Commit graph

9126 commits

Author SHA1 Message Date
Jouni Malinen
86a7fbb2c1 Verify that eloop_register_read_sock() succeeds for ctrl_iface setup
This allows faster detection of a case where a memory allocation fails
within eloop.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 02:34:08 +02:00
Jouni Malinen
27d9701dea Fix a memory leak on WPA authenticator error path
wpa_auth->group needs to be freed if PMK cache setup fails.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 02:34:08 +02:00
Jouni Malinen
c1c07dcb70 Fix hostapd interface addition error path
The local conf pointer needs to be cleared once it gets assigned to
hapd_iface to avoid double-free of the configuration data on error path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 02:34:08 +02:00
Jouni Malinen
6a964b7560 tests: Make scan_random_mac more robust
There is a race condition between wlantest having received and written
the sniffer log and this test case using tshark to process it. Wait one
second before running tshark to make it less likely to get truncated
results that can result in the test case failing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 16:31:22 +02:00
Jouni Malinen
51c5aeb42a tests: Convert "hwsim-SKIP" exception to use a custom class
This makes the design a bit cleaner for catching the exceptions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 16:31:22 +02:00
Jouni Malinen
910eb5b525 tests: Import dbus module in a cleaner way
There is no need to use prepare_dbus() function to check whether the
dbus module can be imported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:29:25 +02:00
Jouni Malinen
a156ffda61 Add support for testing memory allocation failures
The new control interface command TEST_ALLOC_FAIL and GET_ALLOC_FAIL can
now be used to trigger memory allocation failures for testing purposes.
TEST_ALLOC_FAIL sets a failure conditions with
<count>:func[;func][;func]... string and GET_ALLOC_FAIL returns the
current state using the same format. Whenever an allocation is made with
a matching backtrace of calling functions, the count is decremented by
one and once zero is reached, the allocation is forced to fail.

Function names can be prefixed with either '=' or '?' to get different
matching behavior. '=' requires this specific function to be the next
one in the backtrace (i.e., do not skip any other functions in the list
which is the default behavior). '?' allows the function to be optionally
present in the backtrace.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:43 +02:00
Jouni Malinen
52b3943c94 D-Bus: Fix interface unregistration on error path
It is possible for this function to get called even if D-Bus
registration had failed, so the path can be NULL here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:01 +02:00
Jouni Malinen
96dc9a6d42 D-Bus (old): Fix interface unregistration on error path
It is possible for this function to be called even if D-Bus interface
registration has failed. Avoid a D-Bus assert in such a case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:01 +02:00
Jouni Malinen
ef0355780a Fix memory leak on wpa_supplicant_init_wpa() error path
If wpa_sm_init() fails, the context data needs to be freed in the
caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
52a80583ba TDLS: Fix an interface addition error path
It is possible for wpa_tdls_teardown_peers() to be called with sm ==
NULL in case interface addition fails before the WPA state machine is
initialized.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
f2d57282ad D-Bus: Fix string array dict entry parser in out-of-memory case
entry->strarray_value was left to point to freed memory in case
os_realloc_array() failed. This resulted in the following
wpa_dbus_dict_entry_clear() trying to free an already freed memory area.
In addition, the separately allocated strings in the array would have
been leaked in such a case. Furthermore, wpa_dbus_dict_entry_clear() was
not prepared for the possibility of the initial os_calloc() call failing
and entry->strarray_value being NULL without array_len being cleared to
zero. That would have resulted in reading uninitialized memory and NULL
pointer dereference.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
c61bc23aa2 D-Bus: Fix byte array dict entry parser in out-of-memory case
entry->bytearray_value was left to point to freed memory in case
os_realloc_array() failed. This resulted in the following
wpa_dbus_dict_entry_clear() trying to free an already freed memory area.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
dacf605812 D-Bus: Fix Introspect() in case of os_strdup() failure
add_interface() did not check for os_strdup() return value and could end
up dereferencing a NULL pointer if memory allocation failed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
68a866974b D-Bus (old): Fix wpsReg error message
This was supposed to return WpsRegError, not WpsPbcError.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
f0614bc6c6 D-Bus (old): Fix message handler error paths
The error reply needs to be sent out as a response. The "out" label was
in incorrect place to allow that to happen; instead, it ended up leaking
memory for the generated reply message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
a2af1c70c5 D-Bus (old): Fix memory leak on error path
If setSmartcardModules() fails to allocate memory with os_strdup(), the
allocated items in the dict entry were not freed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
3d2e2d5d63 trace: Fix compiler warning on 32-bit builds with bfd support
With CONFIG_WPA_TRACE_BFD, the type cast from void* to integer was
generating a compiler warning due to the target integer being larger in
size in case of 32-bit builds. Type case to bfd_hostptr_t instead of
directly to bfd_vma to avoid this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 18:30:20 +02:00
Jouni Malinen
b9f6560f38 eloop: Fix WPA_TRACE tracking in case of realloc failure
The socket reference tracking entries need to be restored in case
os_realloc_array() fails when adding a new eloop socket.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 18:30:20 +02:00
Jouni Malinen
e10422c025 Fix memory leak on hostapd BSS addition error path
The per-BSS configuration information needs to be freed if hostapd fails
to add a new interface for a BSS added with "ADD bss_config=..."
command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 18:30:20 +02:00
Jouni Malinen
2801659268 Fix hostapd initialization error path on allocation failure
If hostapd_alloc_bss_data() failed to allocate the struct hostapd_data
instance, dynamic interface addition path ended up trying to dereference
freed memory due to incorrect cleanup steps. Fix this by decrementing
the interface count when the newly added interface is removed. In
addition, make the setup more robust by clearing all changes within
hostapd_data_alloc() if any of the allocations fails.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 18:30:20 +02:00
Jouni Malinen
d58ade2121 nl80211: Fix compilation with libnl 1.1 and 2.0
Unfortunately, libnl 3.0 has changed the API in a way that is not
backwards compatible by renaming nlmsg_len() to nlmsg_datalen() without
leaving the older nlmsg_len() defined. As such, there does not seem to
be any clean way of using this function without breaking the build with
some libnl versions. For now, replace this call with direct calculation
of the data length since it can be done with a simple one-liner that
compiles with all libnl versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 18:30:20 +02:00
Jouni Malinen
c975e1c1da tests: Additional bgscan coverage
Verify error cases in bgscan module parameters. Increase learn bgscan
module coverage with parsing of the saved data and probe frequency
selection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 02:49:13 +02:00
Jouni Malinen
51f3427019 crypto: Clear temporary stack buffers after use
This reduces possibility of exposure of private keys should something
get access to stack memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 02:49:13 +02:00
Jouni Malinen
77a2c3941e crypto: Clear temporary heap allocations before freeing
This reduces the time private keys may remain in heap memory after use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 02:49:13 +02:00
Jouni Malinen
a15a7fcf69 DH: Clear memory explicitly on private key deinit
Remove any DH private key from heap memory after use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 18:03:40 +02:00
Jouni Malinen
77c45e2b35 Add wpabuf_clear_free() to allow clearing of freed memory
This can be useful when a wpabuf is used to store private data that
should not be left in heap after use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 18:02:04 +02:00
Jouni Malinen
59be78ef93 tests: Move SHA256 test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 17:34:20 +02:00
Jouni Malinen
4b462a0226 tests: Move SHA1 test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 17:29:00 +02:00
Jouni Malinen
a90c7d91a0 OpenSSL: Fix pbkdf2_sha1() wrapper
This was supposed to use the iterations parameter from the caller
instead of the hardcoded 4096. In practice, this did not have problems
for normal uses since that 4096 value was used in all cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 17:27:08 +02:00
Jouni Malinen
896e1b836f tests: Move MD5 test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 17:12:27 +02:00
Jouni Malinen
88fc0dca98 tests: Move ms_funcs test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 17:05:42 +02:00
Jouni Malinen
5c0ff9f9a3 tests: Add some of the AES ECB mode test cases from CAVS 11.1
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 16:57:57 +02:00
Jouni Malinen
1244408401 tests: Move AES key wrap/unwrap test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 16:35:59 +02:00
Jouni Malinen
477f83131f tests: Move AES-CBC test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 16:28:46 +02:00
Jouni Malinen
e438fb0d3a tests: Move AES-128 EAX mode test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 16:24:42 +02:00
Jouni Malinen
6c33962dd1 tests: Additional OMAC1-AES module test coverage
This verifies couple of corner cases with short vector entries in the
OMAC1-AES implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 16:15:23 +02:00
Jouni Malinen
304d40e904 tests: Move OMAC1-AES test cases into hwsim module tests
This makes sure the test cases are executed automatically with rest of
the hwsim tests.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 16:02:08 +02:00
Jouni Malinen
942b75468d tests: Add module tests for AES-SIV
This moves the AES-SIV test case from tests/test-aes.c to be part of
wpa_supplicant module testing framework with a new
src/crypto/crypto_module_tests.c component. In addition, the second test
vector from RFC 5297 is also included for additional coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 15:50:53 +02:00
Jouni Malinen
f6ebbcf62a AES-SIV: Make aes_s2v() static
This function is not used outside aes-siv.c. In addition, include the
aes_siv.h header to make sure that functions get declared consistently.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 15:22:36 +02:00
Jouni Malinen
dcf8fbc058 nl80211: Simplify event processing error paths
These are practically unreachable code since cfg80211 fills in the
required attributes or does not send the event. Keep the checks in
place, but minimize the extra code in wpa_supplicant/hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 13:40:07 +02:00
Jouni Malinen
38751d8bd5 nl80211: Remove cfg80211 state mismatch workaround for authentication
cfg80211 dropped support for tracking BSS authentication state and
setting NL80211_BSS_STATUS_AUTHENTICATED in 'cfg80211: stop tracking
authenticated state' three years ago (starting in Linux 3.4). As such,
this workaround code in wpa_supplicant cannot be reached anymore. There
is no real need for maintaining it for older kernels either, since there
are other ways of detecting and working around state mismatches with the
actual authentication operations failing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 12:21:12 +02:00
Jouni Malinen
64ae244763 nl80211: Check support for rekey offload on first use
While there is no explicit driver capability advertisement for this in
nl80211, the EOPNOTSUPP response can be interpreted as a clear
indication of NL80211_CMD_SET_REKEY_OFFLOAD not being supported. Check
for that and don't try to offload keys again if the driver has not use
for them.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 12:00:09 +02:00
Jouni Malinen
8aeb6e3dbc tests: MAC_RAND_SCAN with valid and invalid arguments
This verifies that random MAC address is used as requested in Probe
Request frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-04 23:06:58 +02:00
Ilan Peer
8b48e32006 wpa_cli: Add MAC address randomization in scan
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Ilan Peer
fb375883f4 ctrl_iface: Add MAC address randomization in scan processing
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Ilan Peer
56c76fa592 scan: Add MAC address randomization in scan handling
1. Supported MAC address randomization for scan.
2. Supported MAC address randomization for scheduled scan.
2. Supported MAC address randomization for pno.
4. Add functions to set and clear the MAC address randomization
   state variables.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Ilan Peer
86056fea63 nl80211: Handle MAC address randomization in scan/sched_scan
1. Process supported driver capabilities.
2. Populate scan request with MAC address randomization data

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Ilan Peer
ff23ed221d driver: Add definitions for MAC address randomization in scan
1. Add parameters to the scan command to allow MAC address
   randomization during scan and scheduled scan.
2. Add capability bits to publish MAC address randomization support
   in scan and scheduled scan.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 21:46:38 +02:00
Jouni Malinen
5434f07c20 tests: TDLS channel switching
Verify correct behavior with invalid commands. In addition, allow minor
mac80211_hwsim modifications to be used to enable testing of the driver
interface to enable and disable channel switching.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-04 21:46:38 +02:00