The NFC connection handover specific case of WPS public key generation
did not verify whether the two wpabuf_dup() calls succeed. Those may
return NULL due to an allocation failure and that would result in a NULL
pointer dereference in dh5_init_fixed().
Fix this by checking memory allocation results explicitly. If either of
the allocations fail, do not try to initialize wps->dh_ctx and instead,
report the failure through the existing error case handler below.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org
This adds support for the SPP server to request certificate reenrollment
and for the EST server to support the simplereenroll version.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previous implementation updated user database only for username/password
credentials. While client certificates do not need the updated password
to be written, they do need the remediation requirement to be cleared,
so fix that.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These are not really using Phase 2, so use more appropriate
configuration when going through online signup for client certificates.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
EAP-TLS users are not really using phase2, so do not require the
database to be set in a way that claim that inaccurately.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This allows EAP user database entries for "cert-<serial number>" to be
used for client certificate based parameters when using EAP-TLS. This
commit addresses only the full authentication case and TLS session
resumption is not yet covered.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
remove_ie() was defined within an ifdef CONFIG_FILS block while it is
now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition
there.
Fixes 8c41734e5d ("FT: Fix Reassociation Request IEs during FT protocol")
Signed-off-by: Jouni Malinen <j@w1.fi>
Also add the ChangeLog entries for both hostapd and wpa_supplicant to
describe main changes between v2.6 and v2.7.
Signed-off-by: Jouni Malinen <j@w1.fi>
libnl 3.2 release is much more likely to be used nowadays than the
versions using the older API, so uncomment this in wpa_supplicant and
hostapd defconfig.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not change the OWE group if association is rejected for any other
reason than WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED to avoid
unnecessary latency in cases where the APs reject association, e.g., for
load balancing reasons.
Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
If association failed for any non-OWE specific reason, the previous
implementation tried to add the OWE related IEs into the (Re)Association
Response frame. This is not needed and could actually result in
dereferencing a NULL pointer. Fix this by adding those OWE related IEs
only for successful association and only if the RSN state machine has
been initialized.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some mac80211_hwsim test cases have failed with mysterious sequence
where mac80211 has claimed the parameters are invalid ("wlan3: invalid
CW_min/CW_max: 9484/40"). Those values look strange since they are not
from hostapd configuration or default values.. hostapd is seeing TX
queue parameter set failing for queues 0, 1, and 3 (but not 2) for these
cases. Add debug prints to hostapd to get more details on what exactly
is happening if such error cases can be reproduced.
Signed-off-by: Jouni Malinen <j@w1.fi>
The reverse case (local identifier configured but no identifier
received) was already covered, but PKEX is not going to complete
successfully if there is any difference in identifier configuration, so
ignore this other case as well. This avoids unnecessary responses to
PKEX requests with identifier from a device that is ready for PKEX in
general, but not for that particular request.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that radio measurement capabilities are negotiated
correctly for the reassociation cases with and without FT.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous implementation ended up replacing all pending IEs prepared
for Association Request frame with the FT specific IEs (RSNE, MDE, FTE)
when going through FT protocol reassociation with the wpa_supplicant
SME. This resulted in dropping all other IEs that might have been
prepared for the association (e.g., Extended Capabilities, RM Enabled
Capabilities, Supported Operating Classes, vendor specific additions).
Fix this by replacing only the known FT specific IEs with the
appropriate values for FT protocol while maintaining other already
prepared elements.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no point in building this tarball in /tmp that is on the
ramdisk of the VM since it will go away when the VM exits.
Signed-off-by: Jouni Malinen <j@w1.fi>
Both handle_action() and hostapd_action_rx() are used for processing
received Action frames depending on what type of driver architecture is
used (MLME in hostapd vs. driver) and which build options were used to
build hostapd. These functions had a bit different sequence for checking
the frame and printing debug prints. Make those more consistent by
checking that the frame includes the category-specific action field and
some payload. Add a debug print for both functions to make it easier to
see which path various Action frames use.
Signed-off-by: Jouni Malinen <j@w1.fi>
Avoid smatch warning on this even thought the only caller of the
function uses a non-NULL pointer in all cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The currently unused conf_offset parameter used a mismatching type (enum
vs. unsigned int) compared to the prototype.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Need to handle the little endian 16-bit fields properly when building
and parsing Authentication frames.
Fixes: 5ff39c1380 ("SAE: Support external authentication offload for driver-SME cases")
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
Instead of going through the configuration exchange, reject invalid
legacy configurator parameters explicitly. Previously, configuring
legacy (psk/sae) parameters without psk/pass resulted in a config object
that used a zero length passphrase. With this change, that config object
is not sent and instead, either the initialization attempts is rejected
or the incoming initialization attempt is ignored.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>