Commit graph

3233 commits

Author SHA1 Message Date
Jouni Malinen
dacf605812 D-Bus: Fix Introspect() in case of os_strdup() failure
add_interface() did not check for os_strdup() return value and could end
up dereferencing a NULL pointer if memory allocation failed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
68a866974b D-Bus (old): Fix wpsReg error message
This was supposed to return WpsRegError, not WpsPbcError.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
f0614bc6c6 D-Bus (old): Fix message handler error paths
The error reply needs to be sent out as a response. The "out" label was
in incorrect place to allow that to happen; instead, it ended up leaking
memory for the generated reply message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
a2af1c70c5 D-Bus (old): Fix memory leak on error path
If setSmartcardModules() fails to allocate memory with os_strdup(), the
allocated items in the dict entry were not freed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
942b75468d tests: Add module tests for AES-SIV
This moves the AES-SIV test case from tests/test-aes.c to be part of
wpa_supplicant module testing framework with a new
src/crypto/crypto_module_tests.c component. In addition, the second test
vector from RFC 5297 is also included for additional coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 15:50:53 +02:00
Ilan Peer
8b48e32006 wpa_cli: Add MAC address randomization in scan
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Ilan Peer
fb375883f4 ctrl_iface: Add MAC address randomization in scan processing
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Ilan Peer
56c76fa592 scan: Add MAC address randomization in scan handling
1. Supported MAC address randomization for scan.
2. Supported MAC address randomization for scheduled scan.
2. Supported MAC address randomization for pno.
4. Add functions to set and clear the MAC address randomization
   state variables.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Arik Nemtsov
7db53bb8c5 wpa_cli: Implement TDLS start/cancel channel switching commands
For the start operation, this includes appropriate parameters for
specifying channel and peer information. The cancel operation includes
peer information.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-01-04 21:46:37 +02:00
Arik Nemtsov
6b90deae4d TDLS: Propagate enable/disable channel-switch commands to driver
The supplicant code does not try to control the actual channel of the
radio at any point. It simply passes the target peer and channel
parameters to the driver. It's the driver's responsibility to
periodically initiate TDLS channel-switch operations when TDLS
channel-switching is enabled.

Allow enable/disable operations to be invoked via the control interface.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-01-04 20:30:11 +02:00
Arik Nemtsov
4daa572925 TDLS: Add channel-switch capability flag
Propagate a driver TDLS channel-switch support bit from nl80211 to
TDLS code.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-01-04 18:59:31 +02:00
Eliad Peller
8c42b36902 WMM AC: Reconfigure tspecs on reassociation to the same BSS
The specification requires the tspecs to be kept upon reassociation to
the same BSS. Save the last tspecs before such reassociation, and
reconfigure on the association notification.

Note that the current flow is not transparent to the user
(it is notified about deauth/reassoc and tspec removal/addition).

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:41:00 +02:00
Eliad Peller
677e7a9582 WMM AC: Do not fail on unknown IEs in Association Response
Some APs add their custom (vendor-specific) IEs to the Association
Response frame. Fail WMM AC initialization only if Association Response
frame IE parsing actually failed, i.e., ignore all unknown IEs.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:33:29 +02:00
Eliad Peller
fecc2bb5a8 WMM AC: Delete tspecs on roaming
In case of roaming, we don't get disassoc notification, but
still want to remove the existing tspecs.

Move the wmm_ac_notify_disassoc() call to the state change
function, which get called also on roaming.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:32:59 +02:00
Eliad Peller
20fe74561c WMM AC: Print user-priority in wmm_ac_status
The UP is important property of the tspec, so print it as well.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:31:18 +02:00
Jouni Malinen
d118a6b8c8 D-Bus: Fix WPS.Start method in AP/P2P GO mode
Previously, role="enrollee" was required to be used to allow the AP mode
WPS operation to be started. This is incorrect since the AP/GO will
operate in Registrar role. Fix this by ignoring the role parameter when
AP (including P2P GO) mode is enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
bd47d68035 WPS: Reject station-mode WPS operations when AP mode is enabled
Start of station-mode WPS PBC/PIN/Registrar/NFC operation would result
in the AP mode getting disabled. This can be particularly confusing for
the P2P GO case where the group would need to be stopped cleanly. As
such, it is better to reject these invalid operations rather than trying
to handle all corner cases needed to allow this to work robustly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
f47a562c73 D-Bus: Move NetworkRequest signal to correct registration array
This is an interface signal, not a global signal, so move it to the
current array for registering the signal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
afaa6d99a4 D-Bus: Remove registration of P2PStateChanged signal
This signal is not generated anywhere, so there is no point in claiming
it to be available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
1a4efde5bd D-Bus: Make P2P Group Passphrase property getter available for P2P Client
There is no need to limit this property based on the role of the device
in the group, so return the passphrase if it is available. It will be
available in GO role and it may be available in P2P Client role based on
whether the peer GO provided it during the WPS provisioning step.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
20e1d81e09 D-Bus: Fix P2P Group PSK property getter
This was returning a byte array of the pointer to the PSK, not the
actual PSK, due to incorrect use of
wpas_dbus_simple_array_property_getter(). In addition, there is no need
to limit this property based on the role of the device in the group, so
return the PSK if it is available (which it will be for both GO and P2P
Client roles).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
a0caebf397 D-Bus: Simplify out-of-memory reporting
There is no need to have separate wpa_printf() and different error
message strings for the unlikely out-of-error messages. Use a helper
function, wpas_dbus_error_no_memory(), to get consistent behavior with a
one-line call.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
ff1d8104e2 D-Bus: Remove the obsolete notes from wpas_dbus_error_unknown_error()
Commit 6aeeb6fa21 ('dbus: clean up new
D-Bus interface getters and setters') redesigned the property
getter/setter calls in a way that made the
wpas_dbus_error_unknown_error() note about message being NULL in some
cases obsolete. All the remaining callers are from method handler
functions that must have a valid message. Remove the obsolete notes and
unnecessary messsage == NULL check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
38279bdb35 D-Bus: Coding style cleanup
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
e3c4f0b5d5 D-Bus: Simplify message building error paths
There is no need to have multiple separate return statements for error
cases in a sequence of operations. In addition, there is not much point
in "converting" boolean return values with "if (!res) return FALSE;
return TRUE;" style constructions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
bba40b65b0 D-Bus: Fix GroupAdd, Invite, RemovePersistentGroup path validation
net_id_str can be NULL and that must be checked for to avoid NULL
pointer dereference if an invalid persistent_group_object path is used
with these methods.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
ce82168b55 D-Bus: Fix error message for Listen() failure
DBUS_ERROR_NO_MEMORY does not look like the best option for the failure
reason in case wpas_p2p_listen() fails.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
054dc3136f D-Bus: Clean up wpas_dbus_new_decompose_object_path()
None of the new D-Bus interface cases use the bssid_part in
decompose_object_path (while the old interface ones do). As such, this
is dead code and can be removed. In addition, the P2P addition here was
pretty ugly extension. Replace these with a cleaner way of passing the
separating string (e.g., "Networks") from the caller and returning the
requested item.

In addition, there is no need to allocate the returned item separately,
so use a single allocation and a pointer to that allocated memory. This
will make it easier for callers to have to free only a single
allocation. This is also fixing a memory leak in P2P invitation
persistent group case where the caller had missed the need to free the
returned values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
b76ea413b1 D-Bus: Clean up parse_peer_object_path() uses
This helper function does not modify peer_path, so mark it const. In
addition, there is no point in callers to check separately whether
peer_path is NULL since that is taken care of by this helper function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
509618d35b D-Bus: Remove useless NULL check from static function
The entry argument cannot be NULL in this static function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
1d12c08847 D-Bus: Add debug prints for parsing dict entries
This makes it easier to figure out what happens if there are issues with
processing messages.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
605325fb75 D-Bus: Remove useless wpa_s->conf checks
This cannot be NULL when an interface is in use. There is not much point
in couple of functions checking this while large number of other places
do not.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
88ce7938b0 D-Bus: Write Get/Set property name in debug log
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
5485798f40 D-Bus: Add more debug prints to cover operations
This adds the message signature to the new D-Bus interface message
handler and similar prints to the old interface messages handlers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
7fbe56b018 D-Bus: Fix property change timer update
eloop_is_timeout_registered() was called with incorrect context argument
which meant that the pending timeout would have never been found.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
3a593ff5b2 D-Bus (old): Fix removeNetwork method to not use freed memory
wpa_supplicant_deauthenticate() call needs to happen before
wpa_config_remove_network(). Freed memory could be dereferenced if
removeNetwork method was issued on the currently connected network.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
f11e797d4c D-Bus: Avoid valgrind warning due to compiler optimization
It looks like both gcc and clang optimize the (entry.type != foo ||
entry.array_type != bar) in a way that ends up evaluating the second
condition even when the first one results in 0. While this is not really
what the C language requirements on short-circuit evaluation require,
the compiler likely assumes this can have no side effects and with both
type and array_type being comparable in a single 64-bit operation, this
can clearly be a bit more efficient. While the code behaves same in both
cases, valgrind does warn about use of uninitialized memory when the
second condition is evaluated (entry.array_type is not initialized if
entry.type != DBUS_TYPE_ARRAY).

To keep valgrind logs cleaner, initialize entry.array_type to
DBUS_TYPE_INVALID so that these compiler optimizations do not result in
reading uninitialized memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
19d4dab759 D-Bus: Avoid compiler warning on sometimes uninitialized variable
The logic in wpas_dbus_signal_p2p_provision_discovery() seemed to imply
that there could be a case where _signal would be used uninitized. While
that is not the case since either (request || !status) or (!request &&
status) would always be true, some compilers do not seem to be clever
enough to figure that out to avoid the warning. Make this easier for
such compilers by removing the (!request && status) condition since it
is identical to !(request || !status).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:48:30 +02:00
Jouni Malinen
bc7baaff24 D-Bus: Make WPAS_DBUS_TYPE_BINARRAY value less confusing
Commit 911e97e400 ('DBus: Refactor array
adding, add binary arrays') introduced WPAS_DBUS_TYPE_BINARRAY as an
internal fake type for array_type. However, it selected this value to be
(DBUS_NUMBER_OF_TYPES + 100) = 116 = 't'. This happens to conflict with
DBUS_TYPE_UINT64 ((int) 't'). While none of the existing array_type use
cases supported UINT64, it is much clearer if WPAS_DBUS_TYPE_BINARRAY
has a value that does not match any existing DBUS_TYPE_* value. Replace
this with '@' (64).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-01 13:51:45 +02:00
Jouni Malinen
5f3682dc6f D-Bus: Fix dict binarray getter to accept empty array of array
This is needed to allow Set(P2PDeviceConfig) to clear the
VendorExtension array (i.e., to remove all configured vendor
extensions). Previously, such an attempt was met with a D-Bus assert and
rejection of the operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-31 13:34:52 +02:00
Jouni Malinen
54e06b4ffb D-Bus: Fix memory leak on P2PDeviceConfig::VendorExtension
The wps_vendor_ext array can be set using D-Bus Set(P2PDeviceConfig)
with the VendorExtension key in the dictionary. However, there was no
code for freeing the allocated memory when the interface is removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-31 13:07:13 +02:00
Jouni Malinen
68bb007743 D-Bus: Fix GONegotiationSuccess signal passphrase format
Passphrase is a variable length string of (8..63 characters), not a byte
array of fixed 64 octets.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-31 11:44:42 +02:00
Jouni Malinen
3cccf0b870 D-Bus: Make wpas_dbus_error_scan_error() static
This function is not used anywhere outside this file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-31 11:00:54 +02:00
Jouni Malinen
2544394406 D-Bus: Fix ServiceDiscoveryResponse to accept int32 dialog_token
The ServiceDiscoveryRequest signal uses int32 for encoding dialog_token
for some reason (even though this is a u8 field).
ServiceDiscoveryResponse is supposed to accept the values from the
signal as-is, so extend that to accept int32 in addition to the
previously used uint32.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-31 10:47:31 +02:00
Jouni Malinen
9c4694ce7c D-Bus: Fix memory leaks on AddService/DeleteService error paths
The query and service parameters need to be freed on all paths to avoid
memory leaks in error cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-31 01:05:46 +02:00
Jouni Malinen
b07f1ebe0f D-Bus: Fix .Group Set(WPSVendorExtensions) format
The earlier implementation seemed to require a strange extra
encapsulation with a dictionary for setting the WPSVendorExtensions
property while this was defined to have aay signature and the get
operation did indeed return and array of array of bytes without that
dictionary. Fix this to accept aay format for the setter as well. Keep
support for the old dictionary encapsulation format for backwards
compatibility.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-30 22:22:39 +02:00
Jouni Malinen
8509fb5cce D-Bus: Fix memory leak on P2P GO WPSVendorExtensions
It was possible to add WPS vendor extensions through the D-Bus
WPSVendorExtensions setter, but these extensions were not freed when the
P2P GO was stopped or when replacing previously configured extensions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-30 22:22:39 +02:00
Jouni Malinen
4e70bbf1c6 SAE: Clear keys from memory on disassociation
There is no need to keep temporary keys in memory beyond the end of the
association, so explicitly clear any SAE buffers that can contain keys
as soon as such keys are not needed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 20:00:02 +02:00
Jouni Malinen
6df1973988 Clear psk_list while freeing config_ssid instances
Previously, the main PSK entry was cleared explicitly, but psk_list
could include PSKs for some P2P use cases, so clear it as well when
freeing config_ssid instances.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 19:44:51 +02:00
Jouni Malinen
e886c88e95 Explicitly clear the temporary stack-based PSK buffer
There is no need to leave this temporary key in stack memory after
having been configured to the WPA state machine.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 19:44:51 +02:00
Jouni Malinen
658da804e5 Explicitly clear the temporary stack-based key for WPA-None
There is no need to leave this temporary key in stack memory after
having been configured to the driver.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 19:44:51 +02:00
Jouni Malinen
f42df14415 WPS ER: Explicitly clear PSK from stack after use
There is no need to leave the PSK from temporary Credential structure
that was built in stack after that Credential has been passed to the WPS
module.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 19:44:51 +02:00
Jouni Malinen
ce52d031e5 Clear wpa_psk memory when setting up wpa_supplicant AP mode
This is more of a theoretical case since this part is done only during
setup and the structure is not allocated in practice. Anyway,
maintaining more consistent use of bin_clear_free() for structures that
may contain keys is useful.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 19:44:51 +02:00
Jouni Malinen
74df9c1c43 D-Bus(old): Remove duplicated blob->data check
This was already verified to be non-NULL above and there is no point in
having an extra check after the pointer has already been dereferenced.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
8193e01e5b D-Bus(old): Remove unnecessary wpa_supplicant_state_txt() check
This function cannot return NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
62856ad989 D-Bus(old): Fix removeNetwork and selectNetwork error handling
wpas_dbus_decompose_object_path() may leave the network part NULL on
unexpected path. This resulted in NULL pointer dereference when
processing an invalid removeNetwork or selectNetwork call. Fix this by
explicitly verifying that the network part was included in the object
path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
84edd136b5 D-Bus(old): Fix interface to show correct err_msg for blob removal
The "Invalid blob name" string was not shown since the zero-length name
was used regardless of first verifying that it should not be allowed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
91c539c01d D-Bus(old): Fix WPS interface to require BSSID for wpsReg
External WPS Registrar operation requires the BSSID to be specified, so
the old D-Bus interface better apply that requirement as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
dddd870d16 D-Bus(old): Fix WPS interface for PIN from wpa_supplicant case
dbus_message_append_args() needs char** and &npin ended up being char*
and resulted in segmentation fault.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
5f136bc126 D-Bus: Fix P2P persistent group removal from non-D-Bus triggers
It is possible for the persistent group object to be added and removed
by non-D-Bus triggers (e.g., ctrl_iface commands). The add part was
already handled, but removal was not. That resulted in memory leaks when
a P2P persistent group was removed without using an explicit D-Bus
command for this even if the object was added without D-Bus involvement.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
d20be3a739 D-Bus: Fix WPS ConfigMethods getter to handle no value properly
wpas_dbus_simple_property_getter() cannot be used with NULL
DBUS_TYPE_STRING, so replace that with an empty string to handle the
case of no config_methods parameter in the configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
11973b2682 D-Bus: Fix P2P peer joined/disconnected handlers
It is possible for the peer to be a non-P2P device and as such, for
p2p_dev_addr to be NULL. This resulted in NULL pointer dereference if
D-Bus interface was enabled for the interface when a legacy STA joined a
group.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
b8db1dfc5c Clear next_scan_freqs on wpa_supplicant FLUSH command
It was possible for old scan state to remain from a previous test case
when an operation like WNM neighbor scan or another-BSS-in-ESS was
started, but stopped at the end of a test case. This could result in
failures, e.g., when running wnm_bss_tm_req followed by scan_setband.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
f4637fe0fd wpa_supplicant: Set stdout line-buffered
This makes wpa_supplicant debug output in stdout line-buffered to remain
consistent with hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
010fa245bd Add QUIET=1 option for make
This can be used to reduce verbosity for build messages.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
49e3eea8d9 Avoid -Wshadow warnings from older gcc versions
It looks like gcc 4.8.2 would warn about these with -Wshadow, but 4.6.3
did.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-26 13:21:00 +02:00
Jouni Malinen
a193231dfb Clean up debug prints to use wpa_printf()
This converts most of the remaining perror() and printf() calls from
hostapd and wpa_supplicant to use wpa_printf().

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-26 13:20:57 +02:00
Jouni Malinen
36f0cf3774 privsep: Fix compilation due to associate() parameter updates
struct wpa_driver_associate_params moved to using struct
hostapd_freq_params instead of just frequency. Need to update wpa_priv
to do same.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-25 16:37:12 +02:00
Jouni Malinen
4a393fe9f8 WPS: Do not indicate PBC overlap for the same BSS
Even if the UUID would have a mismatch, e.g., due to no UUID known for
the target in a new WPS PBC instance, do not indicate PBC session
overlap if the BSSID is same in the two entries. This should not really
happen in normal use cases, but can happen at least in some test
scenarios where the same BSSID is used in consecutive test cases and the
old BSS entry remains in cfg80211 cache.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-25 16:37:12 +02:00
Jouni Malinen
3a322496f9 mesh: Delay Authentication frame process with no_auto_peer
There is a possible race condition between receiving the
NEW_PEER_CANDIDATE event and the Authentication frame from the peer.
Previously, if the Authentication frame RX event was indicated first,
that frame got dropped silently. Now, this frame is still dropped, but a
copy of it is stored and the frame gets processed on the following
NEW_PEER_CANDIDATE event if that is received for the same peer within
two seconds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-23 13:44:38 +02:00
Jouni Malinen
d97a3c4885 SME: Optimize OBSS scanning
Include only the potentially affected channel range in OBSS scans to
reduce the amount of offchannel time needed for scanning when requested
by the AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-22 22:07:03 +02:00
Jouni Malinen
267ac3bcd6 Add more debug prints for WPA/RSN selection issues for connection
ap_ft_sae test case managed to hit a somewhat unclear error case which
resulted in "WPA: Failed to select WPA/RSN" print and not enough
information to figure out what exactly had went wrong.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-22 13:49:52 +02:00
Masashi Honma
d5b95325de mesh: Fill Number of Peerings field in Mesh Formation Info
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-12-21 23:59:40 +02:00
Masashi Honma
46e8d90f6a mesh: Add debug message when peering limit is reached
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-12-21 23:55:44 +02:00
Masashi Honma
4b4093686b mesh: Make maximum number of peer links configurable
Maximum number of peer links is maximum number of connecting mesh peers
at the same time. This value is 0..255 based on the
dot11MeshNumberOfPeerings range.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-12-21 23:52:31 +02:00
Masashi Honma
9c58c5f72c mesh: Make beacon interval configurable
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-12-21 23:38:20 +02:00
Masashi Honma
3b797130d7 doc: Remove error on document creation
Unexpected trailing zero causes following error.

wpa_supplicant.sgml:472:53:E: character data is not allowed here

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-12-21 23:36:55 +02:00
Jouni Malinen
422ba11e30 Flush WPS registrar state on wpa_supplicant FLUSH command
This helps hwsim test cases by avoiding undesired state from previously
executed test cases affecting following tests.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-21 17:47:42 +02:00
Jouni Malinen
209702d4c9 Add possibility to set the setband parameter
Commit faf9a8585d added mechanism for
selecting 2.4 or 5 GHz band for scan operation. However, no mechanism
for setting the setband value was added at that time. This commit adds a
new SET ctrl_iface parameter to allow the setband functionality to be
used. "SET setband <AUTO/5G/2G>" can be used to select all bands, 5 GHz
band only, or 2.4 GHz band only.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-19 22:56:41 +02:00
Sunil Dutt
ee82e33d6a Do not trigger the scan during initialization on Android platforms
Android framework maintains a state to process the scan results after
the scan is issued. If wpa_supplicant issues the scan during the
initialization, the one issued by the framework may fail (with EBUSY) if
the host driver is already processing the scan. Thus, the scan results
returned for the first scan triggered by wpa_supplicant are not
processed for getting displayed resulting in delay for the display of
the first scan results after the Wi-Fi subsystem initialization. Thus,
trigger the scan only based on the framework request on Android.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-19 15:24:33 +02:00
Jouni Malinen
e69ae5ff31 Reject new SCAN commands if there is a pending request
FAIL-BUSY was already returned for the case where a scan had been
started, but with the radio work design, it would have been possible to
schedule multiple scan requests if a non-scan radio work was in
progress. Multiple back-to-back scans are not usually very helpful, so
reject this type of cases where the SCAN command would be used to build
such a sequence.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-19 15:14:38 +02:00
Jithu Jance
49e1e9ca88 P2P: Avoid truncation of long listen operation due to offchan tx
On receiving the cancel remain on channel event, the pending_tx
is scheduled immediately and returned. This was preventing
the wpas_p2p_listen_start function from execution thereby resulting
in termination of the long listen operation.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-12-18 16:41:40 +02:00
Jouni Malinen
0855e2e188 Do not allow network block scan_freq override SCAN command frequencies
The manual scan operations with the SCAN command are supposed to have
independent set of scan frequencies, so do not allow scan_freq
parameters to override scanned frequencies for scans that were triggered
with a SCAN command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-15 00:55:56 +02:00
Masashi Honma
5b78493f3b mesh: Add mesh interface creation command for mesh gate
The mesh gate is used to bridge (or route) between mesh network and
another network. For example, mesh gate acts as router between mesh
network and IEEE 802.11 BSS network.

This command makes a virtual mesh interface to be used for mesh gate.

This command expects to be used like this.

wpa_cli -i wlan0 MESH_INTERFACE_ADD ifname=mesh0
wpa_cli -i mesh0 add_network
wpa_cli -i mesh0 set_network 0 ssid '"commell_2X_mmm"'
wpa_cli -i mesh0 set_network 0 mode 5
wpa_cli -i mesh0 set_network 0 frequency 2412
wpa_cli -i mesh0 set_network 0 key_mgmt SAE
wpa_cli -i mesh0 set_network 0 psk '"01234567"'
wpa_cli -i mesh0 mesh_group_add 0
wpa_cli -i wlan0 mesh_group_remove mesh0

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-12-14 23:27:43 +02:00
Jouni Malinen
e77007132e Extend wpa_supplicant STA* ctrl_iface commands for mesh
Since mesh functionality uses struct hostapd_data to maintain peer
state, the existing STA* control interface commands can be used to
display information about the peers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 20:14:30 +02:00
Jouni Malinen
b0f33467a5 Clean up VHT override max A-MPDU override calculation
There is no need to use runtime call to find_first_bit() to determine
shift amount for a constant integer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 18:48:59 +02:00
Led
2797486c4f Fix bashisms in wps-ap-cli script
Option '-p' of 'read' command may be unsupported in some POSIX-complete
shells. So replace 'read -p' with 'echo -n'/'read' pair.

Signed-off-by: Oleksandr Chumachenko <ledest@gmail.com>
2014-12-14 18:27:54 +02:00
Arkadiusz (Arkq) Bokowy
7b244d577a wpa_gui: Quiet mode - disable tray icon messages
If tray icon messages are perceived as disturbing, one can pass `-q`
parameter on the command line to disable them permanently.

Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
2014-12-14 17:26:42 +02:00
Arkadiusz (Arkq) Bokowy
2087b64fef wpa_gui: More informative tray icon tool tip message
Show associated network SSID in the tool tip message of the
application's tray icon. When network is not associated, then simple
"(not-associated)" message is shown.

Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
2014-12-14 17:23:43 +02:00
Jouni Malinen
81648d0041 SAE: Report connection failure if SME cannot build auth frame
Instead of just stopping connection process and network discovery,
report SAE failures to build Authentication frames (e.g., due to missing
password) as a connection failure to get the normal retry mechanism into
use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 16:48:38 +02:00
Jouni Malinen
8e3afd7f6c offchannel: Use wpas_get_tx_interface() src parameter more consistently
Both the wpa_s->pending_action_src and src argument to
wpas_get_tx_interface() were used somewhat randomly. Make this more
consistent since these values are pointing to the same address and the
implementation is easier to understand when it is obvious that there is
only one address being used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 15:47:04 +02:00
Jouni Malinen
568475b70b HS 2.0: Allow CANCEL_FETCH_OSU to stop at scan completion
There is no need to start the GAS/ANQP fetch if the FETCH_OSU operation
has already been canceled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 02:28:03 +02:00
Jouni Malinen
f77cedc11a WPS ER: Remove unnecessary return value
wps_er_deinit() cannot fail and it does not return anything, so neither
should wpas_wps_er_stop().

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 02:28:03 +02:00
Jouni Malinen
5407c69d15 Remove unnecessary STA_AUTOCONNECT handler function
This function could not fail and it can be replaced with a single
line variable update that takes less code than the function call.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-13 19:27:41 +02:00
Jouni Malinen
a1144000cd Remove unnecessary return value
wpa_bss_flush*() cannot fail and as such, there is no need for
wpa_supplicant_ctrl_iface_bss_flush() to return a value either.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-13 19:22:23 +02:00
Jouni Malinen
5ac73acf12 Simplify eapol_sm_get_mib() result handling
This function cannot return negative value, so no need to check for
that. If there is not enough room in the buffer or if something
unexpected happens, 0 is returned.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-13 19:15:38 +02:00
Jouni Malinen
43a66ecba3 Fix SCAN control interface command error cases
Update the scan parameters in wpa_s only in case the scan command is
going to be executed. In other words, do not change the parameters for
an ongoing scan (the SCAN command is rejected with FAIL-BUSY) or if any
of the parameters is invalid.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-12 01:12:15 +02:00
Jouni Malinen
2961bfa8e1 Remove unused send_eapol() driver op
The send_eapol() callback was used by driver_test.c, but with that
removed, there is no remaining users of the alternative EAPOL frame
transmitting mechanism in wpa_supplicant, i.e., all remaining driver
interfaces use l2_packet instead. Remove the send_eapol() to get rid of
unused code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-11 15:40:07 +02:00
Jouni Malinen
b68d602dc4 Fix ANQP_GET/HS20_GET_ANQP parsing to skip space after address
The space following the BSSID was not skipped properly if the following
parameter started with the "hs20:" prefix. For other cases, atoi() ended
up ignoring the space, but it is cleaner to skip it anyway for all
cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-11 15:18:11 +02:00
Jouni Malinen
42a697256e P2P: Allow cross connection on the parent interface
Previously, any P2P capable interface was skipped in cross connection
uplink consideration. However, this ends up skipping more or less all
nl80211-based driver cases now since they mark the main interface P2P
capable. Relax this rule to allow the parent interface to be used as the
non-P2P station interface for cross connection purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-10 01:54:27 +02:00
Jouni Malinen
97cfe110dc Clear wpa_s->disconnected on ctrl_iface FLUSH
This is needed to get into more consistent state after the FLUSH
command. DISCONNECT followed by FLUSH could result in
wpa_s->disconnected being left to 1 and this resulted in a test failure,
e.g., when running wpas_ctrl_dup_network followed by
wpas_ctrl_enable_disable_network where the latter was expecting
ENABLE_NETWORK on a disabled network to connect automatically and that
does not happen if wpa_s->disconnected == 1.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-08 16:22:13 +02:00
Jouni Malinen
aaadd72733 Check os_snprintf() result more consistently - more checks
Add more os_snprintf() result validation checks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
1d39977136 Check os_snprintf() result more consistently
While these are using practically large enoungh buffer sizes, it is
better to be more consistent with checking os_snprintf() return value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
1f102d3bb0 Check os_snprintf() result more consistently - manual
This converts os_snprintf() result validation cases to use
os_snprintf_error() for cases that were note covered by spatch and
semantic patches.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
eeab4f2fda Check os_snprintf() result more consistently - automatic 3
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size - 1'. These changes were done automatically with spatch
using the following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || (size_t) E1 >= E3 - 1)
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
7bdd8981f7 Check os_snprintf() result more consistently - automatic 2
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size'. These changes were done automatically with spatch using
the following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || \( E1 > E3 \| (size_t) E1 > E3 \| E1 > (int) E3 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
d85e1fc8a5 Check os_snprintf() result more consistently - automatic 1
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the exact rule used in os_snprintf_error() was
used. These changes were done automatically with spatch using the
following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
a80ba67a26 Check os_snprintf() result more consistently - success case
This converts os_snprintf() result validation cases to use
os_snprintf_error() in cases where success condition was used to execute
a step. These changes were done automatically with spatch using the
following semantic patch:

@@
expression E1,E2,E3;
statement S1;
@@

  E1 = os_snprintf(E2, E3, ...);
- if (\( E1 >= 0 \| E1 > 0 \) && \( (size_t) E1 < E3 \| E1 < (int) E3 \| E1 < E3 \))
+ if (!os_snprintf_error(E3, E1))
  S1

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
a9aaacbb50 Check os_snprintf() result more consistently - maximum length
This adds verification of os_snprintf() result against the maximum
buffer length. These changes were done automatically with spatch
using the following semantic patch:

@@
expression E1,E2,E3;
statement S1;
@@

  E1 = os_snprintf(E2, E3, ...);
- if (\( E1 < 0 \| E1 <= 0 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
faebdeaa9e Use os_calloc() instead of os_zalloc()
Automatic changes with spatch using the following semantic patch:

@@
constant C;
type T;
@@

- os_zalloc(C*sizeof(T))
+ os_calloc(C,sizeof(T))

@@
expression E;
type T;
@@

- os_zalloc((E)*sizeof(T))
+ os_calloc(E,sizeof(T))

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
c054190603 Fix DUP_NETWORK debug print on error case
Incorrect network id was printed in debug output if DUP_NETWORK
destination network was not found.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
49328f0756 Remove unnecessary ctrl_iface command check
MESH_GROUP_REMOVE always passes in the cmd pointer, so this cannot
really be NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:06 +02:00
Jouni Malinen
d02dcb28bc Remove unnecessary ctrl_iface cmd check
This pointer cannot be NULL sicne it is called only from this file and
with a valid pointer to the received command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:07:56 +02:00
Jouni Malinen
d84416a2af Interworking: Make bounds checking easier for static analyzers
'num * 5 > end - pos' handles bounds checking a bit more efficiently,
but apparently that is not clear enough for all static analyzers.
Replace with 'num > left / 5' to avoid false reports. (CID 68117)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 19:25:14 +02:00
Jouni Malinen
8105821b39 Replace send_ft_action() driver_op with send_action()
This reduced number of unnecessarily duplicated driver interface
callback functions for sending Action frames by using the more generic
send_action() instead of FT specific send_ft_action().

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 18:13:29 +02:00
Jouni Malinen
bc0ba01d70 WFD: Allow WFD_SUBELEM_SET/GET all to be used with full IE buffer
This extends the previously used WFD_SUBELEM_SET/GET <subelem id> design
to allow special "all" value to be used as an id to indicate that all
WFD subelements are to be set/get. This uses similar interface as was
previously added over D-Bus.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 15:22:33 +02:00
Jouni Malinen
f80936094e WMM-AC: Use DEBUG verbosity for ignoring Action frame messages
There is no point in flooding the log with WARNING or ERROR level
messages if WMM-AC related Action frames are ignored in cases where they
were not expected. In addition, WARNING/ERROR should not really be used
in cases an invalid frame is dropped especially if this is not related
to a security setup since external devices could otherwise generate log
entries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 13:17:57 +02:00
Jouni Malinen
0570a3ea7d HS 2.0: Clarify OSU Provider list length validation
The previous version was somewhat too complex for some static analyzers.
Use local variables for the extracted length fields and explicitly
compare these against the remaining buffer length. (CID 68121)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-05 00:56:05 +02:00
Jouni Malinen
65d9a5e254 ERP: Add wpa_supplicant ERP_FLUSH ctrl_iface command
This can be used to flush all the ERP keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:16:29 +02:00
Jouni Malinen
02a8d45ace ERP: Add support for ERP on EAP peer
Derive rRK and rIK on EAP peer if ERP is enabled. The new wpa_supplicant
network configuration parameter erp=1 can now be used to configure the
EAP peer to derive EMSK, rRK, and rIK at the successful completion of an
EAP authentication method. This functionality is not included in the
default build and can be enabled with CONFIG_ERP=y.

If EAP authenticator indicates support for re-authentication protocol,
initiate this with EAP-Initiate/Re-auth and complete protocol when
receiving EAP-Finish/Re-auth.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:16:29 +02:00
Dmitry Shmidt
f34891a3af Return only full network line in list_networks
It makes more sense to truncate at line boundary especially with the new
LAST_ID parameter.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-12-03 22:31:53 +02:00
Vinit Deshpande
90903a77ef List all networks despite message limit of 4096 bytes
This change creates 'LIST_NETWORK LAST_ID=x' form to allow
retrieval of all networks saved in the system. Without this form,
only first few (whatever fills in first 4096 bytes) can be
retrieved.

Signed-off-by: Vinit Deshpande <vinitd@google.com>
2014-12-02 23:47:27 +02:00
Jouni Malinen
44177b69e8 Allow a BSS entry with all-zeros BSSID to expire
wpa_bss_in_use() used to determine that a BSS with BSSID of
00:00:00:00:00:00 is in use in almost every case since either
wpa_s->bssid or wpa_s->pending_bssid was likely to be cleared. This
could result in a corner case of a BSS entry remaining in the BSS table
indefinitely if one was added there with a (likely bogus) address of
00:00:00:00:00:00. Fix this by ignore wpa_s->bssid and
wpa_s->pending_bssid if the BSSID in the BSS table entry is
00:00:00:00:00:00.

In theory, that address is a valid BSSID, but it is unlikely to be used
in any production AP, so the potential expiration of a BSS entry with
that address during a connection attempt would not be a concern
(especially when a new scan would be enough to recover from that).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-02 19:46:58 +02:00
Jouni Malinen
e374522827 Do not start new radio work on scan completion during ext work
Externally triggered scan could result in a new radio work item getting
started even when external radio work was in progress. Delay such start
until the external work is completed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-01 20:17:08 +02:00
Jouni Malinen
4f9a5ea5cc WPS: Fix current_ssid clearing on duplicate network removal
It was possible for the current network profile to be deleted when
merging duplicated WPS credentials. However, this did not clear
wpa_s->current_ssid and it was possible for something else to end up
dereferencing that pointer to now freed memory. This could be hit, e.g.,
with ap_wps_mixed_cred. Fix this by clearing current_ssid also in this
code path similarly to other cases of network block getting removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
e4a35f07d9 mesh: Skip fast-association when using connect_without_scan
The mesh group addition was designed to use wpa_s->connect_without_scan
to skip a scan. That path was skipped if wpa_supplicant_fast_associate()
allowed previous scan results to be used. This could result in undesired
double-initialization attempt for the mesh interface. Avoid this by not
using wpa_supplicant_fast_associate() when wpa_s->connect_without_scan
is set.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
608b0ff52a mesh: Check for initialization failures
It is possible that these location ended up getting called before mesh
startup operations had been completed and that could result in
dereferencing NULL pointers. Address those error cases by verifying that
the needed parameters are available before using them.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
9a700ff9ef Ignore auth/assoc timeout events in mesh configuration
It was possible for auth/assoc timeout/failure event from the driver to
result in unexpected processing during mesh group setup if that
operation was started before the previously started driver operation to
association/connect had completed. Since those events cannot happen in
mesh cases, ignore them to avoid issues due to this corner case.

For example, monitor_iface_unknown_sta followed by wpas_mesh_secure test
case resulted in failure without this change.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
763041b2e8 mesh: Avoid a false maybe-uninitialized compiler warning
An earlier check of the action_field value above the switch statement
already took care of all other possible cases, but that was apparently
too difficult for the compiler to notice. Bring back the default case to
avoid incorrect warnings about the event variable being maybe
uninitialized.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
c932b43e56 mesh: Add more debug information to MPM Action frame processing
This makes it easier to figure out why a peering message is dropped.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-28 23:02:29 +02:00
Jouni Malinen
fc0ef7c0e7 Add DATA_TEST_FRAME for testing Data frame processing
The new wpa_supplicant control interface command can be used in
automated testing to verify how AP processes Data frames with arbitrary
contents. This is enabled only in builds with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 23:51:46 +02:00
Jouni Malinen
b925506a91 Clear RSN preauth and PMKSA cache state on FLUSH command
There is no need for this state to maintained when the wpa_supplicant
FLUSH ctrl_iface command is used to request flushing of all state.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 19:56:15 +02:00
Jouni Malinen
3882a70841 WMM AC: Fix memory leak on deinit without disassoc event
It was possible for wmm_ac_deinit() not getting called when an interface
was removed in a sequence where disassociation was not reported and
wmm_ac_notify_disassoc() did not get called. This resulted in leaking
whatever memory was allocated for WMM AC parameters. Fix that by calling
wmm_ac_notify_disassoc() from wpa_supplicant_cleanup().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 19:00:02 +02:00
Jouni Malinen
5214f4fafc Clear scan_req to NORMAL_SCAN_REQ for connection attempt
This is needed to fix some sequencies where a real scan in ap_scan=2
case would be issued even when the connection case would expect direct
connection without a scan.

This fixed an issue shown in hwsim test case autoscan_exponential
followed by ibss_open_fixed_bssid.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 17:55:54 +02:00
Jouni Malinen
4e0990dc88 mesh: Send peering close message before leaving mesh
This is needed to allow proper Action frame transmission to work without
having to claim these to be offchannel operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 17:12:47 +02:00
Neelansh Mittal
3a7414b6a6 Do not re-open Android control sockets
On Android, the control socket being used may be the socket that is
created when wpa_supplicant is started as a /init.*.rc service. Such a
socket is maintained as a key-value pair in Android's environment.
Closing this control socket would leave wpa_supplicant in a bad state.
When wpa_supplicant re-opens the ctrl_iface socket, it will query the
Android's environment, and will be returned with the same socket
descriptor that has already been closed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-25 17:16:44 +02:00
Masashi Honma
a959a3b69d SAE: Fix Anti-Clogging Token request frame format
This commit inserts Finite Cyclic Group to Anti-Clogging Token request
frame because IEEE Std 802.11-2012, Table 8-29 says "Finite Cyclic Group
is present if Status is zero or 76".

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-25 16:08:53 +02:00
Jouni Malinen
849367afe9 SME: Fix a sign-compare warning
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-25 01:07:16 +02:00
Jouni Malinen
158211b2db WNM: Use country code, if available, to help in channel mapping
The country code from the current AP needs to be used in
ieee80211_chan_to_freq() to support cases where non-global operating
class table is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-24 10:57:38 +02:00
Jouni Malinen
5d017065a0 GAS: Clean up Query Response length validation
Previous version was correct, but apparently too complex for some static
analyzers. (CID 68119)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
355e17eb1b HS 2.0: Clarify OSU Server URI length validation
The previous version was valid, but apparently too complex for some
static analyzers. Use a local variable for uri_len and explicitly
compare it against the remaining buffer length. (CID 68121)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
5c58c0ce86 HS 2.0: More explicit hs20_osu_icon_fetch() length validation
The previous version was fine, but too much for some static analyzers to
understand as proper bounds checking. (CID 68122)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
fecc09edc3 WNM: Use a clearer validation step for key_len_total
The previous one based on pointer arithmetic was apparently too much for
some static analyzers (CID 68130).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 18:04:02 +02:00
Jouni Malinen
43aee94899 Interworking: Clearer ANQP element length validation
The upper bound for the element length was already verified, but that
was not apparently noticed by a static analyzer (CID 68128).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 17:41:13 +02:00
Jouni Malinen
f5f3728a81 WNM: Print debug message if Action frame sending fails
This makes wpa_drv_send_action() return value checking more consistent
(CID 75390).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 16:13:50 +02:00
Andrei Otcheretianski
70d1e72849 wpa_supplicant: Handle link measurement requests
Send link measurement response when a request is received. Advertise
only RCPI, computing it from the RSSI of the request. The TX power field
is left to be filled by the driver. All other fields are not published.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-11-22 21:45:07 +02:00
Assaf Krauss
66d2143435 wpa_cli: Add optional ssid to neighbor report request
Add optional 'ssid' parameter to command "neighbor_rep_request".

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:37:49 +02:00
Assaf Krauss
4c4b230527 wpa_supplicant: Add an option to specify SSID in neighbor report requests
Allow supplying an SSID for the SSID IE. If not supplied, no SSID IE is
sent, and the request implies the current SSID.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:36:42 +02:00
Assaf Krauss
fad14af93a wpa_cli: Add neighbor_rep_request command
Add neighbor_rep_request command to send a Neighbor Report Request
to the associated AP.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:29:41 +02:00
Assaf Krauss
f4b8bfae15 wpa_supplicant: Add NEIGHBOR_REP_REQUEST command to the control interface
Add NEIGHBOR_REP_REQUEST command to the wpa_supplicant ctrl_iface.
This command triggers the sending of a Neighbor Report Request to the
associated AP.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:28:52 +02:00