Commit graph

7969 commits

Author SHA1 Message Date
Jouni Malinen
b925506a91 Clear RSN preauth and PMKSA cache state on FLUSH command
There is no need for this state to maintained when the wpa_supplicant
FLUSH ctrl_iface command is used to request flushing of all state.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 19:56:15 +02:00
Jouni Malinen
499c5e9dc6 tests: Follow test sequence from run-tests.py command line
It can be useful to specify an exact order of test cases and also to
allow the same test case to be run multiple times when the list of tests
is provided on the command line.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 19:48:41 +02:00
Jouni Malinen
3882a70841 WMM AC: Fix memory leak on deinit without disassoc event
It was possible for wmm_ac_deinit() not getting called when an interface
was removed in a sequence where disassociation was not reported and
wmm_ac_notify_disassoc() did not get called. This resulted in leaking
whatever memory was allocated for WMM AC parameters. Fix that by calling
wmm_ac_notify_disassoc() from wpa_supplicant_cleanup().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 19:00:02 +02:00
Johannes Berg
7ee6ec7aec tests: Create new radios for MCC tests
For tests that require a radio with multi-channel concurrency,
create a new one on the fly that does have more than 1 channel.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-11-27 18:25:25 +02:00
Johannes Berg
788dc17f8c tests: Use tshark -Y instead of tshark -R
Newer versions of tshark don't like the -R (read filter) argument
for filtering and just show a deprecation warning. Use -Y (display
filter) instead, which hopefully also works on older versions.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-11-27 18:24:26 +02:00
Rashmi Ramanna
ac330cfd87 P2P: Reinvite with social operation channel if no common channels
If invitation to reinvoke a persistent group from the GO fails with the
peer indicating that there are no common channels, there is no defined
means for the peer to indicate which channel could have worked. Since
this type of issue with available channels changing over time can
happen, try to work around this by retrying invitation using one of the
social channels as the operating channel unless a specific operating
channel was forced for the group.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 17:55:54 +02:00
Jouni Malinen
5214f4fafc Clear scan_req to NORMAL_SCAN_REQ for connection attempt
This is needed to fix some sequencies where a real scan in ap_scan=2
case would be issued even when the connection case would expect direct
connection without a scan.

This fixed an issue shown in hwsim test case autoscan_exponential
followed by ibss_open_fixed_bssid.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 17:55:54 +02:00
Jouni Malinen
f33c82d23e nl80211: Change iftype to station on leaving mesh
This is needed to make following operations behave as expected since
mesh iftypes may prevent various operations (e.g., registering Probe
Request frame RX). Use same design as leave_ibss does to handle this
consistently.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 17:12:47 +02:00
Jouni Malinen
4e0990dc88 mesh: Send peering close message before leaving mesh
This is needed to allow proper Action frame transmission to work without
having to claim these to be offchannel operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 17:12:47 +02:00
Jouni Malinen
7a94120ea9 nl80211: Clear ignore_if_down_event if interface is up
It was possible for the ignore_if_down_event flag to remain set in some
cases where interface mode change required the interface to be set down
temporarily. If that happened, the following rfkill interface down could
have been ignored and device could have been left trying to scan or
connect (which would all fail due to the interface beign down). Clean
this up by clearing the ignore_if_down_event flag on the interface down
event regardless of whether the interface is up at the time this event
is processed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 14:59:28 +02:00
Jouni Malinen
1131a1c8d2 tests: Replace last remaining hwsim_test uses with DATA_TEST
External tool is not needed anymore to run the data connectivity tests
since hostapd test mode now allows the possible bridge or VLAN interface
to be specified.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 14:09:07 +02:00
Jouni Malinen
527d2378ac hostapd: Allow DATA_TEST_CONFIG to configure ifname
This allows the device-based data connectivity tests to be extended for
bridge and VLAN interface cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 14:02:18 +02:00
Jouni Malinen
5f7b07de91 tests: ProxyARP
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-26 01:37:54 +02:00
Jouni Malinen
8997613c90 nl80211: Fix br_ifindex storing when hostapd creates the bridge
Commit 6c6678e7a4 ('nl80211: Make
br_ifindex available in i802_bss') did not cover the case where
i802_check_bridge() ends up creating the bridge interface. That left
bss->br_ifindex zero and prevented neighbor addition. Extend that
functionality to update br_ifindex once the bridge netdev has been
added.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-26 01:16:35 +02:00
Jouni Malinen
a6b4ee217a proxyarp: Print learned IPv6 address in debug log
This makes it easier to debug issues related to IPv6 address snooping.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-26 01:09:54 +02:00
Jouni Malinen
a7fb5ea463 proxyarp: Fix DHCP and ND message structures
These need to be marked packed to avoid issues with compilers
potentially adding padding between the fields (e.g., gcc on 64-bit
seemed to make struct icmpv6_ndmsg two octets too long which broke IPv6
address discovery).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-26 01:09:54 +02:00
Neelansh Mittal
3a7414b6a6 Do not re-open Android control sockets
On Android, the control socket being used may be the socket that is
created when wpa_supplicant is started as a /init.*.rc service. Such a
socket is maintained as a key-value pair in Android's environment.
Closing this control socket would leave wpa_supplicant in a bad state.
When wpa_supplicant re-opens the ctrl_iface socket, it will query the
Android's environment, and will be returned with the same socket
descriptor that has already been closed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-25 17:16:44 +02:00
Jouni Malinen
378dec5af9 Android: Add Hotspot 2.0 into hostapd makefile
This makes the Android.mk for hostapd match the Makefile changes for
optional Hotspot 2.0 support.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-25 17:09:50 +02:00
Jouni Malinen
a437378f98 proxyarp: Use C library header files and CONFIG_IPV6
This replaces the use of Linux kernel header files (linux/ip.h,
linux/udp.h, linux/ipv6.h, and linux/icmpv6.h) with equivalent header
files from C library. In addition, ndisc_snoop.c is now built
conditionally on CONFIG_IPV6=y so that it is easier to handle hostapd
builds with toolchains that do not support IPv6 even if Hotspot 2.0 is
enabled in the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-25 16:58:21 +02:00
Masashi Honma
a959a3b69d SAE: Fix Anti-Clogging Token request frame format
This commit inserts Finite Cyclic Group to Anti-Clogging Token request
frame because IEEE Std 802.11-2012, Table 8-29 says "Finite Cyclic Group
is present if Status is zero or 76".

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-25 16:08:53 +02:00
Masashi Honma
872b754512 mesh: Fix SAE anti-clogging functionality for mesh
The mesh anti-clogging functionality is implemented partially. This
patch fixes to parse anti-clogging request frame and use anti-clogging
token.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-25 15:33:04 +02:00
Jouni Malinen
17ffdf3951 tests: Clear sae_groups to default value in forgotten cases
It was possible for some of the SAE test cases (e.g., ap_ft_sae) to fail
if they were run after the sae_groups test case that left the SAE group
configuration to a value that is not enabled by default. Fix this by
clearing sae_groups setting in the couple of test cases that were not
yet doing this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-25 15:19:19 +02:00
Jouni Malinen
7c8f5ea6a0 tests: WPA2-PSK with RADIUS for passphrase
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-25 01:28:34 +02:00
Jouni Malinen
849367afe9 SME: Fix a sign-compare warning
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-25 01:07:16 +02:00
Jouni Malinen
df4733dff9 tests: WNM BSS TM Req with non-global operating class table
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-24 10:58:33 +02:00
Jouni Malinen
158211b2db WNM: Use country code, if available, to help in channel mapping
The country code from the current AP needs to be used in
ieee80211_chan_to_freq() to support cases where non-global operating
class table is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-24 10:57:38 +02:00
Jouni Malinen
649c0a6974 WPA: Use more explicit WPA/RSN selector count validation
Some static analyzers had problems understanding "left < count * len"
(CID 62855, CID 62856), so convert this to equivalent "count > left /
len" (len here is fixed to 4, so this can be done efficiently).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:08:13 +02:00
Jouni Malinen
adf96fb66b WPS: Add explicit message length limit of 50000 bytes
Previously, this was implicitly limited by the 16-bit length field to
65535. This resulted in unhelpful static analyzer warnings (CID 62868).
Add an explicit (but pretty arbitrary) limit of 50000 bytes to avoid
this. The actual WSC messages are significantly shorter in practice, but
there is no specific protocol limit, so 50000 is as good as any limit to
use here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
5c6787a6ca PeerKey: Clean up EAPOL-Key Key Data processing on AP
This extends the earlier PeerKey station side design to be used on the
AP side as well by passing pointer and already validated length from the
caller rather than parsing the length again from the frame buffer. This
avoids false warnings from static analyzer (CID 62870, CID 62871,
CID 62872).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
d36f416926 EAP-IKEv2: Make proposal_len validation clearer
Some static analyzers seem to have issues understanding "pos +
proposal_len > end" style validation, so convert this to "proposal_len >
end - pos" to make this more obvious to be bounds checking for
proposal_len. (CID 62874)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
c4de71cec5 EAP-FAST: Make PAC file A_ID parser easier to analyze
Some static analyzers seem to have issues with "pos + len > end"
validation (CID 62875), so convert this to "len > end - pos" to make it
more obvious that len is validated against its bounds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
364182a80f EAP-FAST: Clean up binary PAC file parser validation steps
This was too difficult for some static analyzers (CID 62876). In
addition, the pac_info_len assignment should really have explicitly
validated that there is room for the two octet length field instead of
trusting the following validation step to handle both this and the
actual pac_info_len bounds checking.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
002a2495be radiotap: Initialize all members in ieee80211_radiotap_iterator_init()
_next_ns_data could look like it would be used uninitialized in
ieee80211_radiotap_iterator_next() to static analyzers. Avoid
unnecessary reports by explicitly initializing all variables in struct
ieee80211_radiotap_iterator. (CID 62878)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
5d017065a0 GAS: Clean up Query Response length validation
Previous version was correct, but apparently too complex for some static
analyzers. (CID 68119)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
355e17eb1b HS 2.0: Clarify OSU Server URI length validation
The previous version was valid, but apparently too complex for some
static analyzers. Use a local variable for uri_len and explicitly
compare it against the remaining buffer length. (CID 68121)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
5c58c0ce86 HS 2.0: More explicit hs20_osu_icon_fetch() length validation
The previous version was fine, but too much for some static analyzers to
understand as proper bounds checking. (CID 68122)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
3e94937fa4 P2P: Make p2p_parse_p2p_ie() validation steps easier to analyze
Validation was fine, but a bit too complex for some static analyzers to
understand. (CID 68125)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
46a0352589 Use more explicit num_pmkid validation in RSN IE parsing
Static analyzers may not have understood the bounds checking on
data->num_pmkid. Use a local, temporary variable and validate that that
value is within length limits before assining this to data->num_pmkid to
make this clearer. (CID 62857, CID 68126)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:29 +02:00
Jouni Malinen
e7306bcb59 PCSC: Use clearer file TLV length validation step
This makes it easier for static analyzer to confirm that the length
field bounds are checked. WPA_GET_BE16() is also used instead of
explicit byte-swapping operations in this file. (CID 68129)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 18:37:10 +02:00
Jouni Malinen
fecc09edc3 WNM: Use a clearer validation step for key_len_total
The previous one based on pointer arithmetic was apparently too much for
some static analyzers (CID 68130).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 18:04:02 +02:00
Jouni Malinen
76874379d3 TLS client: Check DH parameters using a local variable
Use a temporary, local variable to check the DH parameters received from
the server before assigning the length to the struct tlsv1_client
variables. This will hopefully make it easier for static analyzers to
figure out that there is bounds checking for the value. (CID 72699)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 17:48:34 +02:00
Jouni Malinen
43aee94899 Interworking: Clearer ANQP element length validation
The upper bound for the element length was already verified, but that
was not apparently noticed by a static analyzer (CID 68128).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 17:41:13 +02:00
Jouni Malinen
b81e274cdf RADIUS client: Print a clear debug log entry if socket is not available
It could have been possible to select a socket that is not open
(sel_sock == -1) and try to use that in socket operations. This would
fail with potentially confusing error messages. Make this clearer by
printing a clear debug log entry on socket not being available.
(CID 72696)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 17:41:13 +02:00
Jouni Malinen
f931374f30 IKEv2: Use a bit clearer payload header validation step
It looks like the "pos + plen > end" case was not clear enough for a
static analyzer to figure out that plen was being verified to not go
beyond the buffer. (CID 72687)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 16:37:16 +02:00
Jouni Malinen
f5f3728a81 WNM: Print debug message if Action frame sending fails
This makes wpa_drv_send_action() return value checking more consistent
(CID 75390).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 16:13:50 +02:00
Jouni Malinen
986ed3a9ca tests: NEIGHBOR_REP_REQUEST failure cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 21:49:45 +02:00
Andrei Otcheretianski
70d1e72849 wpa_supplicant: Handle link measurement requests
Send link measurement response when a request is received. Advertise
only RCPI, computing it from the RSSI of the request. The TX power field
is left to be filled by the driver. All other fields are not published.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-11-22 21:45:07 +02:00
Andrei Otcheretianski
7dc0338806 nl80211: Register Link Measurement Request Action frame
Add link measurement request to registration of Action frames to be
handled by wpa_supplicant if the driver supports TX power value
insertation.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-11-22 21:38:30 +02:00
Assaf Krauss
66d2143435 wpa_cli: Add optional ssid to neighbor report request
Add optional 'ssid' parameter to command "neighbor_rep_request".

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:37:49 +02:00
Assaf Krauss
4c4b230527 wpa_supplicant: Add an option to specify SSID in neighbor report requests
Allow supplying an SSID for the SSID IE. If not supplied, no SSID IE is
sent, and the request implies the current SSID.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:36:42 +02:00