In addition, make the compiler warn if a new enum value is added without
defining the matching mapping to a string.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is more convenient to see the exact error in the debug log instead of
getting noted that something was invalid.
Signed-off-by: Jouni Malinen <j@w1.fi>
The nl_connect is initialized with the process_bss_event() handler.
However, it is used several times with the default valid handler. As a
result, if a message that is only valid for process_bss_event() is
received while the default handler is used, it will be dropped.
This has been observed in a case where during the 4-way handshake, a
Beacon frame is received on the AP side, which triggers a beacon update,
just before receiving the next EAPOL. When send_and_recv_msgs_owner() is
called for sending the NL80211_CMD_SET_BEACON command, the
NL80211_CMD_CONTROL_PORT_FRAME event is already pending. As a result, it
is received with the default handler, which drops it. Since the EAPOL
frame is dropped, the connection attempt fails.
Fix it by using the process_bss_event() handler when the nl_connect
handler is used.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
While it does not look like the stale pointer could have been
dereferenced in practice, it is better not to leave the stale pointer to
freed memory in place to avoid accidental uses.
Signed-off-by: Jouni Malinen <j@w1.fi>
hapd->tmp_eap_user needs to be cleared on interface deinit to avoid
leaving stale pointers to freed memory.
Fixes: ee431d77a5 ("Add preliminary support for using SQLite for eap_user database")
Signed-off-by: Jouni Malinen <j@w1.fi>
When an interface is disabled, e.g. due to radar detected,
hapd->time_adv is freed by hostapd_free_hapd_data(), but later
used by ieee802_11_build_ap_params() calling hostapd_eid_time_adv().
Thus hapd->time_adv needs to be cleared as well.
Fixes: 39b97072b2 ("Add support for Time Advertisement")
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
The roam D-Bus and ROAM control itnerface commands flip the reassociate
bit before calling wpa_supplicant_connect(). wpa_supplicant connect
eventually aborts ongoing scans (if any), which causes scan results to
be reported. Since the reassociate bit is set, this will trigger a
connection attempt based on the aborted scan's scan results and cancel
the initial connetion request. This often causes wpa_supplicant to
reassociate to the same AP it is currently associated to instead of the
explicitly requested roaming target.
Add a roam_in_progress flag to indicate that we're currently attempting
to roam via an explicitly request to a specific BSS so that we don't
initiate another connection attempt based on the possibly received scan
results from a scan that was in progress at the time the roam command
was received.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Add a QCA vendor attribute to configure the driver to allow the 6 GHz
connection with all security types. This attribute is used for testing
purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a QCA vendor attribute to ignore SAE H2E requirement mismatch for 6
GHz connection. This attribute is used for testing purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
os.stat(path) failure is an ambigious indication of the control
interface "path" type (UDP hostname vs. UNIX domain socket path). The
path may be a valid UNIX domain socket path, but that socket could have
been removed just before reaching here. At least the hwsim test case
concurrent_p2pcli managed to hit the "connect exception" print below
from UDP handling even when using a UNIX domain socket.
Work around incorrect determination of control interface socket type by
assuming anything starting with '/' is a UNIX domain socket and not a
hostname.
Fixes: a2c88a8025 ("wpaspy: Add support for UDP connection")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Need to close the WpaSupplicant instance on the extra radio before
returning from this test case since that interface is going to be
removed and WpaSupplicant.__del__() can time out on trying to detach the
monitor connection after that.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
sm->bssid is still the BSSID of the previous AP at this point in the FT
protocol, so need to show the target AP's BSSID instead in the failure
message.
Fixes: 8c1f61e820 ("OCV: Report OCI validation failures with OCV-FAILURE messages (STA)")
Signed-off-by: Jouni Malinen <j@w1.fi>
Make it more difficult to miss issues that were previously only printed
out in /tmp/hwsim-test-logs/*-parallel.log. This covers things like
memory leaks and test script failures or forgotten development time
prints to stdout.
Signed-off-by: Jouni Malinen <j@w1.fi>
The wpa_ie buffer is now allocated here and needs to be freed before
returning from the function.
Fixes: d2ba0d719e ("Move assoc param setting into a helper function")
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a shared code path for freeing the wpa_ie buffer to avoid
unnecessary complexity with a separate return for the non-FILS case.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is an attempt of making the code easier to understand for static
analyzers. The helper functions were already verifying that these IEs
are fully within the memory buffer, but that may not have been clear
enough for automated analysis.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit f1df4fbfc7 ("mesh: Use setup completion callback to complete
mesh join") added a check for iface->conf being NULL into a debug print.
However, it is not clear how that could be NULL here. In any case,
setup_interface() could end up dereferencing iface->conf in the call to
hostapd_validate_bssid_configuration(), so better be consistent with the
checks and not get warnings from static analyzers regardless of whether
this can happen in practice.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no point in trying to build in rest of this function if in the
middle of it the CONFIG_NO_RADIUS case would unconditionally fail.
Simply make all of this be conditional on that build parameter not being
set to make things easier for static analyzers.
Signed-off-by: Jouni Malinen <j@w1.fi>
The value from the initial RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED check
ended up getting overridden with the following if. This was supposed to
be a single if statement to avoid that.
Fixes: 9c02a0f5a6 ("FILS: Add generation of FILS Discovery frame template")
Signed-off-by: Jouni Malinen <j@w1.fi>
Build eap_*.so into the wpa_supplicant similarly with the wpa_supplicant
binary and include the shared helper functions from additional files
into the builds. This got broken at some point with the build system
changes.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case was missing an explicit CAPI ap_reset_default and that
could result in hostapd being left running at the end of the test case.
This could result in issues with following test cases if they used a new
radio interface from HWSimRadio().
Signed-off-by: Jouni Malinen <j@w1.fi>
This resulted in an attempt to dereference a NULL pointer since sta_addr
is not known in this type of a case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These frames are used for verifying that a specific SA and protected
link is in functional state between two devices. The IEEE 802.11
standard defines only a case that uses individual MAC address as the
destination. While there is no explicit rule on the receiver to ignore
other cases, it seems safer to make sure group-addressed frames do not
end up resulting in undesired behavior. As such, drop such frames
instead of interpreting them as valid SA Query Request/Response.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
For an autonomous P2P group on the 5 GHz band, a channel was picked only
from the operating class 115 which is not available in the EU region
anymore. As a result, an autonomous group creation would always fail in
this generic 5 GHz channel case.
There are more possible available channels for the 5 GHz currently.
Especially in the EU region, the operating class 115 channels are no
longer available, but SRD channels (the operating class 124) are
available. Allow them to be used here if they are marked as allowed for
P2P GO use.
In addition, iterate through all the potential options instead of just
checking the first randomly picked channel. Start this iteration from
random position to maintain some randomness in this process.
Signed-off-by: Jimmy Chen <jimmycmchen@google.com>