Commit graph

360 commits

Author SHA1 Message Date
Jouni Malinen
d264c2e390 HTTP (curl): Try SHA256 hash for OCSP certificate matching
Previously, only SHA1 hash -based server certificate matching was used,
but the OCSP response may use SHA256 instead of SHA1, so check the match
with both hash functions, if needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-09 23:36:36 +03:00
Jonas Larsson
853cfa8738 Detect endianness when building for RTEMS
This adds endianness detection and byte swap
definitions for the RTEMS RTOS.

Signed-off-by: Jonas Larsson <ljonas@google.com>
2017-05-05 00:41:12 +03:00
Michael Braun
50bd8e0a90 FT: Replace inter-AP protocol with use of OUI Extended Ethertype
Replace the previously used extension of IEEE 802.11 managed Ethertype
89-0d (originally added for Remote Request/Response in IEEE 802.11r)
with Ethertype 88-b7 (OUI Extended EtherType) for FT inter-AP
communication. The new design uses a more properly assigned identifier
for the messages.

This assigns the OUI 00:13:74 vendor-specific subtype 0x0001 for the new
hostapd AP-to-AP communication purposes. Subtypes 1 (PULL), 2 (RESP),
and 3 (PUSH) are also assigned in this commit for the R0KH-R1KH
protocol.

This breaks backward compatibility, i.e., hostapd needs to be updated on
all APs at the same time to allow FT to remain functional.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2017-05-03 18:30:31 +03:00
Jouni Malinen
183d3924cf WPS: Add option for using random UUID
If the uuid configuration parameter is not set, wpa_supplicant generates
an UUID automatically to allow WPS operations to proceed. This was
previously always using an UUID generated from the MAC address. This
commit adds an option to use a random UUID instead. The type of the
automatically generated UUID is set with the auto_uuid parameter: 0 =
based on MAC address (default; old behavior), 1 = random UUID.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-13 17:38:55 +03:00
Jouni Malinen
e2f00bb5ff xml: Add Value node in TNDS node conversion for empty value case
Previously, the Value node was not added if value of a node could not be
fetched. This can cause interoperability issues, so address that in the
same way as an empty length value, i.e., by adding a Value node with
zero-length contents.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-26 21:13:21 +03:00
Johannes Berg
a1f11e34c4 Use os_memdup()
This leads to cleaner code overall, and also reduces the size
of the hostapd and wpa_supplicant binaries (in hwsim test build
on x86_64) by about 2.5 and 3.5KiB respectively.

The mechanical conversions all over the code were done with
the following spatch:

    @@
    expression SIZE, SRC;
    expression a;
    @@
    -a = os_malloc(SIZE);
    +a = os_memdup(SRC, SIZE);
    <...
    if (!a) {...}
    ...>
    -os_memcpy(a, SRC, SIZE);

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-07 13:19:10 +02:00
Johannes Berg
dbdda355d0 Introduce os_memdup()
This can be used to clean the code and reduce size by converting
os_malloc() followed by os_memcpy() cases to use a single function call.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-07 13:18:49 +02:00
Johannes Berg
5118319831 trace: Look up start to cope with ASLR
When ASLR is enabled, like it is by default on many distros now,
the trace code doesn't work right.

Fix this by looking up the start of the executable mapping and
subtracing it from all the lookups.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2017-02-28 11:37:19 +02:00
Purushottam Kushwaha
5db32adc99 browser-wpadebug: Send HTTP response with HTTP/1.1 header
HTTP response was previously sent as a plaintext without the HTTP header
on port 12345. By default Android webview/Chrome assumes plaintext as
HTTP/0.9 data. Android webview/Chrome has removed support of HTTP/0.9
request/response on non-standard ports, i.e., other than port 80. This
results in error while opening URL 'http://localhost:12345/'.

Fix this by prefixing the HTTP response with the HTTP/1.1 header.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 13:35:44 +02:00
Liu Li
0217b8d874 eloop: Fix comments mismatch eloop_event/timeout_handler definitions
Signed-off-by: Liu Li <lli_njupt@163.com>
2017-02-04 20:41:12 +02:00
Wojciech Dubowik
cc3dae85bd hostapd: Add possibility to send debug messages to syslog
We can only send module specific messages to syslog and not debug
messages printed with wpa_printf. Add an extra command line parameter
'-s' to allow it. The feature is enabled with compile flag
CONFIG_DEBUG_SYSLOG as for wpa_supplicant and behaves in the same manner
as the wpa_supplicant -s command line argument.

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
2017-01-30 00:57:13 +02:00
Jouni Malinen
5de6823f7a tests: TEST_FAIL() support for os_get_random()
This allows more testing for rarely executed error paths.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-07 22:15:41 +02:00
Avraham Stern
b3060bf99f common: Add helper function to convert RSSI to RCPI
This conversion will be done several times in the code, so add a helper
function that does this conversion.

Signed-off-by: Avrahams Stern <avraham.stern@intel.com>
2017-01-03 15:18:29 +02:00
Nishant Chaprana
230b2b2c3d Removed redundant NULL check for b in wpabuf_concat()
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2016-10-28 19:05:08 +03:00
Jouni Malinen
e2991ee580 Move CRC-32 routine from wlantest to src/utils
This allows the CRC-32 routine to be shared for other purposes in
addition to the WEP/TKIP/FCS within wlantest.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-09 17:13:23 +03:00
Nishant Chaprana
746e5c2565 Fix spelling mistakes in number of comments
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2016-09-30 22:45:03 +03:00
Rahul Bedarkar
a2072a29b9 utils: os_unix: Use access() for checking file existence
Trying to open file for checking file existence seems to be too much.
Instead use access system call which is meant for the same.

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
2016-08-08 00:24:07 +03:00
Arran Cudbard-Bell
b84ce655d3 Link to, and adjust types for, the PCSC framework included with OSX
Signed-off-by: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
2016-08-07 11:20:33 +03:00
Jouni Malinen
e55df99ee6 Share a single str_starts() implementation
No need to define this as a static function in multiple files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:38:21 +03:00
Jouni Malinen
82ffcba755 Move extern declarations for ext_password backends into a header file
This gets rid of a sparse warning and also allows the compatibility of
the declarations to be verified (a missing const declaration is fixed
here as well).

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-24 19:02:58 +03:00
Jouni Malinen
50a17a76e1 tests: Declare module test functions in a header file
This gets rid of number of warnings from sparse.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 18:26:09 +03:00
Jouni Malinen
fad6485c56 radiotap: Silence sparse warnings about byte order swapping
These little endian fields were not marked properly and the type case in
the get_unaligned_* helper macros were causing warnings from sparse.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 18:08:11 +03:00
Jouni Malinen
0e672b89e7 trace: Define externs in a header file
This gets rid of some unnecessary strace warnings from test builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:28:54 +03:00
Jouni Malinen
6527b52ead Undefine __bitwise before defining it for sparse
This gets rid of a compiler warning due to a bit different construction
in linux/types.h.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:23:46 +03:00
Cedric Izoard
04c18fa04b curl: Don't free memory for subjectAltName before calling callback
Freeing memory for subjectAltName in parse_cert(), will give cert_cb
pointers to freed memory zone that may already been overwritten. Memory
for subjectAltName is released in parse_cert_free().

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2016-06-19 22:11:36 +03:00
SiWon Kang
7a1887faec wpa_cli: Add backspace key process for some terminal
In some terminal, verified with gtkterm and teraterm, backspace key is
not properly processed. For instance, type 'abc', 3 times of backspace
key press then '123' shows the result of 'abc123' instead of '123'. To
fix this, add a routine to process '\b' character input when using
edit_simple.c instead of edit.c (i.e., without CONFIG_WPA_CLI_EDIT=y).

Signed-off-by: Siwon Kang <kkangshawn@gmail.com>
2016-05-13 18:48:45 +03:00
Paul Stewart
0fe5a23424 Remove newlines from wpa_supplicant config network output
Spurious newlines output while writing the config file can corrupt the
wpa_supplicant configuration. Avoid writing these for the network block
parameters. This is a generic filter that cover cases that may not have
been explicitly addressed with a more specific commit to avoid control
characters in the psk parameter.

Signed-off-by: Paul Stewart <pstew@google.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
ecbb0b3dc1 WPS: Reject a Credential with invalid passphrase
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a Credential received from a WPS Registrar both as
STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
WPA2PSK authentication type and includes an invalid passphrase.

This fixes an issue where hostapd or wpa_supplicant could have updated
the configuration file PSK/passphrase parameter with arbitrary data from
an external device (Registrar) that may not be fully trusted. Should
such data include a newline character, the resulting configuration file
could become invalid and fail to be parsed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
David Spinadel
624b8a061f utils: Add ssid_parse() function
Add a function that parses SSID in text or hex format. In case of the
text format, the SSID is enclosed in double quotes. In case of the hex
format, the SSID must include only hex digits and not be enclosed in
double quotes. The input string may include other arguments after the
SSID.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:37 +03:00
David Spinadel
9d955f751e utils: Rename hostapd_parse_bin to wpabuf_parse_bin and move it
Make the function available as part of the wpabuf API.
Use this renamed function where possible.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-09 11:23:36 +03:00
Jouni Malinen
6d07e76020 wlantest: Use local ETH_P_IP define instead of linux/if_ether.h
There is no strong need for pulling in linux/if_ether.h here since all
that is needed if ETH_P_IP and we already cover multiple other ETH_P_*
values in utils/common.h.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:35:30 +02:00
Jouni Malinen
64ce5905f8 libxml2: Check for xmlDocDumpFormatMemory() error case
Since this function needs to allocate memory, it might fail. Check that
the returned memory pointer is not NULL before trying to parse the
output.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 21:49:28 +02:00
Eliad Peller
4a6e9e5599 Fix CONFIG_WPA_TRACE=y compilation without CONFIG_WPA_TRACE_BFD=y
syms is defined only for WPA_TRACE_BFD:

../src/utils/trace.c: In function ‘wpa_trace_deinit’:
../src/utils/trace.c:372:7: error: ‘syms’ undeclared (first use in this function)
  free(syms);
       ^
../src/utils/trace.c:372:7: note: each undeclared identifier is reported only once for each function it appears in
make: *** [../src/utils/trace.o] Error 1
make: *** Waiting for unfinished jobs....

Add appropriate #ifdef.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-03 16:23:23 +02:00
Roy Marples
e21cecaf54 kqueue: Use 0 instead of NULL for udata
Use 0 for udata instead of NULL for portability.
NetBSD uses uintptr_t, others a pointer.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-18 17:40:12 +02:00
Roy Marples
640b0b933a ctype functions require an unsigned char
Ensure that characters are represented as unsigned char when using
isblank() and isspace(). These function take in a "int c" argument, but
it needs to be unsigned for the cases where EOF is not indicated.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-18 17:39:00 +02:00
Jouni Malinen
6136d43b8e trace: Free symbols on program exit
This makes valgrind memleak checks with CONFIG_WPA_TRACE=y somewhat
cleaner.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 14:10:29 +02:00
Jouni Malinen
d9a0f69747 OpenSSL: Fix memory leak in OCSP parsing
The result from OCSP_cert_to_id() needs to be freed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 00:40:41 +02:00
Jouni Malinen
e60913b600 curl: Fix memory leak in subjectAltName parsing
The parsed data from X509_get_ext_d2i() needs to be freed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 00:33:27 +02:00
Jouni Malinen
9e1f1bdb6f eloop: Clean up coding style for eloop debug prints
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 18:09:21 +02:00
Roy Marples
f9982b3212 Implement kqueue(2) support via CONFIG_ELOOP_KQUEUE
NOTE: kqueue has to be closed and re-build after forking. epoll *should*
do the same, but it seems that wpa_supplicant doesn't need it at least.

I have re-worked a little bit of the epoll code (moved into a similar
kqueue function) so it's trivial to requeue epoll if needed in the
future.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-07 18:09:19 +02:00
Roy Marples
2e69bdd16a eloop: Add eloop_sock_requeue()
This function can be used to re-build eloop socket tables after forking
for eloop implementations that need this.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-07 12:38:04 +02:00
Roshan Pius
0ae86f9043 wpa_supplicant: Fix couple of C++ compiler errors with header files
Need to include these headers in C++ files for adding a binder interface
to wpa_supplicant. So, fix the following C++ compiler errors in them:
1. Add explicit C-style casts in wpa_buf.h header.
2. Move the nested definition of wpa_driver_scan_ssid in driver.h
outside of wpa_driver_scan_params because it is used in another
structure below.

Signed-off-by: Roshan Pius <rpius@google.com>
2016-02-06 15:26:48 +02:00
Jouni Malinen
2088ecb970 OSU: Add debug printing of more LogotypeExtn fields
Couple of the image info fields were not printed previously in debug
log. Add those to make this more complete.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-05 00:24:49 +02:00
Ayala Beker
819ad5b70b utils: Fix NULL pointer dereference with unexpected kernel behavior
Fix mostly theoretical NULL pointer dereference in
wpa_debug_open_linux_tracing() if /proc/mounts were to return a
malformed line.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2015-12-18 00:24:52 +02:00
Jouni Malinen
8d27efa814 HTTP (curl): OCSP with BoringSSL
This adds experimental support for using OCSP with libcurl that is built
against BoringSSL. This needs small modifications to libcurl to allow
CURLOPT_SSL_VERIFYSTATUS to be used to call
SSL_enable_ocsp_stapling(connssl->handle) in ossl_connect_step1().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-04 20:08:31 +02:00
Somdas Bandyopadhyay
83702b6088 Android: Give user the option for selecting browser for HS 2.0 OSU
When built with browser-android.c, hs20-osu-client used to always launch
the native/stock Android browser for OSU user interaction. This browser
is not present in all devices. It is better to give the option to the
user to select his/her browser.

Here the user will be shown a pop up to select the browser that he/she
wants.

Signed-off-by: Somdas Bandyopadhyay <somdas.bandyopadhyay@intel.com>
2015-11-22 21:06:17 +02:00
Jouni Malinen
d8fd633ebb Do not write ERROR level log entries if debug file is not used
wpa_debug_reopen_file() used to write an error message at MSG_ERROR
level if it was called with last_path == NULL (the last debug log file
path not known). This is not a fatal error, but a normal case if
wpa_debug_open_file() has not been used. Remove the error message and
return success in such case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 20:45:02 +02:00
Jouni Malinen
40762fcede PCSC: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:35:00 +02:00
Rui Paulo
22e8df3a98 Portability fixes for FreeBSD - os_fdatasync()
Use fsync() when fdatasync() and F_FULLSYNC isn't available.

Signed-off-by: Rui Paulo <rpaulo@freebsd.org>
2015-10-15 16:14:30 +03:00
Josh Lehan
1d61a8efee Escape DEL char (ASCII 127 decimal) in SSIDs
While testing, I noticed that printf_encode() makes control characters
human-readable, with one exemption, the DEL character (ASCII 127).
Assuming this exemption was unintentional, make it appear as an escaped
\x7f instead of a literal DEL character in the output.

Signed-off-by: Josh Lehan <krellan@krellan.net>
2015-10-14 19:28:57 +03:00