Commit graph

8446 commits

Author SHA1 Message Date
Janusz Dziedzic
5f10b7f498 Use common hw_get_freq/hw_get_chan helpers in hostapd
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-10 17:35:53 +02:00
Janusz Dziedzic
269dfe232b Introduce common hw features
Introduce wpa_supplicant/hostapd hw features.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-10 17:35:53 +02:00
Janusz Dziedzic
1830817ece IBSS: Add WPA_DRIVER_FLAGS_HT_IBSS
Add WPA_DRIVER_FLAGS_HT_IBSS driver feature flag. Some drivers could not
set this feature and next could fail when we will enable HT support for
IBSS with error message: nl80211: Join IBSS failed: ret=-22 (Invalid
argument).

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-10 17:35:53 +02:00
Bob Copeland
f3b8ad4d78 SAE: Implement retransmission timer
Add the t0 retransmission timer as specified by IEEE Std 802.11-2012,
11.3.8.4. This makes SAE much more likely to succeed in the case of lost
frames.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-01-10 17:35:52 +02:00
Bob Copeland
a206e2a175 SAE: Centralize function for sending initial COMMIT
When performing SAE authentication in mesh, one station may
initiate authentication by sending a COMMIT as soon as a peer
candidate is discovered. Previously we did this in mesh_rsn.c,
but this left some of the state initialization in a different
part of the code from the rest of the state machine, and we may
need to add other initializations here in the future, so move
that to a more central function.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-01-10 11:43:29 +02:00
Imre Vadasz
28c91ee124 bsd: Fix parsing of ieee80211req_scan_result on FreeBSD and DragonFly
On FreeBSD and DragonFly BSD, we additionally need to skip the
isr_meshid_len bytes of the MESH ID, to get the correct address for
copying the IE data.

The isr_meshid_len field was added in the FreeBSD svn revision r195618
in 2009, so I don't think we need to check the FreeBSD version here.

Signed-off-by: Imre Vadász <imre@vdsz.com>
2015-01-10 11:43:29 +02:00
Narayan Kamath
96d1d97af6 Android: Remove hardcoded ICU include paths from hs20-osu-client
ICU exports them using LOCAL_EXPORT_C_INCLUDE_DIRS.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-01-10 01:00:29 +02:00
Johannes Berg
2e1d7386e2 tests: Refactor tshark running
Refactor the code to run tshark into its own submodule. This allows
even remembering whether -Y or -R needs to be used for filtering.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-01-10 00:53:57 +02:00
Jouni Malinen
0e126c6dca tests: Out-of-memory cases for D-Bus operations
This increases testing coverage on various error paths.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-09 02:46:26 +02:00
Jouni Malinen
795b6f57a8 tests: Additional D-Bus error path coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-09 02:32:15 +02:00
Jouni Malinen
a354bcc886 D-Bus: Use NoMemory error message from CreateInterface
Try to be a bit more consistent by using NoMemory instead of InvalidArgs
if os_strdup() fails in the CreateInterface handler.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-09 02:32:15 +02:00
Jouni Malinen
635874b55a Handle interface disabled/enabled more consistently
It was possible for the interface not to be marked in INTERFACE_DISABLED
state in case the event was processed for P2P GO because the wpa_s
instance could have been removed in case of a separate group interface.
Change the state first to avoid leaving different state for the case
where separate group interface is not used.

Mark scan to be a normal scan on INTERFACE_ENABLED so that scanning
rules (e.g., skip scan if no networks enabled) get used consistently.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:48 +02:00
Jouni Malinen
8f2cf37923 P2P: Indicate reason=UNAVAILABLE for group netdev going down
There is a race condition between receiving an AP stopped event and
netdev down event. These resulted in different group removal reasons on
a GO device (UNAVAILABLE for stop AP event coming first and REQUESTED
for netdev event first). Make this more consistent by reporting
UNAVAILABLE for both possible cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:48 +02:00
Jouni Malinen
cd9548c02f tests: Add out-of-memory loop tests for hostapd startup
These test cases run hostapd interface setup multiple times with
TEST_ALLOC_FAIL commands triggering memory allocation failures one by
one at each possible location in the setup sequence. Effectively, these
test cases will hit most error paths for memory allocation issue cases
(i.e., only the cases requiring more than one allocation failure in a
sequence are not covered).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:48 +02:00
Jouni Malinen
f7af5a48f4 tests: hostapd BSS addition failures
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:48 +02:00
Jouni Malinen
fff95bb614 tests: hostapd interface setup and memory allocation failures
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:48 +02:00
Jouni Malinen
f12240a371 tests: Memory allocation failure in wpa_supplicant blacklist
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:48 +02:00
Jouni Malinen
81e787b750 tests: Convert test skipping to use exception
Instead of returning "skip" from the test function, raise the new
HwsimSkip exception to indicate a test case was skipped.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:47 +02:00
Johannes Berg
9c8779daf6 tests: Use rfkill python module
Instead of calling the rfkill binary, use the built-in module.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-01-08 20:56:54 +02:00
Johannes Berg
bd31b92a68 tests: Add rfkill module
This can be used instead of invoking the rfkill binary.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-01-08 20:56:47 +02:00
Jouni Malinen
86a7fbb2c1 Verify that eloop_register_read_sock() succeeds for ctrl_iface setup
This allows faster detection of a case where a memory allocation fails
within eloop.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 02:34:08 +02:00
Jouni Malinen
27d9701dea Fix a memory leak on WPA authenticator error path
wpa_auth->group needs to be freed if PMK cache setup fails.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 02:34:08 +02:00
Jouni Malinen
c1c07dcb70 Fix hostapd interface addition error path
The local conf pointer needs to be cleared once it gets assigned to
hapd_iface to avoid double-free of the configuration data on error path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 02:34:08 +02:00
Jouni Malinen
6a964b7560 tests: Make scan_random_mac more robust
There is a race condition between wlantest having received and written
the sniffer log and this test case using tshark to process it. Wait one
second before running tshark to make it less likely to get truncated
results that can result in the test case failing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 16:31:22 +02:00
Jouni Malinen
51c5aeb42a tests: Convert "hwsim-SKIP" exception to use a custom class
This makes the design a bit cleaner for catching the exceptions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 16:31:22 +02:00
Jouni Malinen
910eb5b525 tests: Import dbus module in a cleaner way
There is no need to use prepare_dbus() function to check whether the
dbus module can be imported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:29:25 +02:00
Jouni Malinen
a156ffda61 Add support for testing memory allocation failures
The new control interface command TEST_ALLOC_FAIL and GET_ALLOC_FAIL can
now be used to trigger memory allocation failures for testing purposes.
TEST_ALLOC_FAIL sets a failure conditions with
<count>:func[;func][;func]... string and GET_ALLOC_FAIL returns the
current state using the same format. Whenever an allocation is made with
a matching backtrace of calling functions, the count is decremented by
one and once zero is reached, the allocation is forced to fail.

Function names can be prefixed with either '=' or '?' to get different
matching behavior. '=' requires this specific function to be the next
one in the backtrace (i.e., do not skip any other functions in the list
which is the default behavior). '?' allows the function to be optionally
present in the backtrace.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:43 +02:00
Jouni Malinen
52b3943c94 D-Bus: Fix interface unregistration on error path
It is possible for this function to get called even if D-Bus
registration had failed, so the path can be NULL here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:01 +02:00
Jouni Malinen
96dc9a6d42 D-Bus (old): Fix interface unregistration on error path
It is possible for this function to be called even if D-Bus interface
registration has failed. Avoid a D-Bus assert in such a case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:01 +02:00
Jouni Malinen
ef0355780a Fix memory leak on wpa_supplicant_init_wpa() error path
If wpa_sm_init() fails, the context data needs to be freed in the
caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
52a80583ba TDLS: Fix an interface addition error path
It is possible for wpa_tdls_teardown_peers() to be called with sm ==
NULL in case interface addition fails before the WPA state machine is
initialized.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
f2d57282ad D-Bus: Fix string array dict entry parser in out-of-memory case
entry->strarray_value was left to point to freed memory in case
os_realloc_array() failed. This resulted in the following
wpa_dbus_dict_entry_clear() trying to free an already freed memory area.
In addition, the separately allocated strings in the array would have
been leaked in such a case. Furthermore, wpa_dbus_dict_entry_clear() was
not prepared for the possibility of the initial os_calloc() call failing
and entry->strarray_value being NULL without array_len being cleared to
zero. That would have resulted in reading uninitialized memory and NULL
pointer dereference.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
c61bc23aa2 D-Bus: Fix byte array dict entry parser in out-of-memory case
entry->bytearray_value was left to point to freed memory in case
os_realloc_array() failed. This resulted in the following
wpa_dbus_dict_entry_clear() trying to free an already freed memory area.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
dacf605812 D-Bus: Fix Introspect() in case of os_strdup() failure
add_interface() did not check for os_strdup() return value and could end
up dereferencing a NULL pointer if memory allocation failed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
68a866974b D-Bus (old): Fix wpsReg error message
This was supposed to return WpsRegError, not WpsPbcError.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
f0614bc6c6 D-Bus (old): Fix message handler error paths
The error reply needs to be sent out as a response. The "out" label was
in incorrect place to allow that to happen; instead, it ended up leaking
memory for the generated reply message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
a2af1c70c5 D-Bus (old): Fix memory leak on error path
If setSmartcardModules() fails to allocate memory with os_strdup(), the
allocated items in the dict entry were not freed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
3d2e2d5d63 trace: Fix compiler warning on 32-bit builds with bfd support
With CONFIG_WPA_TRACE_BFD, the type cast from void* to integer was
generating a compiler warning due to the target integer being larger in
size in case of 32-bit builds. Type case to bfd_hostptr_t instead of
directly to bfd_vma to avoid this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 18:30:20 +02:00
Jouni Malinen
b9f6560f38 eloop: Fix WPA_TRACE tracking in case of realloc failure
The socket reference tracking entries need to be restored in case
os_realloc_array() fails when adding a new eloop socket.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 18:30:20 +02:00
Jouni Malinen
e10422c025 Fix memory leak on hostapd BSS addition error path
The per-BSS configuration information needs to be freed if hostapd fails
to add a new interface for a BSS added with "ADD bss_config=..."
command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 18:30:20 +02:00
Jouni Malinen
2801659268 Fix hostapd initialization error path on allocation failure
If hostapd_alloc_bss_data() failed to allocate the struct hostapd_data
instance, dynamic interface addition path ended up trying to dereference
freed memory due to incorrect cleanup steps. Fix this by decrementing
the interface count when the newly added interface is removed. In
addition, make the setup more robust by clearing all changes within
hostapd_data_alloc() if any of the allocations fails.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 18:30:20 +02:00
Jouni Malinen
d58ade2121 nl80211: Fix compilation with libnl 1.1 and 2.0
Unfortunately, libnl 3.0 has changed the API in a way that is not
backwards compatible by renaming nlmsg_len() to nlmsg_datalen() without
leaving the older nlmsg_len() defined. As such, there does not seem to
be any clean way of using this function without breaking the build with
some libnl versions. For now, replace this call with direct calculation
of the data length since it can be done with a simple one-liner that
compiles with all libnl versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 18:30:20 +02:00
Jouni Malinen
c975e1c1da tests: Additional bgscan coverage
Verify error cases in bgscan module parameters. Increase learn bgscan
module coverage with parsing of the saved data and probe frequency
selection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 02:49:13 +02:00
Jouni Malinen
51f3427019 crypto: Clear temporary stack buffers after use
This reduces possibility of exposure of private keys should something
get access to stack memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 02:49:13 +02:00
Jouni Malinen
77a2c3941e crypto: Clear temporary heap allocations before freeing
This reduces the time private keys may remain in heap memory after use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 02:49:13 +02:00
Jouni Malinen
a15a7fcf69 DH: Clear memory explicitly on private key deinit
Remove any DH private key from heap memory after use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 18:03:40 +02:00
Jouni Malinen
77c45e2b35 Add wpabuf_clear_free() to allow clearing of freed memory
This can be useful when a wpabuf is used to store private data that
should not be left in heap after use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 18:02:04 +02:00
Jouni Malinen
59be78ef93 tests: Move SHA256 test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 17:34:20 +02:00
Jouni Malinen
4b462a0226 tests: Move SHA1 test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 17:29:00 +02:00
Jouni Malinen
a90c7d91a0 OpenSSL: Fix pbkdf2_sha1() wrapper
This was supposed to use the iterations parameter from the caller
instead of the hardcoded 4096. In practice, this did not have problems
for normal uses since that 4096 value was used in all cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 17:27:08 +02:00