This converts os_snprintf() result validation cases to use
os_snprintf_error() in cases where success condition was used to execute
a step. These changes were done automatically with spatch using the
following semantic patch:
@@
expression E1,E2,E3;
statement S1;
@@
E1 = os_snprintf(E2, E3, ...);
- if (\( E1 >= 0 \| E1 > 0 \) && \( (size_t) E1 < E3 \| E1 < (int) E3 \| E1 < E3 \))
+ if (!os_snprintf_error(E3, E1))
S1
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds verification of os_snprintf() result against the maximum
buffer length. These changes were done automatically with spatch
using the following semantic patch:
@@
expression E1,E2,E3;
statement S1;
@@
E1 = os_snprintf(E2, E3, ...);
- if (\( E1 < 0 \| E1 <= 0 \))
+ if (os_snprintf_error(E3, E1))
(
S1
|
{ ... }
)
Signed-off-by: Jouni Malinen <j@w1.fi>
A single channel scan just before WPS_REG, WPS_PBC, and WPS_PIN commands
can be used to avoid having to run a full scan. This saves significant
amount of time in the WPS test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the immediate EAPOL authenticator startup was scheduled
without having received EAPOL-Start only for the case where WPA/WPA2 was
enabled. This can be extended to speed up non-WPA/WPA2 cases as well if
the STA includes WPS IE in Association Request frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
This increases wpa_supplicant_ie_txt(), print_bss_info(), and
wpa_supplicant_ctrl_iface_scan_result() testing coverage to include the
previously missing key management options.
Signed-off-by: Jouni Malinen <j@w1.fi>
Shift right on unsigned char limits the value to 0..63 which is within
bounds for base64_table[]. Anyway, some static analyzers do not seem to
understand that. See if an otherwise unnecessary masking gets rid of
false warnings. (CID 62858)
Signed-off-by: Jouni Malinen <j@w1.fi>
This pointer cannot be NULL sicne it is called only from this file and
with a valid pointer to the received command.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that IBSS_RSN <peer> return OK for the case where a valid
and already connection peer address is given.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to pass the test case names to the VMs when using
parallel-vm.py. Removing those from the command line helps in avoiding
kernel panic if maximum number of kernel parameters limit is hit.
Signed-off-by: Jouni Malinen <j@w1.fi>
Shift right on unsigned char limits the value to 0..63 which is within
bounds for base64_table[]. Anyway, some static analyzers do not seem to
understand that. See if an otherwise unnecessary masking gets rid of
false warnings. (CID 62858)
Signed-off-by: Jouni Malinen <j@w1.fi>
'num * 5 > end - pos' handles bounds checking a bit more efficiently,
but apparently that is not clear enough for all static analyzers.
Replace with 'num > left / 5' to avoid false reports. (CID 68117)
Signed-off-by: Jouni Malinen <j@w1.fi>
For some reason, "pos + len > end" is not clear enough, but "len > end -
pos" is recognized. Use that to get rid of a false positive from a
static analyzer (CID 72697).
Signed-off-by: Jouni Malinen <j@w1.fi>
For some reason, the previous version was not understood to be null
terminating the buffer from recv(). It was doing this fine, though. Try
to use a bit more simpler design in hopes of getting static analyzers to
understand this. (CID 72702)
Signed-off-by: Jouni Malinen <j@w1.fi>
This reduced number of unnecessarily duplicated driver interface
callback functions for sending Action frames by using the more generic
send_action() instead of FT specific send_ft_action().
Signed-off-by: Jouni Malinen <j@w1.fi>
If "ADD bss_config=" command failed in driver_init() or
hostapd_setup_interface(), some of the allocated resources were not
freed properly.
Signed-off-by: Jouni Malinen <j@w1.fi>
This helper function had not used the nl80211_set_iface_id() helper, but
there is no reason why it couldn't re-use the same helper as other
places using nl80211_cmd_msg().
Signed-off-by: Jouni Malinen <j@w1.fi>
Use the helper function to replace places that use nlmsg_alloc(),
nl80211_cmd(), and either bss->ifindex or if_nametoindex(bss->ifname).
Signed-off-by: Jouni Malinen <j@w1.fi>
bss->wdev_id_set is set for the non-detdev P2P Device, so
nl80211_cmd_msg() can be used as-is for these cases as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
This removes duplicated code for building nl80211 commands for a BSS.
This commit handles the functions that were already using
nl80211_set_iface_id().
Signed-off-by: Jouni Malinen <j@w1.fi>
This gets rid of more NLA_PUT* macro uses in nl80211 to reduce the
number of functions that depend on the hidden behavior of jumping to the
nla_put_failure label.
Signed-off-by: Jouni Malinen <j@w1.fi>
This gets rid of NLA_PUT* macro use in checking nl80211 capabilities to
reduce the number of functions that depend on the hidden behavior of
jumping to the nla_put_failure label.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a separate pointer and length field instead of trying to copy from a
struct field that has only part of the full buffer available.
(CID 68115)
Signed-off-by: Jouni Malinen <j@w1.fi>
Bounds checking for gd->gtk_len in wpa_supplicant_check_group_cipher()
was apparently too complex for some static analyzers. Use a local
variable and a more explicit validation step to avoid false report.
(CID 62864)
Signed-off-by: Jouni Malinen <j@w1.fi>
Using aes_wrap() to initialize a data structure seemed to be too much
for some static analyzers to understand. Make it obvious that the target
is not just the single struct member. (CID 68111)
Signed-off-by: Jouni Malinen <j@w1.fi>