Commit graph

2889 commits

Author SHA1 Message Date
Hu Wang
e5a4b85b2f WPS: Merge mixed-WPA/WPA2 credentials if received in same session
Some deployed APs send two credentials when in mixed-WPA/WPA2
configuration; one for the WPA-Personal/TKIP and the other for
WPA2-Personal/CCMP. Previously, this would result in two network blocks
getting added for the single AP. This can be somewhat confusing and
unnecessary, so merge such credentials into a single one that allows
both WPA and WPA2 to be used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-29 20:25:18 +03:00
Chandrasekaran, Manishekar
4e5367516b P2P: Overwrite pending interface only after verifying BSS entry
Previously, the P2P Interface Address of the peer gets updated in the
peer table every time based on the scan results.

For example, in a two port concurrency scenario, where the peer device
has two interfaces with unique P2P Interface Addresses and with same P2P
Device Address, based on the Probe Response/Beacon frames from these two
interfaces, their peer table gets updated, but each of these updates
happens in the peer table only based on the P2P Device Address. So, the
same peer's P2P Interface address is updated every time and hence, at
any instant, only one P2P Device Address to P2P Interface Address
mapping entry exist in the peer table for the peer which has two
interfaces.

When we try to join a group operated by the peer, lookup happens in the
peer table and when an interface entry is not available, the pending
interface address gets overwritten with the P2P Device Address and hence
the P2P connection can fail. Since the BSS table is the one that is
up-to-date, this fix will ensure that the interface overwriting will
happen only when there is no BSS entry for the pending P2P Interface
Address as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-26 18:58:54 +03:00
Bojan Prtvar
1cc0d6a0eb wpa_supplicant: Use freq_list scan filtar in sched_scan
Global freq_list scan filtar was taken into account only by
req_scan and not by req_sched_scan. We want to allow the user
to limit the channels that wpa_supplicant will scan in req_sched_scan
requests as well.

Signed-off-by: Bojan Prtvar <bojan.prtvar@rt-rk.com>
2014-08-12 16:44:04 +03:00
Eduardo Abinader
4aa9c156e5 dbus: Close dbus dict just after appending data
Before fixing this issue, calling wpas_dbus_getter_p2p_device_config
was causing early termination of dbus connection, due to writing
values to an already closed dict.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-08-10 11:29:49 +03:00
Eduardo Abinader
af65bc36bb P2P: Use ssid instead of wpa_ssid to find GO iface
In order to find a GO interface, there has to be a
comparison among two SSIDs, instead of a wpa_ssid and
a ssid.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-08-10 11:04:08 +03:00
Tomasz Bursztyka
4a0693a4d5 dbus: Declare and implement GroupFinished as for GroupStarted
First for better concistancy but also to tell about the group_object
that is getting removed, thus the client will know about it and will be
able to act accordingly.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-07-31 17:20:56 +03:00
Jithu Jance
2fa980f0f1 P2P: Cancel pending action TX radio work on p2p_cancel
When p2p_cancel is invoked while the GO Negotiation Action TX was
pending, the p2p_send_action_work was not getting cleared.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-07-31 17:13:46 +03:00
Philippe Nunes
8b627b7c47 Fix writing of the wowlan_triggers parameter
The parameter wowlan_triggers is a global string and is not recognised
if it is embraced with double-quotes.

Signed-off-by: Philippe Nunes <philippe.nunes@linux.intel.com>
2014-07-31 17:03:33 +03:00
Jouni Malinen
8b65fefeed Interworking: Remove unnecessary placeholder for PAME-BI
The PAME-BI bit in the Advertisement Protocol element is reserved for
non-AP STA, so this function will never set that bit to one and as such,
there is not much point in maintaining the placeholder dead code for
this either. (CID 68107)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 20:28:03 +03:00
Jouni Malinen
52f4abfd06 P2P: Remove PSK/passphrase from P2P-GROUP-STARTED debug log entry
The PSK/passphrase are needed for the control interface events since the
upper layer UI component is required by the specification to be able to
make this available for manual configuration. However, this is not
needed in the INFO verbosity level debug entry, so split the event
generation into two parts.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 13:26:59 +03:00
Jouni Malinen
f8723e1e9f P2P: Use a helper function for P2P_EVENT_GROUP_STARTED events
This makes it easier to change the event message message for indication
when P2P group has stated and removes some duplicated code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 13:25:18 +03:00
Jouni Malinen
71a0e395b9 P2P: Make unrecognized vendor elements available in P2P_PEER
This allows external programs to use vendor specific information from
P2P peers without wpa_supplicant having to be able to parse and
understand all such vendor specific elements.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-08 15:57:30 +03:00
Jouni Malinen
86bd36f0d5 Add generic mechanism for adding vendor elements into frames
This adds following new control interface commands to allow arbitrary
vendor elements to be added into number of frames:

VENDOR_ELEM_ADD <frame id> <hexdump of elem(s)>
VENDOR_ELEM_GET <frame id>
VENDOR_ELEM_REMOVE <frame id> <hexdump of elem(s)>
VENDOR_ELEM_REMOVE <frame id> *

The following frames are supported in this commit (additional frames can
be added in the future):

0 = Probe Request frame in P2P device discovery
1 = Probe Response frame from P2P Device role
2 = Probe Response frame from P2P GO
3 = Beacon frame from P2P GO
4 = PD Req
5 = PD Resp
6 = GO Neg Req
7 = GO Neg Resp
8 = GO Neg Conf
9 = Invitation Request
10 = Invitation Response
11 = P2P Association Request
12 = P2P Association Response

One or more vendor element can be added/removed with the commands. The
hexdump of the element(s) needs to contain the full element (id, len,
payload) and the buffer needs to pass IE parsing requirements to be
accepted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-07 12:25:09 +03:00
Dmitry Shmidt
4ed3492206 PNO: Send Probe Request frames only for hidden SSIDs
Previously, offloaded scanning (PNO) on Android was including SSIDs from
all enabled networks regardless of the scan_ssid parameter which
resulted in different behavior for the offloaded case when comparing to
wpa_supplicant initiated scans.

Use the sched_scan match filter to allow broadcast SSID to be used for
scan_ssid=1 networks also with PNO to avoid running active scans for
SSIDs that have not been explicitly marked as requiring an SSID-specific
scan. This reduces exposure of configured network names on the device
when running offloaded scans while the host device is in sleep.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-07-03 16:44:43 +03:00
Jouni Malinen
8931a36ca4 P2P: Add explicit check for ssid->p2p_client_list != NULL
This would not really be needed since these functions check the pointer
above. However, this seems to be too difficult for some static analyzer,
so add the extra check to avoid false reports.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-03 00:53:13 +03:00
Dmitry Shmidt
e376290c66 HS 2.0R2: Add update_identifier field to network
This can be used to configure a Hotspot 2.0 Release 2 network externally
for a case where wpa_supplicant-based Interworking network selection is
not used and the update_identifier cannot be copied directly from a
cred.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-07-02 14:01:01 +03:00
Jouni Malinen
5bc285716e Fix some sparse warnings about u16 vs. le16
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:34:34 +03:00
Jouni Malinen
42619d68a6 Fix CTRL-EVENT-REGDOM-CHANGE event init= value
Incorrect field was used to determine the init=<value> in the regulatory
domain changed control interface event.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:09:00 +03:00
Jouni Malinen
a520bf4aeb Mark function static
This function is not used outside this file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:08:46 +03:00
Jouni Malinen
0cb79d355a dbus: Fix indentation level to match code logic
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:03:45 +03:00
Jouni Malinen
8f03ac9007 Mark functions static
These functions are not used outside this file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:03:22 +03:00
Li Jianyun
6891f0e6f4 Allow SCAN command to specify scan_ssid=1 SSIDs
The new "scan_id=<comma separated list of network ids>" parameter can
now be used to specify a list of network ids that have scan_ssid=1 to
indicate active scanning of the SSID. This adds the listed SSIDs to the
scan command to allow manual scan requests to perform active scans for
hidden SSIDs. For example, "SCAN scan_id=1,7,11" would run a scan with
the SSID fetched from the configured network blocks 1, 7, and 11
(assuming those are set with scan_ssid=1). The SSIDs will be included
even from network blocks that are currently disabled.

The maximum number of SSIDs added to the request is limited by the
driver support. If more than supported values are specified, the command
will fail (returns "FAIL").

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 12:52:08 +03:00
Jouni Malinen
19c48da06b Clear wpa_supplicant configuration keys explicitly
Use an explicit memset call to clear any wpa_supplicant configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
5dbbf36916 Interworking: Remove unnecessary dead increment
build_root_nai() will not be extended to write something after the
domain, so there is no need to update the pos pointer after the final
os_snprintf() call in the function. Remove this to make a static
analyzer happier.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
a1e46f320d Check for no key_mgmt/proto/auth_alg entries in config writer
This is not really necessary check, but it keeps a static analyzer
happier by avoiding dead increment. Doing it this way rather than
removing the increment is less likely to cause problems when new entries
are added here in the future (the "dead" increment would be very much
needed in those cases).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
290ea6a76e Remove unnecessary tracking of first entry
The pointer to the current position is enough to figure out whether the
proto string is the first one in the buffer. Removing the separate
tracking variable cleans up a static analyzer warning on dead
assignment.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
d3fa2bbb02 WFD: Explicit limit for subelement length (CID 68127)
This adds an explicit limit for the maximum Wi-Fi Display subelement
length for ASCII hexdump. This would not really be needed since the
buffer is already limited by maximum frame length. Anyway, since this
can make static analyzers happier and the subelement used with this
function is short, we may as well include an explicit check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
745ef18478 HS 2.0: Verify assoc_req_ie buffer size for indication elements
While the buffer is expected to be large enough for all the IEs, it is
better to check for this explicitly when adding the HS 2.0 Indication
element. (CID 68601)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
010fc5f507 dbus: Clean up array-array-type property getter
The previously used design was a bit too complex for static analyzers
(e.g., CID 68131, CID 68133) to understand which resulted in false
warnings about uninitialized memory. Avoid this by explicitly
initializing the pointer array to NULL and also skipping any invalid
NULL entry in the helper function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-29 18:20:13 +03:00
Tomasz Bursztyka
ea18024d78 dbus: Add PropertiesChanged signal to Peer object
This signal will be thrown when a Peer joins or leaves a group.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:28:14 +03:00
Tomasz Bursztyka
bf035663c9 dbus: Remove GroupMember object type and use Peer instead
GroupMember is unusable in itself and all the necessary informations are
stored in Peer objects, thus replace the use of GroupMember by Peer.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:19:12 +03:00
Tomasz Bursztyka
17a37d7110 dbus: Add a Groups property to a Peer object on which it belongs
If only the Peer is part of one or more group, this property will tell
those via listing their object paths.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:09:32 +03:00
Tomasz Bursztyka
6f04642fe3 P2P: Add utility functions to get GO/client interface
This will be useful for a peer to know if it is part of a group either
as a client of our local GO or as the peer GO.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:00:55 +03:00
Dmitry Shmidt
1de809e152 eapol_test: Fix -R option to not replace -s option value
Commit e9852462d5 ('eapol_test: Add PC/SC
reader and PIN command line arguments') did not add break to the switch
statement for the new -R command line option.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-06-28 10:51:29 +03:00
Johannes Berg
57a8f8af38 nl80211: Use low-priority scan for OBSS scan
Some drivers may support low-priority scans, if they do then
use that for OBSS scanning.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-06-22 00:47:06 +03:00
Jouni Malinen
1b928f96b6 P2P: Allow passphrase length to be configured
Previously, eight character random passphrase was generated
automatically for P2P GO. The new p2p_passphrase_len parameter can be
used to increase this length to generate a stronger passphrase for cases
where practicality of manual configuration of legacy devices is not a
concern.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-22 00:15:53 +03:00
Jouni Malinen
e9852462d5 eapol_test: Add PC/SC reader and PIN command line arguments
The new command line arguments -R<reader> and -P<PIN> can now be used to
specify which PC/SC reader (prefix match) and PIN are to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 22:46:28 +03:00
Jouni Malinen
5a620604f8 Use pcsc_reader configuration in one for scard_init() call
This allows PC/SC reader to be identified with the pcsc_reader
configuration parameter.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 22:45:31 +03:00
Jouni Malinen
3302b7c29f Rate limit SA Query procedure initiation on unprotected disconnect
There is no need to trigger new SA Query procedure to check the state of
the connection immediately after having performed such a check. Limit
the impact of burst of unprotected Deauth/Disassoc frames by starting a
new SA Query procedure only once at least 10 seconds has passed from the
previous SA Query that was triggered by reception of an unprotected
disconnection. The first SA Query procedure for each association does
not follow this rule to avoid issues with test cases that expect to see
an SA Query every time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-19 20:56:32 +03:00
Arik Nemtsov
38ddccae8f TDLS: Add ctrl_iface option for flushing all TDLS peers
"TDLS_TEARDOWN *" can now be used to tear down the direct links to all
TDLS peers. This is useful for debugging purposes.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-16 23:43:46 +03:00
Arik Nemtsov
947f900fb8 TDLS: Handle unreachable link teardown for external setup
If a link is unreachable, the specification mandates we should send a
teardown packet via the AP with a specific teardown reason. Force this
by first disabling the link and only then sending the teardown packet
for the LOW_ACK event.

Rename the TDLS LOW_ACK event handler to better reflect its purpose.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-16 23:34:06 +03:00
Jouni Malinen
fa21e6c35b Fix CONFIG_MODULE_TESTS=y build without CONFIG_P2P=y
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 19:35:22 +03:00
Jouni Malinen
bd10d93891 P2P: Clean up by moving ifdef CONFIG_P2P to p2p_suppplicant.h
This removes number of unnecessary #ifdef CONFIG_P2P blocks from generic
code by hiding the conditional build into p2p_supplicant.h with empty
inline functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 19:31:53 +03:00
Ilan Peer
e3bd6e9dc0 P2P: Use another interface operating channel as listen channel
Performing a P2P Device flow such as p2p_listen or
p2p_find, can degrade the performance of an active interface
connection, if the listen frequency is different than the
frequency used by that interface.

To reduce the effect of P2P Device flows on other interfaces,
try changing the listen channel of the P2P Device to match the
operating channel of one of the other active interfaces. This change
will be possible only in case that the listen channel is not forced
externally, and will be delayed to a point where the P2P Device
state machine is idle.

The optimization can be configured in the configuration file and
is disabled by default.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:46:11 +03:00
Ilan Peer
28812a8983 P2P: Try using one of the social channels for GO
In case there is no preference for the GO operating channel,
try using one of 1, 6, 11 (randomly), and only if the random
selection is not suitable traverse all the channels 1..11.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:33:52 +03:00
Avraham Stern
0a816e8cbf P2P: Remove duplicated code from get_shared_radio_freqs_data()
Remove the seperation between getting the local interface frequency and
other interfaces frequencies since going over all the radio interfaces
includes the local interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-06-15 00:21:41 +03:00
Jouni Malinen
504df28a1d Remove unused dump_freq_array()
This function is not used anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 00:21:41 +03:00
Ilan Peer
a0c90bb073 P2P: Collect and use extended data on used frequencies
When the number of frequencies supported by the kernel is bigger than
one, and there is a need to pick a frequency for a new flow such as P2P
GO Negotiation or P2P Invitation, the flow should be able to pick the
best frequency among all the frequencies currently used by the device.

In order to prioritize between the currently used frequencies, add
the ability to collect additional data about each used frequency
(if the frequency is used by a station interface or P2P Client)
and when needed select the best frequency, where:

1. Infrastructure interfaces have highest priority
2. P2P Client interfaces have higher priority over AP/GO
   interfaces.

The rational is that the frequency of an AP/GO can change while
that of a station interface cannot.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:21:40 +03:00
Avraham Stern
b278f323ed P2P: Remove unused code from get_shared_radio_freqs_data()
Remove the check for get_radio_name support from
get_shared_radio_freqs_data() since get_radio_name is no longer in use
in this function.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-06-15 00:21:40 +03:00
Jouni Malinen
25be28a375 dbus: Check return value more consistently (CID 62841)
Most of these calls are checked to return success and there is no reason
why these wouldn't, so be more consistent. This addresses CID 62841,
CID 62840, CID 62839, CID 62838, CID 62837, CID 62836.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 12:32:53 +03:00
Jouni Malinen
f62415df8a Note chmod() failure in debug log even in ignore case (CID 62843)
If this chmod() call fails, the global control interface is allowed to
be used since there was no change to its group. Anyway, it can be
helpful to note the error case in debug log instead of silently ignoring
it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 12:32:52 +03:00
Jouni Malinen
49d13df63c P2P: Fix wfd_dev_info parsing for P2P-DEVICE-FOUND (CID 68127)
Commit b125c48fce ('P2P: Add wfd_dev_info=
field for device found event') added Wi-Fi Display device info to the
P2P-DEVICE-FOUND events. However, it did not include proper bounds
checking in wifi_display_subelem_hex() and could accept subelements with
invalid length field values. This could result in buffer read overflow
of up to 64 kB and inclusion of heap memory in the local control
interface event and/or process crash due to invalid memory access. Fix
this by checking the validity of the length field before writing a
hexdump of the data.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 15:25:39 +03:00
Jouni Malinen
1851e17a64 dbus: Clean up P2P group vendor ext getter
The vendor_ext[i] = NULL setting did not make any sense since
num_vendor_ext should have been used to index the vendor_ext array. The
old code did not do any harm since i >= num_vendor_ext and none of the
already set entries could have been cleared. Anyway, better clean this
by making it skip the setting to NULL similarly to what was already done
in the P2P peer vendor ext getter.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:48:21 +03:00
Jouni Malinen
137ff332fd HS 2.0R2: Fix OSEN IE parsing for in cipher setup (CID 68132)
The OSEN code path hardcodes number of struct wpa_ie_data items.
However, it did not clear the full structure and some uninitialized
fields could have been used (e.g., ie.mgmt_group_cipher for a debug
print and ie.capabilities for checking MFPC). Fix this by clearing the
ie data before filling in the hardcoded OSEN values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:36:42 +03:00
Jouni Malinen
2703fb4ad9 WNM: Use cleaner way of generating pointer to a field (CID 68100)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
fb5d417178 P2P: Use cleaner way of generating pointer to a field (CID 68096)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
35c03184df P2P: Use cleaner way of generating pointer to a field (CID 68095)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
e987c70c85 dbus: Add explicit break statements to switch-default
There were couple of missing breaks in switch-default (before/after).
While these did not have any noticeable issues due to falling over to
the next step that just exited from the switch statement, it is cleaner
and more robust to have each case use an explicit break.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
6446420b24 dbus: Initialize temporary entry properly (CID 62877)
The tmpentry variable was not initialized and
_wpa_dbus_dict_entry_get_byte_array() does not set tmpentry.type, so it
would have been possible for the error path to end up trying to free
unexpected type of an entry or not free the memory at all.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
70d9537361 Use clearer way of getting pointer to a frame (CID 62835)
This avoids an incorrect ARRAY_VS_SINGLETON report for a case where a
pointer is taken to the specified field in a frame and not to a single
octet. Bounds checking was already handled separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:11 +03:00
Jouni Malinen
0e87e798b5 Fix HS20_GET_NAI_HOME_REALM_LIST hex length check (CID 68108)
Due to an incorrect operation (MOD vs. AND), the code that was supposed
to return an error if the hex string has odd length was not really
reporting any failures. Instead of reporting an error, the invalid
control interface command would have been truncated. This is not an
issue in practice, but better fix the implementation anyway.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:27 +03:00
Jouni Malinen
beb9e1171e dbus: Avoid theoretical memory leaks with duplicated dict entries
If a dict would include duplicated items, the parsing code here would
have leaked memory by overwriting old os_strdup() result with the new
one. Fix this by explicitly freeing the previous entry. This addresses
CID 62852, CID 62851, CID 62850, CID 62849, CID 62847, CID 62846.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:06 +03:00
Jouni Malinen
ceb4cd89c9 dbus: Fix a potential double-free in on error path (CID 62880)
It would have been at least theoretically possible to hit the first
error in the loop and end up jumping to error handling which would call
os_free(value) without the value having been cleared after the os_free()
call at the end of the previous loop iteration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:02 +03:00
Jouni Malinen
5519241676 GAS: Limit TX wait time based on driver maximum value
The GAS query TX operation used a fixed wait time of 1000 ms for the
reply. However, it would be possible for the driver to not support this
long remain-on-channel maximum. Limit this wait time based on driver
support, if needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-12 10:56:06 +03:00
Nirav Shah
d3b204694a P2P: Make the default p2p_find delay value configurable
This makes the p2p_find default delay value configurable as
p2p_search_delay parameter through the configuration file (and through
control interface "SET p2p_search_delay <value>" on the P2P management
interface.

This parameter controls the number milliseconds of extra delay that is
added between search iterations when there is a concurrent operation in
progress. This can be used, e.g., p2p_search_delay=100 to make p2p_find
friendlier to concurrent operations by avoiding it from taking 100% of
the radio resources. The default value is the previous default, i.e.,
500 ms. Smaller values can be used to find peers more quickly at the
cost of larger effect to concurrent operations while a larger value
leaves more time for the concurrent operations at the cost of making
device discovery take longer time.

The optional p2p_find delay argument can still be used to override the
search delay for each search operation.

Since the P2P_CONCURRENT_SEARCH_DELAY macro is not used anymore, the
driver specific build parameter for bcmdhd from Android.mk is also
removed. Similar configuration can now be achieved with
p2p_search_delay=0 in the p2p0 interface configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-09 19:43:26 +03:00
Jouni Malinen
a01acc50d5 Check for EVENT_ASSOC data to be present for AP mode operation
wpa_supplicant_event() is required to include the event data for AP mode
events. In theory, a non-AP mode event could be sent here from the
driver wrapper, so reject such event.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 19:15:50 +03:00
Jouni Malinen
0bbaa9b93f Validate driver extended capabilities length against buffer length
Prepare for new extended capabilities bits by checking that the local
buffer is large enough to contain all the bits the driver requests. The
existing buffers are large enough to include anything defined until now,
but it would be possible to add more definitions in the future, so
increase them a bit as well to make this more future proof.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 16:35:30 +03:00
Jouni Malinen
9c6c5589e0 Interworking: Reject EAP configuration with unsupported inner method
Instead of allowing the connection attempt to occur with an unsupported
inner method, check for that explicitly at the time the network block is
added and drop the network if the identified inner method is not
supported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 16:18:30 +03:00
Jouni Malinen
f2ca0e9770 Check eap_get_name() return against NULL to silence static analyzer
This cannot really be NULL in practice since cred->eap_method would
point to a valid EAP method. Anyway, to avoid false positive from
analyzers, check the pointer explicitly before printing it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 15:42:07 +03:00
Jouni Malinen
fb958ea76e Check current_ssid on unexpected association event
This is mainly to keep static analyzers silent since it does not look
like this code path can be reached in practice due to the way
association events are handled and current_ssid is either set before
resched here or the association is rejected. Anyway, if this could be
reached, the wpa_supplicant_set_wpa_none_key() call would end up
dereferencing a NULL pointer, so add an explicit check to make sure that
does not happen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 13:32:13 +03:00
Jouni Malinen
6a98f67369 ChangeLog entries for v2.2
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-04 16:08:37 +03:00
Jouni Malinen
d4b951f31b Fix offchannel TX not to retransmit pending frame on callback
If the offchannel TX frame command was offloaded to the driver in
offchannel_send_action(), we must not send another copy of the frame if
a remain-on-channel event happens to be delivered between this TX
command and the matching TX status event. It was possible for the
duplicated frame to cause problems, e.g., with P2P invitation exchange
if the same Invitation Request frame got sent twice and only the first
one getting accepted by the peer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-04 16:07:59 +03:00
Jouni Malinen
df48efc5ab Fix external radio work stopping to not read freed memory
The dynamically allocated struct wpa_external_work contains the name of
the radio work in the type field and this is used in a debug print
within radio_work_done(). Re-order radio_work_done() and os_free() calls
on couple of paths where the memory was freed before that final user of
the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-31 22:58:51 +03:00
Amit Khatri
9a17b36e55 tests: Makefile change avoiding compiler error for module test
wpa_supplicant was giving below error when "CONFIG_MODULE_TESTS=y" and
"CONFIG_P2P=y" are in .config file:
"wpas_module_tests.c:84: undefined reference to `wps_module_tests'"

This error is coming because "CONFIG_WPS=y" is commented out in .config
file but CONFIG_WPS is getting enabled by CONFIG_P2P in Makefile.

Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
2014-05-31 13:36:59 +03:00
Mikael Kanstrup
b77aeae732 Interworking: Re-trigger scan if no connect attempt is done
For one specific case when running with Interworking enabled the
re-initialisation of the scan timer is missing. This makes auto connect
to a configured network fail.

The case is:
- Interworking credentials available, but do not match
- Auto interworking is enabled (auto_interworking=1)
- Interworking auto select is disabled (i.e., this is from
  auto_interworking=1, not from INTERWORKING_SELECT auto)
- No configured (enabled and non blacklisted) networks are present
  in scan results list with full match
- Interworking finds matching networks (it does not do full security
  policy match)

This patch covers the case and re-initialises the scan timer to allow
search for a suitable network to continue.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2014-05-31 13:23:00 +03:00
Jouni Malinen
2d2dd488be tests: Add module tests for src/common
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-28 00:56:13 +03:00
Jouni Malinen
829a1b3296 P2P: Clear p2p_auth_invite after each persistent group invitation
This makes the operations more consistent when going through multiple
persistent group re-invocation sequences in a row. Each invitation needs
to be accepted separately if persistent reconnect is not enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 12:09:25 +03:00
Boris Sorochkin
e403ba859e Parse DMG capabilities when reporting to external interfaces
This adds [DMG] and [PBSS] flags for scan results and BSS table entries
using the IEEE Std 802.11ad-2012 updated definition of the Capability
field.

Signed-off-by: Boris Sorochkin <qca_bsoroc@qca.qualcomm.com>
2014-05-26 23:35:52 +03:00
Jouni Malinen
8860e0f47c tests: Add printf encoding/decoding module tests
This replaces tests/test-printf.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
7bb70909a2 Add DRIVER_EVENT AVOID_FREQUENCIES for testing
This can be used to simulate driver events indicating frequencies to
avoid.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Masashi Honma
f0356ec85c eloop: Add epoll option for better performance
This patch adds epoll option for the eloop implementation. This can be
selected with the CONFIG_ELOOP_EPOLL=y build option.

[merit]
See Table1.

Table1. comparison table
+--------+--------+-----------+------------+-------------+
|        | add fd | remove fd | prepare fd | dispatch fd |
+--------+--------+-----------+------------+-------------+
| select | O(1)   | O(1)      | O(N)       | O(N)        |
+--------+--------+-----------+------------+-------------+
| poll   | O(1)   | O(1)      | O(N)       | O(N)        |
+--------+--------+-----------+------------+-------------+
| epoll  | O(1)   | O(1)      | 0          | O(M)        |
+--------+--------+-----------+------------+-------------+
"add fd" is addition of fd by eloop_sock_table_add_sock().
"remove fd" is removal of fd by eloop_sock_table_remove_sock().
"prepare fd" is preparation of fds before wait in eloop_run().
"dispatch fd" is dispatchment of fds by eloop_sock_table_dispatch().
"N" is all watching fds.
"M" is fds which could be dispatched after waiting.

As shown in Table1, epoll option has better performance on "prepare fd" column.
Because select/poll option requires setting fds before every select()/poll().
But epoll_wait() doesn't need it.

And epoll option has also better performance on "dispatch fd" column.
Because select/poll option needs to check all registered fds to find out
dispatchable fds. But epoll option doesn't require checking all registered fds.
Because epoll_wait() returns dispatchable fd set.

So epoll option is effective for GO/AP functionality.

[demerit]
The epoll option requires additional heap memory. In case of P2P GO, it is
about 8K bytes.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-05-16 18:25:51 +03:00
Tomasz Bursztyka
68d270069f dbus: No need to recompute group object path on GroupStarted signal
The group object is already registered on DBus at that point, thus wpa_s
structure holds its path already.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:20:17 +03:00
Tomasz Bursztyka
f3734e2377 dbus: Provide the P2P Device Address from the relevant structure
Fixes a minor mistake: the p2p_info structure should be used here
instead of the peer_handler_args one.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:19:37 +03:00
Tomasz Bursztyka
e956b830fc dbus: Fix interface DeviceFound signal specification
DeviceFound does not provide any properties, just the peer object path.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:19:10 +03:00
Tomasz Bursztyka
fc591a771c dbus: Declare GONegotiation signals properly
These signals delivers an array of key/value pairs, thus declaring those
as it should.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:18:39 +03:00
Dmitry Shmidt
b19c098e75 Send authentication failure reason in wpas_auth_failed()
"WRONG_KEY"   - possibly wrong psk
"AUTH_FAILED" - authentication failure
"CONN_FAILED" - continiuos connection failure

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-05-16 18:08:39 +03:00
Eduardo Abinader
5516ed32c5 WPS: Deinit before wpas_p2p_disconnect()
When there is a pending WPS negotiation for P2P and signal interrupt is
triggered, invalid read occurs in wpas_wps_terminate_pending() if
wpas_p2p_disconnect() removed the interface. Inverting deinit order
solves the issue.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-05-16 01:03:44 +03:00
Jouni Malinen
e9eb648e0e P2P: Reject P2P_FIND and P2P_LISTEN on disabled interface
This makes the P2P operations behave more consistently with the SCAN
command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 21:34:32 +03:00
Jouni Malinen
c71c241674 P2P: Clear P2P state if active interface is disabled
The radio works for the interface get removed if interface is disabled.
This could have left P2P module in invalid state if the interface got
disabled during a p2p_find or p2p_listen operation. Clear the state in
such a case to avoid blocking following operations due to P2P module
assuming it is still in progress of doing something.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 21:32:54 +03:00
Jouni Malinen
ad12f2f422 Add DRIVER_EVENT ctrl_iface command for testing purposes
This new command can be used to simulate driver events without having to
go through the driver wrapper or kernel code for this. This enables more
testing coverage with hwsim.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 21:09:48 +03:00
Jouni Malinen
3e66f78914 P2P: Make sure GO start does not miss connect_without_scan
It looks like there was a possible sequence for wpa_s->scan_req to be
MANUAL_SCAN_REQ at the moment a GO is to be started. This could result
in the "Request scan (that will be skipped) to start GO" to actually not
skip the scan and end up stuck waiting for something external to trigger
a scan before the GO could be started. Fix this by clearing
wpa_s->scan_req when deciding to start the GO.

This issue could be hit at least by first enabling autoscan and then
issuing P2P_GROUP_ADD. Other sequences that set wpa_s->scan_req to
MANUAL_SCAN_REQ without going through wpa_supplicant_scan() to clear it
immediately could also have similar effect (and there is even a small
window for the wpa_supplicant_scan() call to happen only after the
P2P_GROUP_ADD command is processed, so this could potentially have
happened even with SCAN + P2P_GROUP_ADD).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-15 16:56:49 +03:00
Rashmi Ramanna
28fa4eb2b2 P2P: Fix scan optimization for GO during persistent group invocation
Commit 41d5ce9e0b was intended to scan for
GO on the negotiated channel for few iterations, but it did not work
correctly due to incorrect operator being used. Fix this by requiring
both conditions to be met for the single channel scan.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-13 15:49:06 +03:00
Edhar, Mahesh Kumar
7b42862ac8 P2P: Validate GO operating channel on channel list changes
On receiving CHANNEL_LIST_CHANGED event from driver, verify that local
GO (if any) is operating in valid frequency. If not, we should remove
the group and reform on valid frequency. Indicate this similarly to the
avoid-frequency notification (i.e., a control interface message for
upper layers to react to this for now; potentially CSA later).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-12 19:43:59 +03:00
Alexandru Costache
fb2ac53df1 Remove leftover timeouts on cleanup
Signed-off-by: Alexandru Costache <alexandru.costache.100@gmail.com>
2014-05-12 19:43:59 +03:00
Dmitry Shmidt
1c330a2fdc Add 'dup_network <id_s> <id_d> <name>' command
This command allows to copy network variable from one network to
another, e.g., to clone the psk field without having to extract it from
wpa_supplicant.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-05-12 19:43:56 +03:00
Hannu Mallat
316f92cd33 dbus: Reorder deauthentication and cleanup calls when removing a network
Valgrind indicates reference to already freed memory if function
wpa_config_remove_network() is called prior to calling
wpa_supplicant_deauthenticate(), and this can lead to a crash.
Inverting the call order fixes the problem.

Signed-off-by: Hannu Mallat <hannu.mallat@jollamobile.com>
2014-05-12 18:05:38 +03:00
Jouni Malinen
cfdb32e88f eapol_test: Check EAP-Key-Name
The new command line argument -e can be used to request the server to
send EAP-Key-Name in Access-Accept. If both the local EAP peer
implementation and server provide the EAP Session-Id, compare those
values and indicate in debug log whether a match was seen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:22:37 +03:00
Jouni Malinen
270c9a43e6 Interworking: Allow FT to be used for connection
This extends Interworking network selection to enable FT-EAP as an
optional key_mgmt value to allow FT to be used instead of hardcoding
WPA2-Enterprise without FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 16:15:20 +03:00
Eduardo Abinader
81ed4991ae Remove duplicated ibss_rsn_deinit() call
No need to call ibss_rsn_deinit() again since it is already being called
by wpa_supplicant_mark_disassoc().

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-05-10 13:48:34 +03:00
Sunil Dutt
0f1034e388 P2P: Refrain from performing extended listen during P2P connection
Do not perform extended listen period operations when either a P2P
connection is in progress. This makes the connection more robust should
an extended listen timer trigger during such an operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00