When GO negotation fails the WPS method is currently not cleared, which
can result in GO negotiation being resumed when a GO negotiation request
frame is received from the peer. That is unexpected as locally we
already gave up.
This manifests itself in getting
1319574733.955685: wlan0: P2P-GO-NEG-FAILURE status=-1
1319574733.955723: P2P: Removing pending group interface p2p-wlan0-0
...
1319574736.648378: wlan0: P2P: Starting GO Negotiation with previously
authorized peer
...
1319574736.650115: wlan0: P2P: Sending GO Negotiation Response
...
1319574736.988038: wlan0: P2P-GO-NEG-SUCCESS
1319574736.988233: P2P: No pending group interface
1319574736.988268: P2P: Create a new interface p2p-wlan0-1 for the group
Clear the WPS method to avoid this situation. I wasn't
able to test this though, but given the log I can only
assume this is how the situation happened.
Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
If P2P device expires while a GO Negotiation is in progress, currently
p2p->go_neg_peer is cleared without indicating GO Nego failure. This
will result in pending group interfaces to be left over. This patch will
indicate GO Negotiation failure and will remove any pending group
interfaces.
This patch addresses a corner case in GO-Negotiation case. Consider the
scenario where two devices A and B are in discovery stage and Device B
vanishes [moves out of range] when a connect is issued on the Device A.
Then Device A keeps on retrying the GO Negotiation Request till the
retry limit is reached. On reaching retry limit, the pending group
interface is removed. But suppose if the peer entry in the device list
expires before the retry limit is reached, then pending group interface
was not removed.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
Scan wasn't initiated in case the config contained only networks without
scan_ssid. In such a case we want scan to be initiated without any SSIDs
to actively scan but include all the SSIDs in the filter list. Also
added some debug logs to easily see which SSIDs were included in which
list.
Cc: Luciano Coelho <coelho@ti.com>
Signed-off-by: Eyal Shapira <eyal@wizery.com>
Invalid use of memcpy instead of memcmp in comparison resulted in the
GO interface address getting set incorrectly if the GO did not show up
in scan results anymore.
Signed-hostap: Jouni Malinen <j@w1.fi>
trace.h may end up including system header files that define offsetof,
so include the compatibility definition from list.h only after this.
Signed-hostap: Jouni Malinen <j@w1.fi>
HT_INFO_OPERATION_MODE_OP_MODE_MASK is used with variables in host
byte order, so it should not be claimed as le16.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is a workaround for Windows 7 supplicant rejecting WPA msg 3/4
in case it used Secure=1 in msg 2/4. This can happen, e.g., when
rekeying PTK after EAPOL-Key Error Request (Michael MIC failure)
from the supplicant.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up the code a bit by not having to deal with theoretical
possibility of maximum number of EAP methods to be different between
various components in hostapd.
Signed-hostap: Jouni Malinen <j@w1.fi>
Some static analyzers complain about memset with '0' value. This was
used correctly here, but since use of strdup is about as good an option,
use that to silence the invalid warnings.
Signed-hostap: Jouni Malinen <j@w1.fi>
This avoid incorrect errors from some static analyzers that do not like
memmove with pointers just after the end of a buffer even if the number
of bytes to move is zero.
Signed-hostap: Jouni Malinen <j@w1.fi>
Some drivers do not handle concurrent remain-on-channel operation
requests, so run p2p_stop_find() prior to starting p2p_listen. This
addresses some issues with P2P_LISTEN command being issues again
while already in Listen state.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
All we really need is the family ID, and we can
get that with genl_ctrl_resolve() and then don't
need to worry about family/cache objects.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
If a P2P client associates with the group while it is
already associated, two member entries may be added to
the group which also confuses num_members counting.
Deal with this by removing the existing entry first
before adding a new one.
I think the way Reinette ran into this was due to our
tx_sync implementation in iwlagn, mac80211 might have
queued two association frames thinking the first one
just failed, but both only went out after the sync was
really successful (which tx_sync doesn't wait for).
Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
In AP mode, authentication algorithm is reset in
hostapd_config_defaults_bss() and never set to the configured one. This
would pass the default auth_algs (OPEN|SHARED) to driver regardless of
what the wpa_supplicant configuration is requesting.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
The P2P_FIND command was failing if it was issued at the moment when
a scan operation was in progress. Avoid returning failure in this
case by scheduling the P2P find to start once the ongoing scan is
completed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
WEXT is not really changing anymore and more or less all Linux
distros come with linux/wireless.h that is recent enough to
allow the driver wrappers to be build.
Signed-hostap: Jouni Malinen <j@w1.fi>
The libnl_2 library uses static linking and different path for
header files in the Android ICS release.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Use a temporary PTK buffer during 4-way handshake when rekeying PTK
so that the new EAPOL-Key frame MIC values are checked against the
new PTK and frames are decrypted using the old PTK. Take the new
PTK into use once msg 4/4 is processed and clear RSC counters at
that point (including moving of RSC update to avoid setting RSC
based on the msg 4/4).
In addition, add a workaround to handle supplicant implementations that
set Secure bit to one during PTK rekeying 4-way handshake in msg 2/4.
This was previously assumed to be msg 4/4, but the key data contents
can be used to figure out whether this is msg 2/4 even if the Secure
bit is set to one.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
P2P IE was incorrectly added in wpa_supplicant AP mode even if P2P
function was not actually enabled.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When wpa_supplicant AP mode is used, WPS was enabled by default
regardless of security mode. This is not desired for WEP, so change
the AP configuration to enable WPS only for open and WPA/WPA2-Personal
networks.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit c2ff13c533 broke this with a
copy-paste typo that ended up adding the Probe Request P2P IE into the
Beacon frame (i.e., Beacon frame had two P2P IEs while Probe Response
had none).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Avoid zero-length memset at the end of the buffer. This is not really
needed, but it makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Avoid zero-length memset at the end of the buffer. This is not really
needed, but it makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Explicitly validate data_len so that static analyzers do not get
confused about the padlen validation. This is not really needed, but it
makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Explicitly validate seed_len to skip memset call with zero length
of copied data at the end of the buffer. This is not really needed,
but it makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
data->phase2_method cannot really be NULL if
eap_fast_init_phase2_method() returns success, but this construction
seems to be too difficult for some static analyzers. While this change
is not really needed in practice, it makes it easier to go through
warnings from such analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
hapd->time_adv cannot really be NULL if hostapd_update_time_adv()
returns success, but this construction seems to be too difficult
for some static analyzers. While this change is not really needed
in practice, it makes it easier to go through warnings from such
analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
md->curlen cannot indicate full buffer size here since the buffered
data is processed whenever the full block size of data is available.
Avoid invalid warnings from static analyzers on memcpy() outside the
buffer length by verifying that curlen is smaller than block size.
Signed-hostap: Jouni Malinen <j@w1.fi>