Commit graph

7910 commits

Author SHA1 Message Date
Jouni Malinen
eeab4f2fda Check os_snprintf() result more consistently - automatic 3
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size - 1'. These changes were done automatically with spatch
using the following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || (size_t) E1 >= E3 - 1)
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
7bdd8981f7 Check os_snprintf() result more consistently - automatic 2
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size'. These changes were done automatically with spatch using
the following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || \( E1 > E3 \| (size_t) E1 > E3 \| E1 > (int) E3 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
d85e1fc8a5 Check os_snprintf() result more consistently - automatic 1
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the exact rule used in os_snprintf_error() was
used. These changes were done automatically with spatch using the
following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
a80ba67a26 Check os_snprintf() result more consistently - success case
This converts os_snprintf() result validation cases to use
os_snprintf_error() in cases where success condition was used to execute
a step. These changes were done automatically with spatch using the
following semantic patch:

@@
expression E1,E2,E3;
statement S1;
@@

  E1 = os_snprintf(E2, E3, ...);
- if (\( E1 >= 0 \| E1 > 0 \) && \( (size_t) E1 < E3 \| E1 < (int) E3 \| E1 < E3 \))
+ if (!os_snprintf_error(E3, E1))
  S1

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
a9aaacbb50 Check os_snprintf() result more consistently - maximum length
This adds verification of os_snprintf() result against the maximum
buffer length. These changes were done automatically with spatch
using the following semantic patch:

@@
expression E1,E2,E3;
statement S1;
@@

  E1 = os_snprintf(E2, E3, ...);
- if (\( E1 < 0 \| E1 <= 0 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
0047306bc9 Add os_snprintf_error() helper
This can be used to check os_snprintf() return value more consistently.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
89b48f7b95 Use os_zalloc() instead of os_malloc() and os_memset()
Automatically updated with spatch and the following semantic patch:

@@
expression X;
expression E1;
statement S;
@@

- X = os_malloc(E1);
+ X = os_zalloc(E1);
(
  if (X == NULL) {
	...
  }
- os_memset(X, 0, E1);
|
  if (X == NULL)
	S
- os_memset(X, 0, E1);
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
faebdeaa9e Use os_calloc() instead of os_zalloc()
Automatic changes with spatch using the following semantic patch:

@@
constant C;
type T;
@@

- os_zalloc(C*sizeof(T))
+ os_calloc(C,sizeof(T))

@@
expression E;
type T;
@@

- os_zalloc((E)*sizeof(T))
+ os_calloc(E,sizeof(T))

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
33d0b1579b tests: Optimize WPS tests by avoiding full scan
A single channel scan just before WPS_REG, WPS_PBC, and WPS_PIN commands
can be used to avoid having to run a full scan. This saves significant
amount of time in the WPS test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
80d5a3db9a WPS: Start EAPOL immediately even without WPA on WPS association
Previously, the immediate EAPOL authenticator startup was scheduled
without having received EAPOL-Start only for the case where WPA/WPA2 was
enabled. This can be extended to speed up non-WPA/WPA2 cases as well if
the STA includes WPS IE in Association Request frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
934d5b0403 tests: P2P_GET_PASSPHRASE
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
a5c43328d9 tests: Additional GET_CAPABILITY coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
80cb463463 tests: SAVE_CONFIG error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
76b7694177 tests: Multiple networks and cred removal
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
8c020b0f05 tests: Additional DUP_NETWORK coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
c054190603 Fix DUP_NETWORK debug print on error case
Incorrect network id was printed in debug output if DUP_NETWORK
destination network was not found.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
146374019a tests: Add missing test descriptions
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:06 +02:00
Jouni Malinen
5e2a8ec9e7 tests: wpa_supplicant ctrl_iface mesh command error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:06 +02:00
Jouni Malinen
49328f0756 Remove unnecessary ctrl_iface command check
MESH_GROUP_REMOVE always passes in the cmd pointer, so this cannot
really be NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:06 +02:00
Jouni Malinen
d463c5566f tests: Additional coverage for SCAN_RESULTS and BSS entry flags
This increases wpa_supplicant_ie_txt(), print_bss_info(), and
wpa_supplicant_ctrl_iface_scan_result() testing coverage to include the
previously missing key management options.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:06 +02:00
Jouni Malinen
ff1dd3e9a1 base64: Try to avoid static analyzer warning (part 2)
Shift right on unsigned char limits the value to 0..63 which is within
bounds for base64_table[]. Anyway, some static analyzers do not seem to
understand that. See if an otherwise unnecessary masking gets rid of
false warnings. (CID 62858)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:07:56 +02:00
Jouni Malinen
d02dcb28bc Remove unnecessary ctrl_iface cmd check
This pointer cannot be NULL sicne it is called only from this file and
with a valid pointer to the received command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:07:56 +02:00
Jouni Malinen
feb795d6d3 tests: wpa_supplicant ctrl_iface BSSID command error case
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:07:56 +02:00
Jouni Malinen
061c55a232 tests: Check STATUS mode field during P2P group formation
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:07:56 +02:00
Jouni Malinen
67966089a6 tests: wpa_supplicant ctrl_iface CTRL-RSP-
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:07:56 +02:00
Jouni Malinen
ed685e43ab tests: IBSS_RSN control interface command
This verifies that IBSS_RSN <peer> return OK for the case where a valid
and already connection peer address is given.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:07:56 +02:00
Jouni Malinen
8e33f9c67f tests: wpa_supplicant WPS_AP_PIN random PIN timeout and error caes
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:07:56 +02:00
Jouni Malinen
1490eff500 tests: More coverage for WPS NFC error and uncommon cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:07:56 +02:00
Jouni Malinen
e946c8e682 tests: Fix a typo in an error message
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:07:56 +02:00
Jouni Malinen
b54f697019 tests: Remove test names from VM command with parallel-vm.py
There is no need to pass the test case names to the VMs when using
parallel-vm.py. Removing those from the command line helps in avoiding
kernel panic if maximum number of kernel parameters limit is hit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-07 15:33:22 +02:00
Jouni Malinen
cdbc0baac6 base64: Try to avoid static analyzer warning
Shift right on unsigned char limits the value to 0..63 which is within
bounds for base64_table[]. Anyway, some static analyzers do not seem to
understand that. See if an otherwise unnecessary masking gets rid of
false warnings. (CID 62858)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 19:26:56 +02:00
Jouni Malinen
d84416a2af Interworking: Make bounds checking easier for static analyzers
'num * 5 > end - pos' handles bounds checking a bit more efficiently,
but apparently that is not clear enough for all static analyzers.
Replace with 'num > left / 5' to avoid false reports. (CID 68117)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 19:25:14 +02:00
Jouni Malinen
7d04364104 TLS: Reorder length bounds checking to avoid static analyzer warning
For some reason, "pos + len > end" is not clear enough, but "len > end -
pos" is recognized. Use that to get rid of a false positive from a
static analyzer (CID 72697).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 18:36:02 +02:00
Jouni Malinen
41f480005f EAP-SIM DB: Make recv() null termination easier for static analyzers
For some reason, the previous version was not understood to be null
terminating the buffer from recv(). It was doing this fine, though. Try
to use a bit more simpler design in hopes of getting static analyzers to
understand this. (CID 72702)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 18:35:53 +02:00
Jouni Malinen
8105821b39 Replace send_ft_action() driver_op with send_action()
This reduced number of unnecessarily duplicated driver interface
callback functions for sending Action frames by using the more generic
send_action() instead of FT specific send_ft_action().

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 18:13:29 +02:00
Jouni Malinen
477af8f869 nl80211: Move scanning related functionality to a separate file
This helps in making the still overly large driver_nl80211.c somewhat
more manageable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:59:26 +02:00
Jouni Malinen
71f1d1e54d hostapd: Fix memory leak on dynamic add-BSS error path
If "ADD bss_config=" command failed in driver_init() or
hostapd_setup_interface(), some of the allocated resources were not
freed properly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:42:23 +02:00
Jouni Malinen
3f63614f18 nl80211: Clean up nl80211_scan_common() to use nl80211_cmd_msg()
This helper function had not used the nl80211_set_iface_id() helper, but
there is no reason why it couldn't re-use the same helper as other
places using nl80211_cmd_msg().

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:18:51 +02:00
Jouni Malinen
95376e1a99 nl80211: Use nl80211_iface_msg() helper
Use the helper function to replace places that use nlmsg_alloc(),
nl80211_cmd(), and ifindex.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:18:51 +02:00
Jouni Malinen
13f83980f0 nl80211: Use nl80211_bss_msg() helper
Use the helper function to replace places that use nlmsg_alloc(),
nl80211_cmd(), and either bss->ifindex or if_nametoindex(bss->ifname).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:18:46 +02:00
Jouni Malinen
a3249fdfb8 nl80211: Use nl80211_cmd_msg() for P2P Device operations
bss->wdev_id_set is set for the non-detdev P2P Device, so
nl80211_cmd_msg() can be used as-is for these cases as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:17:19 +02:00
Jouni Malinen
9725b78421 nl80211: Use nl80211_drv_msg() helper
Use the helper function to replace places that use nlmsg_alloc(),
nl80211_cmd(), and drv->ifindex.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:17:12 +02:00
Jouni Malinen
350acc354d nl80211: Move nl80211_set_iface_id() next its only remaining user
This function was in a bit strange location between struct family_data
and family_handler() definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 16:41:26 +02:00
Jouni Malinen
56f77852e5 nl80211: Use the new nl80211_cmd_msg() helper
This removes duplicated code for building nl80211 commands for a BSS.
This commit handles the functions that were already using
nl80211_set_iface_id().

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 16:41:25 +02:00
Jouni Malinen
07c7757cb1 nl80211: Add nl80211_*_msg() helpers
These new functions can be used to both allocate and build a header for
most nl80211 commands.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 16:41:01 +02:00
Jouni Malinen
a862e4a38f nl80211: Continue getting rid of NLA_PUT* macro use
This gets rid of more NLA_PUT* macro uses in nl80211 to reduce the
number of functions that depend on the hidden behavior of jumping to the
nla_put_failure label.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 12:50:15 +02:00
Jouni Malinen
9589a91e0e nl80211: Get rid of NLA_PUT* macro use in capability checking
This gets rid of NLA_PUT* macro use in checking nl80211 capabilities to
reduce the number of functions that depend on the hidden behavior of
jumping to the nla_put_failure label.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 12:18:38 +02:00
Jouni Malinen
f27f1644a8 PCSC: Make AID copying easier for static analyzers
Use a separate pointer and length field instead of trying to copy from a
struct field that has only part of the full buffer available.
(CID 68115)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 12:16:32 +02:00
Jouni Malinen
c397eff828 Make GTK length validation easier to analyze
Bounds checking for gd->gtk_len in wpa_supplicant_check_group_cipher()
was apparently too complex for some static analyzers. Use a local
variable and a more explicit validation step to avoid false report.
(CID 62864)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 12:16:32 +02:00
Jouni Malinen
369d07afc1 FT: Make aes_wrap() call easier to analyze
Using aes_wrap() to initialize a data structure seemed to be too much
for some static analyzers to understand. Make it obvious that the target
is not just the single struct member. (CID 68111)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 12:16:32 +02:00