This hostapd control interface command could hit a NULL pointer
dereference if issued before the BSS was enabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Number of hostapd control interface commands (e.g., STATUS-DRIVER) could
result in NULL pointer dereference when issued on not yet enabled BSS.
Fix this by checking that the driver interface has been initialized
before calling the driver_ops function.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When the RADIUS client has not yet been fully enabled, MIB command was
segfaulting hostapd.
Signed-off-by: Eduardo Abinader <eduardoabinader@gmail.com>
All the 3 control interfaces: socket based, dbus & binder needs to
perform the same sequence of steps for network add/remove. So, move
these to a common utility method in |wpa_supplicant.c| instead of
duplicating the code everywhere.
Signed-off-by: Roshan Pius <rpius@google.com>
Accoding to the comment of struct wpa_driver_mesh_bss_params, the
max_peer_links parameter should be under that struct.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This fragment defines how the Android init system should start hostapd
as a standalone service. Previously, hostapd was fork/exec'd from
Android's netd. This left hostapd with some dangling file descriptors
and a process parent minimally interested in acting as init for child
processes.
Signed-off-by: Christopher Wiley <wiley@google.com>
Previously, secondary channel offset could be non zero even though
disable_ht40=1. This patch fixes it.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Various checks should use is_multicast_ether_addr() instead
of hardcoding the equivalent, change it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Previously, driver_nl80211 sets NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT in
AP mode, to get EAPOL frames out unencrypted when using IEEE 802.1X/WEP.
However, due to the way nl80211/cfg80211 is implemented, this attribute
is ignored by the kernel if NL80211_ATTR_CONTROL_PORT_ETHERTYPE isn't
specified as well. Fix this by including
NL80211_ATTR_CONTROL_PORT_ETHERTYPE set to ETH_P_PAE. This can be done
unconditionally, since the kernel will allow ETH_P_PAE to be set even
when the driver didn't advertise support for arbitrary ethertypes.
Additionally, the params->pairwise_ciphers appear to not be set at
this point, so relax the check and allow them to be zero.
In client mode, this whole thing was missing, so add it. Again, the
pairwise suite can be WPA_CIPHER_NONE, so allow that case as well.
This fixed IEEE 802.1X/WEP EAP reauthentication and rekeying to use
unencrypted EAPOL frames which is the de facto way of implementing this
in wireless networks.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Commit 2d6a526ac3 ('tests: Make
ap_wps_er_http_proto more robust') tried to work around the timeouts
here, but that was not really the best approach since the one second
timeout that was used here for connect() ended up being very close to
the limit even before the kernel change. The longer connect() time is
caused by a sequence where the listen() backlog ignores the connection
instead of accept() followed by close() within the wpa_supplicant ER
HTTP connection handling. The time to retransmit the SYN changed a bit
in the kernel from 1.0 sec to about 1.03 sec. This was enough to push
that over the one second timeout.
Fix this by using a sufficiently long timeout (10 sec) to allow SYN
retransmission to occur to recover from the listen() backlog case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Move out the disconnect command handling from |ctrl_iface.c| to
|wpa_supplicant.c| so that it can be reused across the different
control interfaces (socket, dbus & binder).
Signed-off-by: Roshan Pius <rpius@google.com>
To be consistent with OpenSSL 1.1.0, the free functions should
internally check for NULL. EVP_MD_CTX_free also was missing an
EVP_MD_CTX_cleanup, so this leaked a little.
OpenSSL 1.1.0 also has given get_rfc3526_prime_1536 a better namespace
with get_rfc3526_prime_1536 as a compatibility-only name. Use that
instead in 1.1.0.
Signed-off-by: David Benjamin <davidben@google.com>
The new network profile parameter group_rekey can now be used to specify
the group rekeying internal in seconds for IBSS.
Signed-off-by: Jouni Malinen <j@w1.fi>
The musl implementation of inet_aton() returns an error if there are any
characters left after the IP address. When parsing the das_client, split
the string at the whitespace separator to be able to parse the address
successfully.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Do not include a NAS-Port attribute in Access-Request and
Accounting-Request packets where the Association ID (AID) is 0, i.e.,
not yet assigned or known.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Previously, the check for mgmt->bssid matching own address (= BSSID)
ended up rejecting the case where Public Action frames are using
Wildcard BSSID in the Address 3 field. This could result in GAS queries
being dropped. Fix this by allowing both the own address (= AP BSSID)
and Wildcard BSSID in Action frame Address 3 field.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the driver indicates a roamed event with already completed
authorization, altAccept = TRUE could have resulted in the EAP state
machine ending up in the FAILURE state from the INITIALIZE state. This
is not correct behavior and similar cases were already addressed for FT
and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching)
case by doing similar changes to EAPOL/EAP state variable updates during
association event handling.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like connect() for a TCP socket can time out at least with a
recent kernel. Handle that case more gracefully by ignoring that socket
while allowing the test to continue.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like it is possible for the separate started wpa_supplicant
process to remain running after a test case like fst_sta_config_default.
This would result in failures to run any following test case that uses
the wlan5 interface. Try to kill the process more thoroughly by waiting
for the PID file to show up and write more details into the logs to make
it easier to debug issues in this area.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit introduces a new vendor sub command
QCA_NL80211_VENDOR_SUBCMD_GET_HW_CAPABILITY and the associated
attributes to get Wi-Fi hardware capabilities.
Signed-off-by: Yingying Tang <yintang@qti.qualcomm.com>
This can be used to mandate the presence of the Message-Authenticator
attribute on CoA/Disconnect-Request packets.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Trying to open file for checking file existence seems to be too much.
Instead use access system call which is meant for the same.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
body_type, used to index in mka_body_handler, can be any u8 value, but
we have only ARRAY_SIZE(mka_body_handler) elements.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
This uses a more accurate variable type for body_type and makes it
cleaner to compare this to other unsigned values.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the memory allocation in ieee802_1x_kay_init_receive_sc() fails, we
end up in an inconsistent state where the peer is moved to the live
peers list and its sci is setup, but we don't have an rxsc.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
The room we actually use is length. This could also mess up the
receiver, since it will advance by the actual length (as indicated by
the parameter body's length), which could differ from the offset at
which we stored the next item.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
1. The comparison between SCI's of two servers with identical priority
is broken, and would always return TRUE. Just use os_memcmp(), which
provides the ordering we need.
2. If no peer can be key server but this instance can, then become the
key server.
3. The ordering of blocks between peer as key server and ourself as key
server overwrites settings. Simple reordering fixes this.
4. Default to being the key server, so that we advertise our ability in
the MKPDUs we send. That's the only way peers can know we can be key
server. Cleared automatically as soon as we find a better peer.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Add a ".clang-format" file which is pretty close to the rest of
wpa_supplicant code base and reformat the binder codebase.
Signed-off-by: Roshan Pius <rpius@google.com>
Restructure the binder related makefile sections to expose a separate
|libwpa_binder_interface| which can be imported by clients/tests.
While there,
Change the name of the binder service to the name used in the selinux
permissions.
Signed-off-by: Roshan Pius <rpius@google.com>
There's no need to have a separate variable and open-code a more
complicated version of this, just use is_broadcast_ether_addr().
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
