Commit graph

5227 commits

Author SHA1 Message Date
Ayala Beker
e52a698907 RADIUS: Fix a possible memory leak on an error path
Fix a possible memory leak in radius_msg_add_mppe_keys() if
os_get_random() fails.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-04-08 11:40:20 +03:00
Ayala Beker
f1863f2b82 RADIUS: Fix possible memory leak when parsing per-STA passphrase
Fix a possible memory leak in decode_tunnel_passwords() if an invalid
passphrase is received from the RADIUS server.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-04-08 11:19:40 +03:00
Jouni Malinen
3433721c5f P2P: Continue p2p_find after sending non-success Invitation Response
This was previously handled for the case where the non-success
Invitation Response frame was sent out during the Listen phase. However,
in the case the Action frame TX ended up getting scheduled when the
Search phase scan had already started (e.g., due to the driver reporting
Invitation Request RX late enough for the Listen-to-Search transition
having already started), the postponed Action frame TX status processing
did not cover the specific case of non-success Invitation Response. This
could result in the p2p_find operation getting stopped (stuck in SEARCH
state) unexpectedly.

Fix this by calling p2p_check_after_scan_tx_continuation() from
Invitation Response TX callback handler if the invitation was rejected.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-07 21:05:28 +03:00
Manikandan Mohan
85c0f01dd8 Add QCA nl80211 vendor commands for TSF and WISA Feature
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-05 19:31:09 +03:00
Jouni Malinen
00e2eb3b7c RSN: Set EAPOL-Key Request Secure bit to 1 if PTK is set
The Secure bit in the Key Information field of EAPOL-Key frames is
supposed to be set to 1 when there is a security association. This was
done for other frames, but not for the EAPOL-Key Request frame where
supplicant is requesting a new PTK to be derived (either due to Michael
MIC failure report Error=1 or for other reasons with Error=0). In
practice, EAPOL-Key Request frame is only sent when there is a PTK in
place, so all such frames should have Secure=1.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-05 18:36:28 +03:00
Jouni Malinen
5914ebf584 Remove struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. This struct is not used anymore, so it can
be removed from the struct ieee80211_mgmt definition to complete the
changes started in commit d447cd596f
('Updates for stricter automatic memcpy bounds checking').

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-02 16:55:02 +03:00
Jouni Malinen
094e949265 atheros: Do not use struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. Since there are no non-IE fields in the
Probe Request frames, get the location of the variable length IEs simply
by using the pointer to the frame header and the known header length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-02 16:55:02 +03:00
Jouni Malinen
e1b99620c9 AP: Do not use struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. Since there are no non-IE fields in the
Probe Request frames, get the location of the variable length IEs simply
by using the pointer to the frame header and the known header length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-02 16:55:01 +03:00
Sunil Dutt
f933216141 Revert "Assign QCA vendor command and attribute for Tx/Rx aggregation"
This reverts commit 4ca16b5fd7.
Configuration for this will be done using a previously assigned more
generic command. This new command
QCA_NL80211_VENDOR_SUBCMD_SET_TXRX_AGGREGATION has not been used in any
driver version and won't be used, so the assigned command id can be
freed for future use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-31 16:27:24 +03:00
Jouni Malinen
f73b167c69 tests: Add TEST_FAIL() calls into OpenSSL bignum operations
This makes it easier to test error paths in bignum operations in SAE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-28 01:10:31 +03:00
Jouni Malinen
bde9a4e3de Comment out UDP/UNIX socket code from common ctrl_iface based on build
These were unreachable cases in the switch statements based on how the
build was configured.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-28 00:17:45 +03:00
Jouni Malinen
0741c481ee SAE: Check SHA256-PRF operation result
While this is mostly theoretical, check explicitly that SHA256
operations in sha256_prf*() succeed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-27 21:44:49 +03:00
Jouni Malinen
ea86a34667 SAE: Remove dead code in FFC pwd-value derivation
The local bits variable is set to prime_len * 8 and consequently bits %
8 cannot be anything else than 0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-27 21:28:45 +03:00
Jouni Malinen
87faf1f22c nl80211: Fix libnl-tiny build with CONFIG_LIBNL20=y
libnl-tiny does not use the separate nl-genl library.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 12:02:34 +02:00
Jouni Malinen
6d07e76020 wlantest: Use local ETH_P_IP define instead of linux/if_ether.h
There is no strong need for pulling in linux/if_ether.h here since all
that is needed if ETH_P_IP and we already cover multiple other ETH_P_*
values in utils/common.h.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:35:30 +02:00
Jouni Malinen
795abc8e0a Drop USE_KERNEL_HEADERS define
This was only used for providing an option to use linux/if_packet.h
instgead of netpacket/packet.h in src/ap/iapp.c. However,
netpacket/packet.h is nowadays commonly available and hostapd already
depends on it through src/l2_packet/l2_packet_linux.c, so there is no
need to continue to provide this option for the kernel header.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:29:53 +02:00
Jouni Malinen
9b7cd5788a Use a separate header file for Linux bridge interface definitions
This moves the BRCTL_* defines from vlan_full.c to linux_bridge.h to
clean up header inclusion.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:27:18 +02:00
Jouni Malinen
c815fab83a Use own header file for defining Linux VLAN kernel interface
This gets rid of need to include linux/if_vlan.h and additional defines
in vlan_ioctl.c to avoid issues with missing definitions in libc
headers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:24:38 +02:00
Jörg Krause
81606ab73b vlan: Fix musl libc conflict with Linux kernel headers
Due to both <netinet/in.h> (in "utils/includes.h") and <linux/in6.h> (in
<linux/if_bridge.h>) being included, the in6_addr is being redefined:
once from the C library headers and once from the Linux kernel headers.
This causes some build failures with for example the musl C library:

In file included from /usr/include/linux/if_bridge.h:18,
                 from ../src/ap/vlan_init.c:17:
/usr/include/linux/in6.h:32: error: redefinition of 'struct in6_addr'
/usr/include/linux/in6.h:49: error: redefinition of 'struct sockaddr_in6'
/usr/include/linux/in6.h:59: error: redefinition of 'struct ipv6_mreq'

Mixing C library and Linux kernel headers is a bit problematic [1] and
should be avoided if possible [2]. In order to fix this, define just the
macros needed from <linux/if_bridge.h> as done in Busybox for the brctl
applet [3].

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=15850
[2] http://www.openwall.com/lists/musl/2015/10/06/1
[3] https://git.busybox.net/busybox/commit/?id=5fa6d1a632505789409a2ba6cf8e112529f9db18

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2016-03-26 11:02:16 +02:00
Jouni Malinen
e86859929f vlan: Move if_nametoindex() use out of vlan_init.c
With this, vlan_init.c does not need any special header files anymore
and vlan_ifconfig.c does not need hostapd-specific header files that
might conflict with net/if.h on NetBSD.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 18:00:44 +02:00
Jouni Malinen
7c03c08229 vlan: Move ifconfig helpers to a separate file
This removes final ioctl() use within vlan_init.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 17:56:07 +02:00
Jouni Malinen
59d6390440 vlan: Move CONFIG_FULL_DYNAMIC_VLAN functionality into a separate file
This cleans up vlan_init.c by removing number of C pre-processor
dependencies.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 17:55:40 +02:00
Jouni Malinen
0fe28ddf17 vlan: Remove unnecessary header includes from netlink implementation
The implementation in vlan_util.c does not use many of the header files
that were pulled in.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 17:27:16 +02:00
Jouni Malinen
84d6755108 vlan: Clean up netlink vs. ioctl API implementation
Move the ioctl-based VLAN implementation to a separate file to avoid
need for conditional blocks within vlan_ioctl.c. This removes the
internal CONFIG_VLAN_NETLINK define, i.e., this is now used only in
build configuration (.config) to select whether to include the
vlan_util.c (netlink) or vlan_ioctl.c (ioctl) implementation of the
functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 17:24:20 +02:00
Jörg Krause
cb38bc886e vlan: Fix musl build error
caddr_t is legacy BSD and should be avoided [1]. While glibc may still
use __caddr_t as the type, Linux kernel does not (it is "void __user *
ifru_data").

This fixes compile errors with the musl libc:

../src/ap/vlan_init.c: In function 'br_delif':
../src/ap/vlan_init.c:218:18: error: '__caddr_t' undeclared (first use in this function)
  ifr.ifr_data = (__caddr_t) args;

[1] http://stackoverflow.com/questions/6381526/what-is-the-significance-of-caddr-t-and-when-is-it-used

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2016-03-25 16:57:05 +02:00
Jouni Malinen
1126c0787d nl80211: Ignore deauth/disassoc event during Connect reassociation
cfg80211 reports a deauth/disassoc event when internally clearing
connection with the previous BSS. Ignore that event to allow the new
connect command to complete.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-24 22:35:10 +02:00
Jouni Malinen
00c3c4ac9b nl80211: Add NL80211_ATTR_PREV_BSSID with Connect command
This makes it easier for drivers that use the Connect command instead of
separate Auth+Assoc commands to determine when to use reassociation
instead of association. Matching changes are still needed in cfg80211 to
allow this parameter to be used, but it is safe for wpa_supplicant to
start including this attribute now since it will be ignored by older
cfg80211 versions.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-24 22:35:10 +02:00
Jouni Malinen
8854f90bad mesh: Simplify wpa_auth_pmksa_set_to_sm()
pmksa->pmk or pmksa->pmkid cannot be NULL since they are arrays. Remove
the unnecessary NULL checks and use the provided pmksa pointer directly
to simplify the implementation. (CID 138519)

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-22 20:38:44 +02:00
Jouni Malinen
32d4fe9549 privsep: Fix a compiler warning on unsigned/signed comparison
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-22 17:41:37 +02:00
Roy Marples
45e3fc72c6 Find correct driver for interface additions/removals
Interface additions/removals are not guaranteed to be for the driver
listening to the kernel events. As such, send the events to
wpa_supplicant_event_global() which can then pick the correct interface
registered with wpa_supplicant to send the event to.

Signed-off-by: Roy Marples <roy@marples.name>
2016-03-22 17:41:37 +02:00
Jouni Malinen
90377029c6 wpa_supplicant: Fix CONFIG_IBSS_RSN=y build without CONFIG_AP=y
Commit 1889af2e0f ('VLAN: Separate station
grouping and uplink configuration') added an ap_sta_set_vlan() function
that gets called from pmksa_cache_auth.c. This broke CONFIG_IBSS_RSN=y
build if src/ap/sta_info.c did not get included in the build, i.e., if
CONFIG_AP=y was not set.

Fix this by making the ap_sta_set_vlan() call conditional on
CONFIG_NO_VLAN being undefined and define this for CONFIG_IBSS_RSN=y
builds. This is fine for wpa_supplicant since CONFIG_AP=y case was
already defining this. For hostapd, this function call is not needed for
CONFIG_NO_VLAN case either.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-21 21:12:20 +02:00
Masashi Honma
9f2cf23e2e mesh: Add support for PMKSA caching
This patch add functionality of mesh SAE PMKSA caching. If the local STA
already has peer's PMKSA entry in the cache, skip SAE authentication and
start AMPE with the cached value.

If the peer does not support PMKSA caching or does not have the local
STA's PMKSA entry in the cache, AMPE will fail and the PMKSA cache entry
of the peer will be removed. Then STA retries with ordinary SAE
authentication.

If the peer does not support PMKSA caching and the local STA uses
no_auto_peer=1, the local STA can not retry SAE authentication because
NEW_PEER_CANDIDATE event cannot start SAE authentication when
no_auto_peer=1. So this patch extends MESH_PEER_ADD command to use
duration(sec). Throughout the duration, the local STA can start SAE
authentication triggered by NEW_PEER_CANDIDATE even though
no_auto_peer=1.

This commit requires commit 70c93963ed
('SAE: Fix PMKID calculation for PMKSA cache'). Without that commit,
chosen PMK comparison will fail.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:56:38 +02:00
Masashi Honma
4c522c7798 PMKSA: Flush AP/mesh PMKSA cache by PMKSA_FLUSH command
This extends the wpa_supplicant PMKSA_FLUSH control interface command to
allow the PMKSA list from the authenticator side to be flushed for AP
and mesh mode. In addition, this adds a hostapd PMKSA_FLUSH control
interface command to flush the PMKSA entries.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:37:53 +02:00
Masashi Honma
b8daac18a4 PMKSA: Show AP/mesh PMKSA list in PMKSA command
This extends the wpa_supplicant PMKSA control interface command to allow
the PMKSA list from the authenticator side to be listed for AP and mesh
mode. In addition, this adds a hostapd PMKSA control interface command
to show the same list for the AP case.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:37:53 +02:00
Jouni Malinen
f7648c8679 P2P: Advertise IP Address Allocation only if it is enabled on GO
This group capability bit was previously added unconditionally which
could result in the P2P Client assuming the functionality is available
even though the GO would always reject the request (not reply to it with
an assigned IP address) during the 4-way handshake.

Fix this by advertising the capability only if the GO configuration
allow IP address assignment to be completed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-20 17:37:53 +02:00
Roy Marples
7f46ad9ee5 BSD: Only down the interface once we are sure we can work with it
Signed-off-by: Roy Marples <roy@marples.name>
2016-03-20 11:24:30 +02:00
Jouni Malinen
29eddc3d8c nl80211: Fix error path in if_indices_reason reallocation
Commit 732b1d20ec ('nl80211: Clean up
ifidx properly if interface in a bridge is removed') added
drv->if_indices_reason array similarly to the previously used
drv->if_indices. However, it had a copy-paste error here on the error
path where a reallocation failure after at least one successful
reallocation would result in the drv->if_indices being overridden
instead of restoring drv->if_indices_reason to the old value. Fix this
by setting the correct variable on the error path. (CID 138514)

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-18 16:25:35 +02:00
Jouni Malinen
ee298f1b1f nl80211: Do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
SMPS mode is applicable only for HT and including an attribute to
configure it when HT is disabled could result in the AP start operation
failing. Fix this by adding the attribute only in cases where HT is
enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-18 16:16:40 +02:00
Sunil Dutt
4ca16b5fd7 Assign QCA vendor command and attribute for Tx/Rx aggregation
Assign nl80211 vendor command
QCA_NL80211_VENDOR_SUBCMD_SET_TXRX_AGGREGATION and corresponding
attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-17 20:53:25 +02:00
Jouni Malinen
64ce5905f8 libxml2: Check for xmlDocDumpFormatMemory() error case
Since this function needs to allocate memory, it might fail. Check that
the returned memory pointer is not NULL before trying to parse the
output.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 21:49:28 +02:00
Jouni Malinen
8b827c342f BoringSSL: Keep static analyzers happier with X509_get0_pubkey_bitstr()
While this function could return NULL if the parameter issued to it were
NULL, that does not really happen here. Anyway, since this can result in
a warning from a static analyzer that does can see the return NULL
without fully understanding what it means here, check the return value
explicitly against NULL to avoid false warnings.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 21:34:01 +02:00
Dedy Lansky
f2d6c17aa0 nl80211: Support network hierarchy of a master interface under bridge
Since commit cb05808c46 ('nl80211: Generic
Linux master interface support for hostapd'), hostapd is listening for
EAPOL frames on any master which the interface is enslaved under.

This commit allows hostapd to support network hierarchy in which the
interface is enslaved under some master which in turn is enslaved under
a bridge.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-03-09 21:03:41 +02:00
Jouni Malinen
f85399f396 Reserve QCA vendor specific nl80211 commands 116..118
These are reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-08 23:08:45 +02:00
Zefir Kurtisi
3bd58861ae hostapd: Handle running out of DFS channels
In scenarios where only DFS channels are available (e.g., outdoor,
special country codes), hostapd must be able to handle situations
where all are unavailable.

The two possibilities to get there are
1) while operating on the last available DFS channel a radar is
   detected
2) hostapd is started while all channels are unavailable

In both cases, hostapd instead of terminating should better
wait for the NOPs to pass and re-try operation after the CAC.

This patch provides that feature by using the condition
(iface->state == HAPD_IFACE_DFS && !iface->cac_started)
as NOP mode signature to retry operation from within
hostapd_dfs_nop_finished().

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
2016-03-08 12:16:37 +02:00
Dedy Lansky
cc1af6faed FST: Fix session setup failure with peer without MB IE
Upon receiving FST setup request on old band, the peer is searched on
new band. The assumption is that MB IE from this peer on new band
previously received either in assoc event or in FST setup request.

There are cases in which above assumption doesn't work, peer is not
found and session setup fails. For example:
- STA connects over 11ac. Due to driver limitation, MB IE is not included
in assoc event
- STA connects over 11ad. MB IE included in assoc event.
- FST session established on 11ac band, with AP as initiator. i.e. FST
setup request sent in AP=>STA direction. STA searches for peer's (AP)
MB IE on 11ad band which exists.
- FST switch occur
- FST session established on 11ad band, with STA as initiator. i.e. FST
setup request sent in STA=>AP direction. AP searches for peer's (STA)
MB IE on 11ac band which are absent.

For fixing the above, consider also peers without MB IE as candidates in
the search algorithm.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-03-07 18:04:47 +02:00
Lior David
e4a1469cec P2P: Adjust service discovery maximum fragment size for 60 GHz
In the 60 GHz band, service discovery management frames are sent over
the control PHY and have a smaller maximum frame size (IEEE Std
802.11ad-2012, 21.4.3.2). Fix the code to use sufficiently small
fragment size when operating in the 60 GHz band.

The 60 GHz fragment size (928) is derived from the maximum frame size
for control PHY (1023) and subtracting 48 bytes of header size, and some
spare so we do not reach frames with the absolute maximum size.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-07 13:47:01 +02:00
Eliad Peller
6448e06415 hostapd: Allow use of driver-generated interface addresses
Add a new 'use_driver_iface_addr' configuration parameter to allow use
of the default interface address generated by the driver on interface
creation. This can be useful when specific MAC addresses were allocated
to the device and we want to use them for multi-BSS operation.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 20:00:40 +02:00
Eliad Peller
f2accfe708 AP: Save EAPOL received before Association Response ACK
There is a race condition in which AP might receive the EAPOL-Start
frame (from the just-associated station) before the TX completion of the
Association Response frame. This in turn will cause the EAPOL-Start
frame to get dropped, and potentially failing the connection.

Solve this by saving EAPOL frames from authenticated-but-not-associated
stations, and handling them during the Association Response frame TX
completion processing.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 17:08:12 +02:00
Janusz Dziedzic
56885eecf4 hostapd: Add UDP support for ctrl_iface
Add UDP support for ctrl_iface:

New config option could be set:
CONFIG_CTRL_IFACE=udp
CONFIG_CTRL_IFACE=udp-remote
CONFIG_CTRL_IFACE=udp6
CONFIG_CTRL_IFACE=udp6-remote

And hostapd_cli usage:
hostapd_cli -i localhost:8877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:37 +02:00
Janusz Dziedzic
acf57fae76 ctrl_iface_common: Use sockaddr_storage instead of sockaddr_un
This is a step towards allowing UDP sockets to be used with the common
implementation.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00