Commit graph

12676 commits

Author SHA1 Message Date
Jouni Malinen
b696f791ac RRM: Fix wpas_rrm_send_msr_report() loop handling
The while (len) loop was updating the next pointer at the end even when
len == 0, i.e., when the new next value won't be used. This could result
in reading one octet beyond the end of the allocated response wpabuf.
While the read value is not really used in practice, this is not correct
behavior, so fix this by skipping the unnecessary next pointer update in
len == 0 case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-08 16:16:37 +02:00
Avraham Stern
891aa65b88 RRM: Use dynamically allocated buffer for beacon report
The maximum required size for each Beacon Report element is known in
advance: it is the size of the Beacon Report element fixed fields + the
size of the Reported Frame Body subelement.

Allocate the buffer used for constructing the Beacon Report element
dynamically with the maximum needed size, instead of using a very
large static buffer.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-08 16:05:52 +02:00
Jouni Malinen
732b57acb4 tests: Fix authsrv_errors_1 and authsrv_errors_3 when running on host
Use a non-existing directory in the path to avoid SQLite from being able
to create a new database file. The previous design worked in the VM case
due to the host file system being read-only, but a bit more is needed
for the case when this is running on the host.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-07 18:13:05 +02:00
Johannes Berg
a1f11e34c4 Use os_memdup()
This leads to cleaner code overall, and also reduces the size
of the hostapd and wpa_supplicant binaries (in hwsim test build
on x86_64) by about 2.5 and 3.5KiB respectively.

The mechanical conversions all over the code were done with
the following spatch:

    @@
    expression SIZE, SRC;
    expression a;
    @@
    -a = os_malloc(SIZE);
    +a = os_memdup(SRC, SIZE);
    <...
    if (!a) {...}
    ...>
    -os_memcpy(a, SRC, SIZE);

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-07 13:19:10 +02:00
Johannes Berg
dbdda355d0 Introduce os_memdup()
This can be used to clean the code and reduce size by converting
os_malloc() followed by os_memcpy() cases to use a single function call.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-07 13:18:49 +02:00
Johannes Berg
60be144e45 gitignore: Add parallel-vm.log
Ignore parallel-vm.log regardless of where in the tree
it was created.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-07 12:13:27 +02:00
Johannes Berg
6f6a3a03c1 ap-mgmt-fuzzer: Add .gitignore
Ignore the binary created here.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-07 12:12:20 +02:00
Jouni Malinen
40c8ad8058 wpadebug: Add .gitignore
Ignore the automatically generated build directories and files.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-07 12:10:11 +02:00
Kanchanapally, Vidyullatha
af8bc24da3 MBO: Add support for transition reject reason code
Add support for rejecting a BSS transition request using MBO reject
reason codes. A candidate is selected or rejected based on whether it is
found acceptable by both wpa_supplicant and the driver. Also accept any
candidate meeting a certain threshold if disassoc imminent is set in BTM
Request frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-07 00:34:14 +02:00
Kanchanapally, Vidyullatha
3ab484928a nl80211: Driver command for checking BTM accept/reject
Add driver interface command using the QCA vendor extensions to check
the driverr whether to accept or reject a BSS transition candidate. For
the reject case, report an MBO reject reason code.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-07 00:20:29 +02:00
Avraham Stern
ae2f1a9c0f tests: Make beacon report tests remote compatible
Use the new hostapd.add_ap() API (i.e., pass the ap device as a
parameter instead of the interface name) in beacon report tests to
make them remote compatible, and mark them appropriately.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-06 23:55:32 +02:00
Jouni Malinen
4fe798bd9d tests: Make wnm_bss_tm_req a bit more efficient and robust
Use a local variable for the STA address instead of fetching it
separately for each operation. Dump control interface monitor events
between each test message to avoid increasing the socket output queue
unnecessarily.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-06 23:53:33 +02:00
Beni Lev
ed432343f4 tests: Clean up wnm_bss_tm_req test not initialize unused AP
The second AP is not really needed in this test case that verifies
parsing of various different BSs Transition Management Request frame
payloads.

Signed-off-by: Beni Lev <beni.lev@intel.com>
2017-03-06 23:48:02 +02:00
Avraham Stern
23cddd7519 wpa_supplicant: Fix non_pref_chan example
The parsing code expects non_pref_chan to be non-quoted.
Fix the example in wpa_supplicant.conf not to include
quotes.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-06 23:41:26 +02:00
Andrei Otcheretianski
79f846a7a9 tests: Rename ap_wpa2_psk_file test
There are two different tests with the same name in test_ap_psk.py.
Fix that.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2017-03-06 23:38:48 +02:00
Jouni Malinen
c90c62e5d3 tests: hostapd authentication server test cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-05 16:51:04 +02:00
Jouni Malinen
b9fd3c244e tests: Add TEST_FAIL() to radius_msg_add_attr()
This makes it easier to test error paths for RADIUS message
construction.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-05 16:37:52 +02:00
Jouni Malinen
de01f254a6 RADIUS server: Fix error paths in new session creation
radius_server_session_free() does not remove the session from the
session list and these radius_server_get_new_session() error paths ended
up leaving a pointer to freed memory into the session list. This
resulted in the following operations failing due to use of freed memory.

Fix this by using radius_server_session_remove() which removes the entry
from the list in addition to calling radius_server_session_free().

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-05 16:18:57 +02:00
Jouni Malinen
a47f214e3f tests: Automatic channel selection failures
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-04 17:30:15 +02:00
Jouni Malinen
468a247774 tests: Automatic channel selection for VHT160
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-04 17:30:15 +02:00
Jouni Malinen
4c803dfcd7 ACS: Fix memory leak if interface is disabled during scan
The survey data was not freed if hostapd interface got disabled during
an ACS scan.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-04 17:30:15 +02:00
Jouni Malinen
31b398e05f tests: Automatic channel selection for VHT40
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-04 17:30:14 +02:00
Jouni Malinen
5f45caae24 tests: Automatic channel selection for HT40- channel
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-04 17:30:14 +02:00
Jouni Malinen
29be2c090e ACS: Simplify code paths
This removes some unnecessarily duplicated return paths and simplifies
code paths.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-04 17:30:10 +02:00
Jouni Malinen
9960434dcf tests: ProxyARP error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-04 11:44:55 +02:00
Jouni Malinen
fa07d2d463 tests: Add TEST_FAIL() checks in l2_packet
This enables additional test coverage for error paths.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-04 11:43:58 +02:00
Jouni Malinen
d4359923e1 Fix DHCP/NDISC snoop deinit followed by failing re-init
It was possible to hit a double-free on the l2_packet socket if
initialization of DHCP/NDISC snoop failed on a hostapd interface that
had previously had those enabled successfully. Fix this by clearing the
l2_packet pointers during deinit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-04 11:42:15 +02:00
Jouni Malinen
6baab31c6c tests: P2P autonomous GO and NoA
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-04 10:57:28 +02:00
Alexei Avshalom Lazar
160dca0784 Add QCA vendor command/attr for BRP antenna limit control
Add QCA_NL80211_VENDOR_SUBCMD_BRP_SET_ANT_LIMIT for setting the number
of antennas that will be active in different modes for each connection.

Signed-off-by: Alexei Avshalom Lazar <qca_ailizaro@qca.qualcomm.com>
2017-03-02 15:05:46 +02:00
Jouni Malinen
c7a7218951 tests: Scan failures for TYPE=ONLY
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 16:42:56 +02:00
Hu Wang
57d3c5913a Clear scan_res_handler on no-retry failure
Previously it was possible for wpa_s->scan_res_handler to remain set to
its old value in case wpa_drv_scan() failed and no retry for the scan
trigger was scheduled (i.e., when last_scan_req == MANUAL_SCAN_REQ).
This could result in getting stuck with the next connection attempt
after a failed "SCAN TYPE=ONLY" operation when wpa_s->scan_res_handler
was set to scan_only_handler().

Fix this by clearing wpa_s->scan_res_handler if wpa_drv_scan() fails and
no retry is scheduled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 16:39:30 +02:00
Jouni Malinen
c97d7c2a60 tests: Wi-Fi Display extensions to P2P with R2 subelems
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 12:16:10 +02:00
Amarnath Hullur Subramanyam
e9518ae749 WFD: Add WFD R2 Subelements
Define and add support for WFD R2 Subelements.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 11:59:57 +02:00
Gaole Zhang
21ac782797 QCA nl80211 vendor attribute for specific sub-20 MHz channel width
Define a new attribute QCA_WLAN_VENDOR_ATTR_CONFIG_SUB20_CHAN_WIDTH.
This attribute can set a station device to work in 5 or 10 MHz channel
width while in disconnect state.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 11:55:04 +02:00
Jouni Malinen
622bc51f5a tests: WNM BSS Transition Management and scan needed (Table E-4)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 11:39:24 +02:00
Jouni Malinen
133a8b9d7a tests: WNM BSS TM with explicit Table E-4 indication
wnm_bss_tm_global uses an unknown country code to use Table E-4. Extend
that with otherwise identical test case wnm_bss_tm_global4, but with the
country string explicitly indicating use of Table E-4 while using a
known country code.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 11:27:48 +02:00
Jouni Malinen
62a766f3b1 tests: Country code string and the third octet
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 11:11:31 +02:00
Jouni Malinen
ff936bc753 Make the third octet of Country String configurable
The new hostapd.conf parameter country3 can now be used to configure the
third octet of the Country String that was previously hardcoded to ' '
(= 0x20).

For example:

All environments of the current frequency band and country (default)
country3=0x20

Outdoor environment only
country3=0x4f

Indoor environment only
country3=0x49

Noncountry entity (country_code=XX)
country3=0x58

IEEE 802.11 standard Annex E table indication: 0x01 .. 0x1f
Annex E, Table E-4 (Global operating classes)
country3=0x04

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 10:58:15 +02:00
Masashi Honma
b80130c60b tests: Add mesh path test
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-03-01 00:44:17 +02:00
Masashi Honma
d760db19b1 tests: Save the log of wmediumd
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-03-01 00:35:40 +02:00
Jouni Malinen
33a6da6908 tests: Work around pyopenssl API change
OpenSSL.SSL.Connection.state_string() was replaced with
get_state_string() in pyopenssl. Add workaround code to be able to use
either of these names.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 00:20:29 +02:00
Johannes Berg
5118319831 trace: Look up start to cope with ASLR
When ASLR is enabled, like it is by default on many distros now,
the trace code doesn't work right.

Fix this by looking up the start of the executable mapping and
subtracing it from all the lookups.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2017-02-28 11:37:19 +02:00
Jouni Malinen
069daec4ee tests: Fix EAPOL frame source address in protocol tests
The send_eapol() calls for delivering frames to wpa_supplicant had a
copy-paste bug from the earlier hostapd cases. These were supposed to
use the BSSID, not the address of the station, as the source address.
The local address worked for most cases since it was practically
ignored, but this could prevent the race condition workaround for
association event from working. Fix this by using the correct source
address (BSSID).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-28 11:24:15 +02:00
Jouni Malinen
206516e8c2 af_alg: Crypto wrappers for Linux kernel crypto (AF_ALG)
CONFIG_TLS=linux can now be used to select the crypto implementation
that uses the user space socket interface (AF_ALG) for the Linux kernel
crypto implementation. This commit includes some of the cipher, hash,
and HMAC functions. The functions that are not available through AF_ALG
(e.g., the actual TLS implementation) use the internal implementation
(CONFIG_TLS=internal).

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-28 11:24:15 +02:00
Jouni Malinen
b41d3e0a75 crypto: Process des_encrypt() error returns in callers
This updates all the des_encrypt() callers to handle error cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-28 11:24:05 +02:00
Jouni Malinen
5f0e165e80 crypto: Add return value to DES and AES encrypt/decrypt
These operations may fail with some crypto wrappers, so allow the
functions to report their results to the caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-28 11:23:54 +02:00
Ashwini Patil
dca4b503f1 MBO: Fix minimum length check on non_pref_chan configuration
The reason detail field in non_pref_chan attribute was removed
from MBO draft v0.0_r25. Also oper_class can be 1 character for
few country codes (e.g., country code-UK, channel number-1). So the
shortest channel configuration is 7 characters.

This was missed in the earlier commit
4a83d4b686 ('MBO: Do not add reason_detail
in non_pref_chan attr (STA)') that took care of other changes related to
removal of the reason detail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:26:22 +02:00
Peng Xu
5b9f46df0e hostapd: Get channel number from frequency based on other modes as well
When getting the channel number from a frequency, all supported modes
should be checked rather than just the current mode. This is needed when
hostapd switches to a channel in different band.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:24:03 +02:00
Jouni Malinen
4c8836f139 FILS: Fix fils_hlp.c build with older netinet/udp.h definitions
The __FAVOR_BSD macro was previously used in netinet/udp.h to select
between two different names of the variables in struct udphdr. Define
that to force the versions with the uh_ prefix. In addition, use the
same style consistently within fils_hlp.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:18:29 +02:00
Jouni Malinen
c4bb39707f Fix AES-SIV build dependencies
aes-siv.c needs functions from aes-ctr.c and aes-omac1.c, so set
NEED_AES_CTR=y and NEED_AES_OMAC1=y if NEED_AES_SIV is defined. This
fixes some build configuration combinations where either of those
dependencies were not pulled in through other parameters. For example,
some CONFIG_FILS=y cases were impacted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00