hostapd/src/common
Jouni Malinen b686745c76 Android: Harden wpa_ctrl_open2() against potential race conditions
The Android-specific chmod and chown operations on the client socket
(for communication with wpa_supplicant) did not protect against file
replacement between the bind() and chmod()/chown() calls. If the
directory in which the client socket is created (depends a bit on the
version and platform, but /data/misc/wifi/sockets is commonly used)
allows write access to processes that are different (less privileged)
compared to the process calling wpa_ctrl_open2(), it might be possible
to delete the socket file and replace it with something else (mainly, a
symlink) before the chmod/chown operations occur. This could have
resulted in the owner or permissions of the target of that symlink being
modified.

In general, it would be safest to use a directory which has more limited
write privileges (/data/misc/wifi/sockets normally has 'wifi' group
(AID_WIFI) with write access), but if that cannot be easily changed due
to other constraints, it is better to make wpa_ctrl_open2() less likely
to enable this type of race condition between the operations.

Replace chown() with lchown() (i.e., a version that does not dereference
symlinks) and chmod() with fchmod() on the socket before the bind() call
which is also not going to dereference a symlink (whereas chmod()
would). lchown() is a standard operation, but the fchmod() on the socket
is less so (unspecified behavior in some systems). However, it seems to
work on Linux and in particular, on Android, where this code is
executed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-06 20:20:20 +02:00
..
cli.c cli: Share a common tokenize_cmd() implementation 2016-08-06 12:46:39 +03:00
cli.h cli: Share a common tokenize_cmd() implementation 2016-08-06 12:46:39 +03:00
common_module_tests.c tests: More ieee802_11_vendor_ie_concat() coverage 2016-12-26 14:44:44 +02:00
ctrl_iface_common.c hostapd: Add wpa_msg_ctrl() to report Probe Request frames from STA 2017-11-23 20:12:34 +02:00
ctrl_iface_common.h hostapd: Add wpa_msg_ctrl() to report Probe Request frames from STA 2017-11-23 20:12:34 +02:00
defs.h FT: SHA384-based AKM in RSNE processing 2018-06-05 01:11:41 +03:00
dhcp.h FILS: Fix fils_hlp.c build with older netinet/udp.h definitions 2017-02-26 12:18:29 +02:00
dpp.c DPP: Fix build with LibreSSL 2.8.3 2018-12-21 12:21:03 +02:00
dpp.h DPP: Set group id through DPP_AUTH_INIT or dpp_configurator_params 2018-08-30 23:34:00 +03:00
eapol_common.h PAE: Use be16/be32 instead of u16/u32 for spartse 2016-06-24 01:38:48 +03:00
gas.c DPP: Configuration exchange 2017-06-19 21:13:15 +03:00
gas.h DPP: Configuration exchange 2017-06-19 21:13:15 +03:00
gas_server.c DPP: Fix error path handling for GAS Comeback Response building 2018-11-25 13:51:26 +02:00
gas_server.h DPP: Configuration exchange 2017-06-19 21:13:15 +03:00
hw_features_common.c hostapd: Add supported channel bandwidth checking infrastructure 2019-01-06 11:54:34 +02:00
hw_features_common.h hostapd: Add supported channel bandwidth checking infrastructure 2019-01-06 11:54:34 +02:00
ieee802_1x_defs.h mka: Support GCM-AES-256 2018-08-21 19:28:20 +03:00
ieee802_11_common.c Use a helper function for checking Extended Capabilities field 2019-01-02 18:13:19 +02:00
ieee802_11_common.h Use a helper function for checking Extended Capabilities field 2019-01-02 18:13:19 +02:00
ieee802_11_defs.h Use a helper function for checking Extended Capabilities field 2019-01-02 18:13:19 +02:00
linux_bridge.h vlan: Use new bridge ioctl() 2019-01-02 00:23:43 +02:00
linux_vlan.h Use own header file for defining Linux VLAN kernel interface 2016-03-26 11:24:38 +02:00
Makefile tests: Add p2p-fuzzer 2015-04-22 11:44:19 +03:00
ocv.c OCV: Add function to verify a received OCI element 2018-12-17 00:02:14 +02:00
ocv.h OCV: Add function to verify a received OCI element 2018-12-17 00:02:14 +02:00
privsep_commands.h Remove all PeerKey functionality 2017-10-16 02:03:47 +03:00
qca-vendor-attr.h Make qca-vendor.h independent of other header files 2014-04-25 11:41:36 +03:00
qca-vendor.h Vendor command to query the supported AKMs from the driver 2018-12-21 21:09:48 +02:00
sae.c SAE: Add support for using the optional Password Identifier 2018-05-19 17:30:29 +03:00
sae.h SAE: Add support for using the optional Password Identifier 2018-05-19 17:30:29 +03:00
tnc.h tests: TNC testing 2014-05-17 20:05:55 +03:00
version.h The master branch is now used for v2.8 development 2018-12-02 22:55:28 +02:00
wpa_common.c OCV: Parse all types of OCI information elements 2018-12-17 00:02:14 +02:00
wpa_common.h OCV: Parse all types of OCI information elements 2018-12-17 00:02:14 +02:00
wpa_ctrl.c Android: Harden wpa_ctrl_open2() against potential race conditions 2019-01-06 20:20:20 +02:00
wpa_ctrl.h WNM: Collocated Interference Reporting 2018-10-30 14:07:51 +02:00
wpa_helpers.c wpa_helpers: Ignore link-local IPv4 address while waiting for DHCP 2017-03-26 21:13:21 +03:00
wpa_helpers.h Add wpa_ctrl helper functions for upper level functionality 2014-03-12 01:09:21 +02:00