key_data_buf is already freed on the common exit path, so do not try to
free it here on error.
Fixes: 4abc37e67b ("Support Key Data field decryption for EAPOL-Key msg 2/4 and 4/4")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
src/ap/ap_config.c is not really supposed to call directly into a
function in hostapd/config_file.c. Furthermore, the wrapper through
ap_config.c did not really have any real value since it just called a
function that is within hostapd/*.c and that wrapper was called from
hostapd/*.c.
Instead of the wrapper, just call the function directly within the
hostapd directory.
Fixes: 392114a179 ("FT: Add dynamic reload of RxKH definitions from file")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
peerkey from EVP_PKEY_new() needs to be freed on all error paths.
Fixes: b062507670 ("OpenSSL: Implement crypto_ecdh routines without EC_KEY for OpenSSL 3.0")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This makes valgrind reports somewhat cleaner when external libraries
have memory leaks that are not straighforward to fix. In addition,
increase the number of functions to include backtraces since the default
was not large enough to cover some cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If the driver fetch for the current sequency number fails, do not try to
print the value in a debug print without having cleared it.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
put_changed_properties() might fail, e.g., due to memory allocation
failure or a failure in a property getter function. Such an error case
would have leaked the message iteration container since the call to
dbus_message_iter_close_container() would have been skipped.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Radar detection event could have resulted in the driver interface
instance getting deinitialized and the related memory freed in the
middle of the loop. This was not an issue when the event was passed only
into a single interface, but it became an issue when the loop tried to
send it to all interfaces. If the driver were removed, that loop check
would have used freed memory. Avoid this by explicitly checking that the
driver interface instance is still valid.
Fixes: f136837202 ("nl80211: Pass wiphy events to all affected interfaces")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The TX status handler for DPP Authentication Confirm message might have
resulted in use-after-free if the start of a GAS query were to fail,
e.g., due to being somehow unable to transmit the initial request. Avoid
this by explicitly confirming that the authentication session was not
removed.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The current connection (struct dpp_connection) might get removed during
the dpp_tcp_send_msg() call, so the code setting the
on_tcp_tx_complete_remove flag needs to check whether that happened to
avoid a potential use-after-free.
Fixes: 33cb47cf01 ("DPP: Fix connection result reporting when using TCP")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When removing the bootstrap info for the PB context, all the possible
pointers to that information needs to be cleared to avoid accesses to
freed memory.
Fixes: 37bccfcab8 ("DPP3: Push button bootstrap mechanism")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When the privacy protected itentity is used for EAP-SIM/AKA, the buffer
containing the identity was freed just before its use. Fix that by
reordering the operations.
Fixes: 881cb4198b ("EAP-SIM/AKA peer: Simplify identity selection for MK derivation")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
nl_socket_get_cb() increases cb_refcnf for the cb that is bound to a
socket and as such, nl_cb_put() needs to be used with the returned cb
after having cloned it to avoid leaking memory due to cb_refcnt never
getting back to 0.
Fixes: da0d51fee7 ("nl80211: Use socket cb instead of global->nl_cb in send_and_recv()")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The OpenSSL 3.x version of crypto_ec_key_parse_priv using
OSSL_DECODER_CTX missed the call to free the context. Fix it to avoid a
memory leak.
Fixes: 4f4479ef9e ("OpenSSL: crypto_ec_key_parse_{priv,pub}() without EC_KEY API")
Signed-off-by: Jouni Malinen <j@w1.fi>
Use smaller variables when possible and reorder the variables to avoid
unnecessary padding. This drops struct mld_link_info size from 64 to 48
bytes and removes 240 bytes from struct sta_info.
Signed-off-by: Jouni Malinen <j@w1.fi>
This function has been used only within beacon.c and it got accidentally
converted to a global function.
Fixes: 6b5e00a80e ("AP: Use a struct for Probe Response generation in/out params")
Signed-off-by: Jouni Malinen <j@w1.fi>
Replace the fixed length maximum buffer size for STA profile with
dynamically allocated buffers for active links. This reduces struct
mld_link_info size by almost 16 kB and drops the per-STA information in
struct sta_info to a more reasonable size to avoid the almost 10x
increase from MLO support.
In addition, free the resp_sta_profile buffers as soon as the ML element
has bee generated for (Re)Association Response frame since those buffers
are not needed after that.
Signed-off-by: Jouni Malinen <j@w1.fi>
The singleton RADIUS client design did not address the deinit path
properly. Since hapd->radius could be shared with another links, the
pointer on all those other links needs to be cleared before freeing the
RADIUS client context. Without this, deinit path could have ended trying
to use freed memory when clearing STA entries from other links and
trying to flush any pending RADIUS client messages.
Fixes: a213fee11d ("AP: MLO: Make IEEE 802.1X SM, authserv, and RADIUS client singletons")
Signed-off-by: Jouni Malinen <j@w1.fi>
Allow the Timeout Interval Type field in the Timeout Interval element to
be overridden with a different value for testing purposes to be able to
bypass the association comeback processing in mac80211. This allows the
wpa_supplicant internal functionality to be tested.
Signed-off-by: Jouni Malinen <j@w1.fi>
In associations using PMF (IEEE 802.11w/MFP), the infrastructure
implements SA teardown protection by rejecting an (Re)Association
Request frame from an already-associated client. The AP responds with
error 30 (Association request rejected temporarily) to instruct the
(potentially spoofing) client to back off, while it issues an SA Query
procedure to the already-associated client. If the client can respond to
it within the back-off period, it considers the new association to be a
spoof attempt.
However, there are cases where a legitimate client might need to
handle this error response - consider if the STA has deauthenticated,
but the AP cannot hear it (out of range). If the MFP STA has deleted
its keys, it cannot respond to the SA Query procedure.
This association comeback process has commonly been implemented in the
driver, e.g., within mac80211 in case of the Linux drivers that use SME
in userspace. However, there are drivers that do not implement this
functionality. Extended wpa_supplicant to cover such cases as well.
The current implementation interprets this association error as a true
error, and will either add the BSS to the list of ignored BSSIDs, or
continue to try other BSSes. This can cause wpa_supplicant to back off
trying to reconnect for progressively longer intervals, depending on the
infrastructure's configured comeback timeout.
Allow wpa_supplicant to interpret the error, searching for the Timeout
Interval element in the (Re)Association Response frame and starting a
timer in the SME layer to re-associate after the timeout. This can be a
long delay (1-4 seconds in my experience), but it is likely much shorter
than bouncing between nearby BSSes.
This does not change behavior for drivers that implement association
comeback timer internally since they do not report the temporary
association rejection status code to user space.
Signed-off-by: Harry Bock <hbock@zebra.com>
Add HS20TermsAndConditions signal to D-Bus API to allow clients to be
notified when the network requires the acceptance of terms and
conditions. The URL of the T&C page is provided as a signal parameter.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
The CCMP PV1 test vector dropped debugging verbosity at the end. This
was not really supposed to be done since these test vectors are expected
to print at EXCESSIVE verbosity.
Signed-off-by: Jouni Malinen <j@w1.fi>
- CMAC and GMAC modes
- 128-bit and 256-bit modes
- normal BIP and BIP using BCE
- test vectors with minimum and optional additional header elements in
S1G beacon frames
- S1G Beacon Compatibility element in some cases, no other beacon body
components
Signed-off-by: Henry Ptasinski <henry@e78com.com>
Signed-off-by: Andrew Pope <andrew.pope@morsemicro.com>
Signed-off-by: David Goodall <dave@morsemicro.com>
Signed-off-by: Henry Ptasinski <henry@e78com.com>
Signed-off-by: Andrew Pope <andrew.pope@morsemicro.com>
Signed-off-by: David Goodall <dave@morsemicro.com>
hostapd reads the list of Rx Key Holders from hostapd.conf file.
However, for systems where topology changes dynamically, the update
of RxKHs list is required without reloading the whole configuration.
Introduce a new source of RxKH definition with original syntax:
- rxkh_file - Path to a file containing a list of RxKHs.
In addition, add a control interface command RELOAD_RXKHS to
reload RxKHs definition from the file specified in `rxkh_file`.
This allows hostapd to properly distribute Rx keys even after topology
change (assuming rxkh_file is updated and reload_rxkhs command issued).
Syntax of rxkh_file is the same as extraction of r0kh and r1kh options
from original hostapd.conf file.
```
r0kh=ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff
r0kh=ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff
r1kh=00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeef
r1kh=00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeef
r1kh=00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeef
```
Signed-off-by: Dariusz Kopka <dariusz@plume.com>
Smartcard support uses the ENGINE API of OpenSSL, which has been
deprecated as of OpenSSL 3. Rather than migrating the code to the new API
or pretending that we do not support OpenSSL 3, accept that we use
deprecated functionality.
Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
NL80211_WPA_VERSION_3 was only added in kernel 5.2 so it should not be
set for older kernel versions. There is no direct way to check if the
value is supported. However, we can use the new infrastructure to check
whether the kernel has the NL80211_ATTR_SAE_PASSWORD attribute. It is
related and was added at the same time.
Fixes: 6cc78b3945 ("nl80211: Set NL80211_WPA_VERSION_2 vs. _3 based on AKM")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
The ps command as shipped by busybox does not support the "command"
column. Change the code to use pgrep instead which will work fine in all
environments.
In addition, raise an exception if PID was not found since the test
would just hang with pid = 0.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Now that we have a more advanced check for the differences within the
Key Data field, nonzero Key Data Length case can be determined to be
EAPOL-Key msg 4/4 if there is no RSNE in the Key Data field.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow the Key Data field to be encrypted in EAPOL-Key msg 2/4 and 4/4.
This is for testing purposes to enable a convenient mechanism for
testing Authenticator behavior with either potential future extensions
or unexpected Supplicant behavior.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend RSN authenticator to be able to process EAPOL-Key msg 2/4 and 4/4
messages in cases where the Key Data field is encrypted using AES key
wrapping (i.e., non-AEAD cipher). While there is not yet any defined
case where such encryption would be used in IEEE Std 802.11-2020,
extensions are considered to be added to use such constructions (e.g.,
in IEEE P802.11bh). As such, it is good to extend the parsing and
processing rules in the authenticator to be ready for such
functionality.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow additional elements and KDEs to be added to EAPOL-Key msg 2/4 and
4/4. This is for testing purposes to enable a convenient mechanism for
testing Authenticator behavior with either potential future extensions or
incorrect Supplicant behavior.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The initial Authenticator implementation depended on the Key Data field
being empty for EAPOL-Key msg 4/4. This worked fine for years in
practice, but in theory, vendor specific elements or KDEs could have
been added inti EAPOL-Key msg 4/4 and that would have broken this
design. In addition, the MLD case did introduce a KDE into EAPOL-Key msg
4/4 and required changes here.
As an initial step to make this more robust for future extensions,
recognize a received EAPOL-Key message as msg 4/4 if it is for RSN
(i.e., not WPAv1), has Secure=1, contains an unencrypted Key Data field,
and does not include RSNE.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow additional elements and KDEs to be added to EAPOL-Key msg 1/4 and
3/4 and allow EAPOL-Key msg 3/4 Key Data field to be not encrypted.
These are for testing purposes to enable a convenient mechanism for
testing supplicant behavior with either potential future extensions or
incorrect Authenticator behavior.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Avoid race conditions (especially with UML time travel) between AP
completion of 4-way handshake and traffic test.
Signed-off-by: Jouni Malinen <j@w1.fi>
Handle the center frequency to channel mapping more cleanly by skipping
the cases where the center frequencies are not set and verifying that
the mapping succeeds when they are set.
Signed-off-by: Jouni Malinen <j@w1.fi>
seg0 and seg1 variables can have any initial value, but they may cause
the BSS to have a wrong configuration later on in cases where the
separate center frequencies are not set.
Signed-off-by: Baligh Gasmi <gasmibal@gmail.com>
When p2p->state == P2P_LISTEN_ONLY, the statement before it
'p2p->cfg->is_p2p_in_progress(p2p->cfg->cb_ctx)' will be true, too, so
this function will print a message "Operation in progress" and return;
the workaround to handle listen failure will be never reached.
I met such an error when the 'remain-on-channel' command failed, then
the function p2p_ext_listen_timeout() just printed 'Operation in
progress' again and again, and the listen operation was not started
anymore.
Fixes: 0f1034e388 ("P2P: Refrain from performing extended listen during P2P connection")
Signed-off-by: zhuhai <zhuhai.mail@163.com>
There are multiple redundant MIN macro declarations, some of which are
not protecting against side effects. Move it to common.h instead.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
There is currently a bias towards moving to higher bands but not one
against moving away from them. Fix that.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>