From 0e399ced325b43405d92eab501ac19e81a9f47d4 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 3 Mar 2024 18:16:58 +0200 Subject: [PATCH] tests: wpa_supplicant configuration parser range checking Signed-off-by: Jouni Malinen --- tests/hwsim/test_wpas_config.py | 155 ++++++++++++++++++++++++++++++++ 1 file changed, 155 insertions(+) diff --git a/tests/hwsim/test_wpas_config.py b/tests/hwsim/test_wpas_config.py index 601517c7b..2b6ab2ac0 100644 --- a/tests/hwsim/test_wpas_config.py +++ b/tests/hwsim/test_wpas_config.py @@ -693,3 +693,158 @@ def test_wpas_config_file_invalid_network(dev, apdev, params): if success: raise Exception("Interface addition succeeded with invalid configuration") + +def test_wpas_config_range_check(dev, apdev): + """wpa_supplicant configuration parser range checking""" + tests = [("eapol_version", 0, 4), + ("max_peer_links", -1, 256), + ("mesh_fwding", -1, 2), + ("auto_uuid", -1, 2), + ("device_name", 33*'A', None), + ("manufacturer", 65*'A', None), + ("model_name", 33*'A', None), + ("model_number", 33*'A', None), + ("serial_number", 33*'A', None), + ("wps_cred_processing", -1, 3), + ("wps_cred_add_sae", -1, 2), + ("p2p_go_intent", -1, 16), + ("persistent_reconnect", -1, 2), + ("p2p_intra_bss", -1, 2), + ("p2p_go_freq_change_policy", -1, 4), + ("p2p_passphrase_len", 7, 64), + ("p2p_add_cli_chan", -1, 2), + ("p2p_optimize_listen_chan", -1, 2), + ("p2p_go_ctwindow", -1, 128), + ("p2p_ignore_shared_freq", -1, 2), + ("p2p_cli_probe", -1, 2), + ("filter_ssids", -1, 2), + ("filter_rssi", -101, 1), + ("ap_isolate", -1, 2), + ("disassoc_low_ack", -1, 2), + ("hs20", -1, 2), + ("interworking", -1, 2), + ("access_network_type", -1, 16), + ("go_interworking", -1, 2), + ("go_access_network_type", -1, 16), + ("go_internet", -1, 2), + ("go_venue_group", -1, 256), + ("go_venue_type", -1, 256), + ("pbc_in_m1", -1, 2), + ("wps_nfc_dev_pw_id", 15, 65536), + ("auto_interworking", -1, 2), + ("sae_check_mfp", -1, 2), + ("sae_pwe", -1, 4), + ("sae_pmkid_in_assoc", -1, 2), + ("ignore_old_scan_res", -1, 2), + ("mac_addr", -1, 3), + ("preassoc_mac_addr", -1, 3), + ("fst_group_id", "", 129*"A"), + ("fst_priority", 0, 256), + ("fst_llt", 0, 2**32), + ("cert_in_cb", -1, 2), + ("wpa_rsc_relaxation", -1, 2), + ("mbo_cell_capa", 0, 4), + ("disassoc_imminent_rssi_threshold", -121, 1), + ("oce", -1, 4), + ("ftm_responder", -1, 2), + ("ftm_initiator", -1, 2), + ("gas_rand_mac_addr", -1, 3), + ("dpp_config_processing", -1, 3), + ("dpp_connector_privacy_default", -1, 2), + ("coloc_intf_reporting", -1, 2), + ("disable_btm", -1, 2), + ("extended_key_id", -1, 2), + ("wowlan_disconnect_on_deinit", -1, 2), + ("force_kdk_derivation", -1, 2), + ("pasn_corrupt_mic", -1, 2), + ("mld_force_single_link", -1, 2), + ("mld_connect_band_pref", -1, 5), + ("ft_prepend_pmkid", -1, 2)] + for name, value1, value2 in tests: + if "OK" in dev[0].request(f"SET {name} {value1}"): + raise Exception(f"Invalid SET command accepted: {name}={value1}") + if value2 is not None: + if "OK" in dev[0].request(f"SET {name} {value2}"): + raise Exception(f"Invalid SET command accepted: {name}={value2}") + + id = dev[0].add_network() + tests = [("ssid", '"' + 33*"A" + '"', None), + ("scan_ssid", -1, 2), + ("ht", -1, 2), + ("vht", -1, 2), + ("he", -1, 2), + ("ht40", -2, 2), + ("max_oper_chwidth", -2, 4), + ("mode", -1, 6), + ("no_auto_peer", -1, 2), + ("mesh_fwding", -1, 2), + ("mesh_rssi_threshold", -256, 2), + ("proactive_key_caching", -2, 2), + ("disabled", -1, 3), + ("ieee80211w", -1, 3), + ("mixed_cell", -1, 2), + ("frequency", -1, 70201), + ("fixed_freq", -1, 2), + ("enable_edmg", -1, 2), + ("edmg_channel", 8, 14), + ("acs", -1, 2), + ("wpa_deny_ptk0_rekey", -1, 3), + ("ignore_broadcast_ssid", -1, 3), + ("disable_ht", -1, 2), + ("disable_ht40", -1, 2), + ("disable_sgi", -1, 2), + ("disable_ldpc", -1, 2), + ("ht40_intolerant", -1, 2), + ("tx_stbc", -2, 2), + ("rx_stbc", -2, 4), + ("disable_max_amsdu", -2, 2), + ("ampdu_factor", -2, 4), + ("ampdu_density", -2, 8), + ("disable_vht", -1, 2), + ("vht_rx_mcs_nss_1", -2, 4), + ("vht_rx_mcs_nss_2", -2, 4), + ("vht_rx_mcs_nss_3", -2, 4), + ("vht_rx_mcs_nss_4", -2, 4), + ("vht_rx_mcs_nss_5", -2, 4), + ("vht_rx_mcs_nss_6", -2, 4), + ("vht_rx_mcs_nss_7", -2, 4), + ("vht_rx_mcs_nss_8", -2, 4), + ("vht_tx_mcs_nss_1", -2, 4), + ("vht_tx_mcs_nss_2", -2, 4), + ("vht_tx_mcs_nss_3", -2, 4), + ("vht_tx_mcs_nss_4", -2, 4), + ("vht_tx_mcs_nss_5", -2, 4), + ("vht_tx_mcs_nss_6", -2, 4), + ("vht_tx_mcs_nss_7", -2, 4), + ("vht_tx_mcs_nss_8", -2, 4), + ("disable_he", -1, 2), + ("macsec_policy", -1, 2), + ("macsec_integ_only", -1, 2), + ("macsec_replay_protect", -1, 2), + ("macsec_offload", -1, 3), + ("macsec_port", -1, 65535), + ("mka_priority", -1, 256), + ("macsec_csindex", -1, 2), + ("roaming_consortium_selection", 16*"00", None), + ("mac_addr", -2, 4), + ("pbss", -1, 3), + ("wps_disabled", -1, 2), + ("fils_dh_group", -1, 65536), + ("dpp_pfs", -1, 3), + ("dpp_connector_privacy", -1, 2), + ("owe_group", -1, 65536), + ("owe_only", -1, 2), + ("owe_ptk_workaround", -1, 2), + ("multi_ap_backhaul_sta", -1, 2), + ("ft_eap_pmksa_caching", -1, 2), + ("beacon_prot", -1, 2), + ("transition_disable", -1, 256), + ("sae_pk", -1, 3), + ("disable_eht", -1, 2), + ("enable_4addr_mode", -1, 2)] + for name, value1, value2 in tests: + if "OK" in dev[0].request(f"SET_NETWORK {id} {name} {value1}"): + raise Exception(f"Invalid SET_NETWORK command accepted: {name}={value1}") + if value2 is not None: + if "OK" in dev[0].request(f"SET_NETWORK {id} {name} {value2}"): + raise Exception(f"Invalid SET_NETWORK command accepted: {name}={value2}")