Commit graph

13869 commits

Author SHA1 Message Date
Jouni Malinen
0f09637001 OpenSSL: Fix memory leak in subjectAltName parsing
The parsed data from X509_get_ext_d2i() needs to be freed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 00:35:20 +02:00
Jouni Malinen
e60913b600 curl: Fix memory leak in subjectAltName parsing
The parsed data from X509_get_ext_d2i() needs to be freed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 00:33:27 +02:00
Jouni Malinen
6014890bfb OpenSSL: Fix memory leak with EVP_CIPHER_CTX_new()
Commit 1eb87ae48d ('OpenSSL: Use
EVP_CIPHER_CTX_new() to work with OpenSSL 1.1.0') started using
EVP_CIPHER_CTX_new() to allocate EVP_CIPHER_CTX from heap instead of
using stack memory. This commit used incorrect EVP_CIPHER_CTX_reset()
function in number of cases when the allocated memory was supposed to be
freed instead of just reset for reuse. Fix this by using
EVP_CIPHER_CTX_free() properly.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 00:30:43 +02:00
Jouni Malinen
99a17351c7 rfkill: Fix a memory leak
rfkill_init() uses realpath() which allocates memory and that memory was
not freed on the success path.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 00:14:47 +02:00
Jouni Malinen
1f1e599b3b OpenSSL: Fix memory leak on error path
If SSL_CTX_new(SSLv23_method()) fails, tls_init() error path did not
free the allocated struct tls_data instance.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-15 21:53:33 +02:00
Lior David
b907491281 wpa_supplicant: Basic support for PBSS/PCP
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.

Add a new "pbss" argument to network block. The argument is used
in the following scenarios:
1. When network has mode=2 (AP), when pbss flag is set will start
as a PCP instead of an AP.
2. When network has mode=0 (station), when pbss flag is set will
connect to PCP instead of AP.

The function wpa_scan_res_match() was modified to match BSS according to
the pbss flag in the network block (wpa_ssid structure). When pbss flag
is set it will match only PCPs, and when it is clear it will match only
APs.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-02-08 22:23:56 +02:00
Lior David
86b5c400a0 nl80211: Basic support for PBSS/PCP
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.

Add a pbss flag to the relevant structures to support starting a PCP and
connecting to a PCP. Implement support in the nl80211 driver by using
the new PBSS flag attribute.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-02-08 22:16:04 +02:00
Jouni Malinen
afa453a28a Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2016-01-28.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-08 22:12:57 +02:00
Jouni Malinen
0918fe4dda tests: EAP state machine status information
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 21:26:15 +02:00
Jouni Malinen
2f60d1985f tests: Additional EAP-Finish local error coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 21:05:02 +02:00
Jouni Malinen
d1d8a2bd62 EAP peer: Simplify buildNotify return
There is no need for the local variable and two return statements.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 21:01:41 +02:00
Jouni Malinen
7dbd2c6c69 tests: EAP Notification errors
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 21:01:06 +02:00
Jouni Malinen
1314bc11cf Clean up EAP peer PCSC identity functions
Leave out more code if PCSC_FUNCS is not defined since config->pcsc != 0
case cannot be used with such a build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 20:51:04 +02:00
Jouni Malinen
b81e50cddb tests: EAP-Nak special cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 20:43:48 +02:00
Jouni Malinen
bd3948c0eb tests: Memory allocation failing for expanded EAP-Nak
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 20:35:35 +02:00
Jouni Malinen
3d85fd5a12 tests: EAP-Success/Failure prior to any EAP method
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 20:27:13 +02:00
Jouni Malinen
307993f770 tests: ERP init error case on allocation failure
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 20:16:04 +02:00
Nick Lowe
c06c9099f0 Use stronger PRNG for MS-MPPE-Send/Recv-Key salt
When generating a MS-MPPE-Send/Recv-Key, don't use a weak PRNG for the
salt.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-07 18:18:49 +02:00
Jouni Malinen
9e1f1bdb6f eloop: Clean up coding style for eloop debug prints
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 18:09:21 +02:00
Roy Marples
f9982b3212 Implement kqueue(2) support via CONFIG_ELOOP_KQUEUE
NOTE: kqueue has to be closed and re-build after forking. epoll *should*
do the same, but it seems that wpa_supplicant doesn't need it at least.

I have re-worked a little bit of the epoll code (moved into a similar
kqueue function) so it's trivial to requeue epoll if needed in the
future.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-07 18:09:19 +02:00
Roy Marples
2e69bdd16a eloop: Add eloop_sock_requeue()
This function can be used to re-build eloop socket tables after forking
for eloop implementations that need this.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-07 12:38:04 +02:00
Jörg Krause
70f4f052f1 wpa_ctrl: Retry select() on EINTR
Retry select() if it was interrupted by a signal.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2016-02-07 12:20:38 +02:00
Lubomir Rintel
df9e2c2a55 D-Bus: Don't do <deny send_interface="..." /> in dbus service file
It does more than intended; apart from denying messages to that
particular interface it also denies all messages non-qualified with an
interface globally. This blocks messages completely unrelated to
wpa_supplicant, such as NetworkManager communication with the VPN
plugins.

From the dbus-daemon manual:

  Be careful with send_interface/receive_interface, because the
  interface field in messages is optional. In particular, do NOT
  specify <deny send_interface="org.foo.Bar"/>! This will cause
  no-interface messages to be blocked for all services, which is almost
  certainly not what you intended. Always use rules of the form: <deny
  send_interface="org.foo.Bar" send_destination="org.foo.Service"/>

We can just safely remove those rules, since we're sufficiently
protected by the send_destination matches and method calls are
disallowed by default anyway.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2016-02-07 11:55:09 +02:00
Jouni Malinen
fe28ed3f29 tests: Secure mesh network plink counting during reconnection
This verifies that num_plinks is decremented properly if a peer mesh STA
reconnects without closing the link explicitly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-06 21:25:52 +02:00
Srinivasa Duvvuri
9684c7567e mesh: Fix peer link counting when a mesh peer reconnects
When a mesh point reconnects by starting from Authentication frame
sequence, the plink count was not decremented from its last connection.
This resulted in leaking peer link count and causing wpa_supplicant to
reject the connection after max_peer_links (default: 99) reconnects.

This was reproduced by pre-configuring 2 mesh points with mesh
credentials. Boot both mesh points and make sure they connect to each
other. Then in a loop reboot one of the mesh points after it
successfully connects while leaving the other mesh point up and running.
After 99 iterations the supplicant on mesh point that is not rebooting
will reject the connection request from the other mesh point.

Fix this by decrementing num_plinks when freeing a STA entry that is
still in PLINK_ESTAB state.

Signed-off-by: Srinivasa Duvvuri <sduvvuri@chromium.org>
2016-02-06 21:22:29 +02:00
Avraham Stern
83fe38b011 P2P: Fall back to no VHT when starting AP/P2P GO
In cases where the bandwidth is not set when starting an AP/P2P GO,
the code tries to use 160 MHz or 80 MHz channels. As a result, the
AP/P2P GO configuration is set to use these channel widths even if
they are not available, which may results in failing to start the
AP/P2P GO.

Fix this by changing the AP/P2P GO configuration not to use VHT channels
when they are not available. In this case the AP/P2P GO will use a 40
MHz channel, if available, or a 20 MHz channel, if this is the maximum
available width.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-06 18:23:33 +02:00
Avraham Stern
360a9d5a8f P2P: Reduce off channel wait time for some P2P Action frames
Setting a long off channel wait time for P2P Action frames when
we know we are already on the right channel may cause a delay in
sending the Action frame (because the driver may not be able to
satisfy the request for long wait time until previous off channel
requests are over). This may be crucial for P2P response frames
that must be sent within 100 milliseconds of receiving the request.

Fix this by adjusting P2P Action frame wait times as follows:

 1. For GO Negotiation Response frame, shorten the wait time to 100 ms.
    This is reasonable because the peer has just sent us the GO
    Negotiation Request frame, so it is known to be on the right
    channel and is probably ready to send us the GO Negotiation
    Confirmation frame without delay.
 2. For GO Negotiation Confirmation, P2P Invitation Response, and
    Provision Discovery Response frames, there is no need for wait
    time at all as this is the last frame in the exchange. So set
    the wait time to 50 ms to ensure there is enough time to send the
    frame.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-06 18:19:03 +02:00
Jouni Malinen
1fc63fe299 RADIUS: Share a single function for generating session IDs
There is no need to maintain three copies of this functionality even if
it is currently implemented as a single function call.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-06 17:19:35 +02:00
Nick Lowe
2cbc6ffb3a RADIUS: Redesign Request Authenticator generation
Simplify and make properly random the generation of the Request
Authenticator.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-06 17:19:35 +02:00
Nick Lowe
b71a64aa01 Send an Acct-Multi-Session-Id attribute in Access-Request packets
Previously, this was included only in Accounting-Request packets.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-06 17:13:21 +02:00
Nick Lowe
4260e1a1ff Add Acct-Session-Id to Accounting-On/Off
An Acct-Session-Id is required on Accounting-On and Accounting-Off forms
of Accounting-Request.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-06 17:11:01 +02:00
Nick Lowe
d72a00539c RADIUS: Use more likely unique accounting Acct-{,Multi-}Session-Id
Rework the Acct-Session-Id and Acct-Multi-Session-Id implementation to
give better global and temporal uniqueness. Previously, only 32-bits of
the Acct-Session-Id would contain random data, the other 32-bits would
be incremented. Previously, the Acct-Multi-Session-Id would not use
random data. Switch from two u32 variables to a single u64 for the
Acct-Session-Id and Acct-Multi-Session-Id. Do not increment, this serves
no legitimate purpose. Exclusively use os_get_random() to get quality
random numbers, do not use or mix in the time. Inherently take a
dependency on /dev/urandom working properly therefore. Remove the global
Acct-Session-Id and Acct-Multi-Session-Id values that serve no
legitimate purpose.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-06 17:10:19 +02:00
Jouni Malinen
d689317ddb EAPOL auth: Move radius_cui/identity freeing to eapol_auth_free()
These can get allocated within eapol_auth_alloc(), so it is more logical
to free them in eapol_auth_free() instead of ieee802_1x_free_station()
that ends up calling eapol_auth_free().

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-06 16:32:22 +02:00
Roshan Pius
0ae86f9043 wpa_supplicant: Fix couple of C++ compiler errors with header files
Need to include these headers in C++ files for adding a binder interface
to wpa_supplicant. So, fix the following C++ compiler errors in them:
1. Add explicit C-style casts in wpa_buf.h header.
2. Move the nested definition of wpa_driver_scan_ssid in driver.h
outside of wpa_driver_scan_params because it is used in another
structure below.

Signed-off-by: Roshan Pius <rpius@google.com>
2016-02-06 15:26:48 +02:00
Jouni Malinen
592790bf15 tests: Additional EAP-FAST PAC coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-06 13:23:42 +02:00
Nick Lowe
9b6177a891 Add Event-Timestamp to all Accounting-Request packets
Event-Timestamp should be sent for all Accounting-Request packets and
only after the system clock has a sane value, not where there's a value
close to the Unix time epoch.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-06 01:24:59 +02:00
Max Stepanov
d179089b6d GAS: Calculate response buffer length of ANQP elements
Calculate the required length needed for the extra ANQP elements added
to GAS response buffer instead of using fixed size and truncating the
response if there was not sufficient space.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2016-02-06 01:19:32 +02:00
Jouni Malinen
31dd315382 tests: PKCS#12 with extra certs on the server
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-06 01:14:43 +02:00
Ayala Beker
dda091cf51 OpenSSL: Fix server side PKCS#12 processing with extra certificates
Fix a possible null pointer dereference in tls_parse_pkcs12() when
loading a PKCS#12 file for the server keys and the file includes extra
certificates.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-02-06 01:14:43 +02:00
Ayala Beker
443c8e18de OpenSSL: Fix possible null pointer dereference on an OCSP error path
Fix possible null pointer dereference in check_ocsp_resp() if an memory
allocation fails.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-02-06 00:58:32 +02:00
Roy Marples
a3cc64f3d2 Remove -w support from wpa_supplicant README
wpa_supplicant dropped the -w option long long time ago..

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-06 00:31:26 +02:00
Jouni Malinen
93aa1e1621 tests: EAP-FAST and binary PAC errors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-06 00:28:16 +02:00
Jouni Malinen
e265838a43 EAP-FAST: Fix an error path in PAC binary format parsing
Need to clear the pac pointer for the first error case to avoid freeing
the previous PAC entry if the following entry has an invalid header.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-06 00:26:31 +02:00
John Ernberg
f91e11f465 D-Bus: Fix p2p interface capability message
If the config file for the interface says "p2p_disabled=1", don't report
p2p capabilities on this interface. This helps programs like Connman to
not enable p2p when it's been disabled in wpa_supplicant.

Signed-off-by: John Ernberg <john.ernberg@actia.se>
2016-02-05 18:09:38 +02:00
Nick Lowe
479f46c4c2 Do not send Acct-Authentic in Accounting-On/Off
Acct-Authentic is used to indicate how the user was authenticated and as
such, should not be sent in Accounting-On and Accounting-Off.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-05 18:06:33 +02:00
Nick Lowe
696544efed RADIUS: Do not include Acct-Terminate-Cause in Accounting-On/Off
Per RFC 2866, 5.10, it is invalid to send Acct-Terminate-Cause in
Accounting-On and Accounting-Off (this is included only when
Acct-Status-Type is set to Stop).

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-05 17:59:07 +02:00
Eduardo Abinader
236053e532 Make fallback from HT40 to HT20 work
Ensure that if it is not possible to configure an allowed 20 MHz
channel pair, hostapd falls back to a single 20 MHz channel.

Signed-off-by: Eduardo Abinader <eabinader@ocedo.com>
2016-02-05 17:52:47 +02:00
Jouni Malinen
c599ddd124 tests: Allow fallback to 20 MHz in ap_ht40_5ghz_invalid_pair
This test case for enforcing that AP setup fails in case there is need
to fall back to 20 MHz channel due to invalid 40 MHz configuration.
Modify this to allow successful AP startup as long as 40 MHz channel
does not get enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-05 17:51:24 +02:00
Roy Marples
cb22e3b250 BSD: Zero ifindex on interface removal
If an interface is removed, zero the remembered ifindex.
Don't try to set properties on the interface when it is removed.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-05 17:40:45 +02:00
Rubin Xu
a8ef133f1d Android: Support multiple CA certs when connecting to EAP network
In the Android-specific case, make ca_cert directive parse a
space-separated list of hex-encoded CA certificate aliases following the
"keystores://" prefix. Server certificate validation should succeed as
long as the chain ends with one of them.

Signed-off-by: Rubin Xu <rubinxu@google.com>
2016-02-05 17:31:46 +02:00