supplicant {
int sae_group_index; int sae_group_index;
unsigned int sae_pmksa_caching:1; unsigned int sae_pmksa_caching:1;
u16 seq_num; u16 seq_num;
struct external_auth ext_auth; u8 ext_auth_bssid[ETH_ALEN];
u8 ext_auth_ssid[SSID_MAX_LEN];
size_t ext_auth_ssid_len;
#endif /* CONFIG_SAE */ #endif /* CONFIG_SAE */
} sme; } sme;
#endif /* CONFIG_SME */ #endif /* CONFIG_SME */