Skip to content

GitLab

Switch branch/tag
  1. 19 Mar, 2016 1 commit
  3. 04 Mar, 2016 1 commit
    • Paul Stewart's avatar
      Remove newlines from config output · 85c72c61
      Paul Stewart authored 
      Spurious newlines output while writing the config file can
corrupt the wpa_supplicant configuration.  Avoid writing these.

Bug: 27371366
Change-Id: I3bb99b8c46dba1c81cbccc76ed0cd01abc3ccef9
      85c72c61
  5. 09 Nov, 2015 2 commits
  7. 06 Nov, 2015 3 commits
  9. 09 Apr, 2015 1 commit
    • Jouni Malinen's avatar
      P2P: Validate SSID element length before copying it · fdb708a3
      Jouni Malinen authored 
      
This fixes a possible memcpy overflow for P2P dev->oper_ssid in
p2p_add_device(). The length provided by the peer device (0..255 bytes)
was used without proper bounds checking and that could have resulted in
arbitrary data of up to 223 bytes being written beyond the end of the
dev->oper_ssid[] array (of which about 150 bytes would be beyond the
heap allocation) when processing a corrupted management frame for P2P
peer discovery purposes.

This could result in corrupted state in heap, unexpected program
behavior due to corrupted P2P peer device information, denial of service
due to process crash, exposure of memory contents during GO Negotiation,
and potentially arbitrary code execution.

Thanks to Google security team for reporting this issue and smart
hardware research group of Alibaba security team for discovering it.

Change-Id: I9f350f20cdd010f2c096514b245b4a901ad74e46
Signed-off-by: default avatarJouni Malinen <jouni@qca.qualcomm.com>
      fdb708a3
  11. 14 Nov, 2013 1 commit
  13. 07 Nov, 2013 1 commit
  15. 24 Oct, 2013 1 commit
    • Jouni Malinen's avatar
      Fix ENABLE_NETWORK not to reconnect in disconnected state (DO NOT MERGE) · b4d426da
      Jouni Malinen authored 
      DISCONNECT followed by ENABLE_NETWORK ended up starting a scan for a new
connection due to wpa_supplicant_enable_one_network() setting
wpa_s->reassociate = 1. This was done regardless of wpa_s->disconnected
being 1 which should imply that wpa_supplicant should not try to connect
before asked explicitly with REASSOCIATE or RECONNECT.

Fix this by making ENABLE_NETWORK setting of reassociate = 1 and
starting of scans for connection conditional on wpa_s->disconnected ==
0. This will make ENABLE_NETWORK trigger a connection only if
wpa_supplicant is already in a state where it would try to connect if
there are any enabled networks.

Bug: 10483405

Change-Id: Iae606745270f6f3185d5705947f8ccd46bc3a904
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
      b4d426da
  17. 17 Oct, 2013 1 commit
  19. 13 Oct, 2013 1 commit
  21. 10 Oct, 2013 1 commit
  23. 08 Oct, 2013 2 commits
  25. 01 Oct, 2013 1 commit
  27. 30 Sep, 2013 7 commits
    • Sunil Dutt's avatar
      TDLS: Do not start concurrent TDLS setup · 73b28cc4
      Sunil Dutt authored 
      A new TDLS request shall transmit TPK M1 frame with a unique INonce.
Thus a new explicit request would fail an ongoing TDLS negotiation with
the error "TDLS: FTIE SNonce in TPK M3 does not match with FTIE SNonce
used in TPK M1" if the peer happens to receive two M1 frames before an
M3 frame. Check for the ongoing negotiation with the peer and do not
start a new one if we are already in a setup negotiation with the peer.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
      73b28cc4
    • Sunil Dutt's avatar
      TDLS: Use wpa_tdls_disable_peer_link() in TPK M1 processing · 8b43e82b
      Sunil Dutt authored 
      This function is used only with external setup, so this can cleaned up
to use simpler design.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
      8b43e82b
    • Sunil Dutt's avatar
      TDLS: Use wpa_tdls_disable_peer_link() to avoid peer search · d0ef38b5
      Sunil Dutt authored 
      There is no need to go through the peer list when we already have a
pointer to the specific peer entry.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
      d0ef38b5
    • Sunil Dutt's avatar
      TDLS: Use helper function for disable link operation · 38ffd887
      Sunil Dutt authored 
      This is called from number of locations and it is more efficient to use
a new helper function instead of wpa_tdls_disable_link() that would do
peer address search from the list of peers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
      38ffd887
    • Sunil Dutt's avatar
      TDLS: Clean up wpa_tdls_teardown_link() uses · 6a9f522e
      Sunil Dutt authored 
      Making this function be used only for external setup case simplifies the
implementation and makes core wpa_supplicant calls in ctrl_iface.c and
events.c consistent.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
      6a9f522e
    • Sunil Dutt's avatar
      TDLS: Do not modify RNonce for an TPK M1 frame with same INonce · 6102472d
      Sunil Dutt authored 
      There is no point in updating the RNonce for every obtained TPK M1 frame
(e.g., retransmission due to timeout) with the same INonce (SNonce in
FTIE). Update RNonce only if a TPK M1 is received with a different
INonce (new TDLS session) to avoid issues with two setup exchanges
getting mixed and exchange failing due to mismatching nonces ("TDLS:
FTIE ANonce in TPK M3 does not match with FTIE ANonce used in TPK M2").

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
      6102472d
    • Sunil Dutt's avatar
      TDLS: Disable the created link on a failed TDLS handshake · adce9cf7
      Sunil Dutt authored 
      Clear the peer information and disable the created link on a
failed TDLS setup negotiation. This is needed to avoid leaving
TDLS setup pending and to return to the AP path in case anything
goes wrong during the setup attempt.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
      adce9cf7
  29. 29 Sep, 2013 1 commit
  31. 27 Sep, 2013 1 commit
    • Jouni Malinen's avatar
      Fix possible freed-memory use in BSS table updates · 7a6c830d
      Jouni Malinen authored 
      If there are large number of BSSes in the scan results, BSS table update
could have added a BSS entry to the last_scan_res in a case where that
BSS entry got just deleted. This would happen only if there are more
than bss_max_count (by default 200) BSSes and if at least bss_max_count
of those BSSes are known (match a configured network). In such a case,
wpa_bss_add() could end up allocating a new BSS entry and return a
pointer to that entry even if it was the one that ended up getting freed
to keep the BSS table length within the limit. This could result in
freed memory being used and the process crashing (likely with segfault)
when trying to access information from that BSS entry.

Fix the issue by removing the oldest BSS entry before linking the new
entry to the table. This makes sure the newly added entry will never get
picked up as the one to be deleted immediately.

Bug: 10964663

Change-Id: I495dd2503127263746a69c9ef040c9e62fec0bda
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
      7a6c830d
  33. 18 Sep, 2013 2 commits
  35. 17 Sep, 2013 2 commits
  37. 16 Sep, 2013 2 commits
  39. 12 Sep, 2013 2 commits
  41. 10 Sep, 2013 1 commit
  43. 09 Sep, 2013 1 commit
  45. 03 Sep, 2013 1 commit
    • Dmitry Shmidt's avatar
      Cumulative patch from commit b2b688d18d40cd667d0faa149b4a7172166b3bd4 · 391c59f0
      Dmitry Shmidt authored 
      
b2b688d P2P: Fix crash when failed to create GO interface
6197169 WPS NFC: Fix build without CONFIG_AP=y
e1ae5d7 SAE: Fix build without CONFIG_AP=y
813e7b3 P2P: Remove group from timeout on PSK failure
5bf9a6c P2P: Add event messages for possible PSK failures on P2P groups
eac8dab P2P: Document per-client keys and p2p_remove_client
43c693c P2P: Do not store duplicate PSK entries for the same device
f2c5660 P2P: Add a command for removing a client from all groups
01a57fe P2P: Maintain list of per-client PSKs for persistent groups
759fd76 P2P: Select PSK based on Device Address instead of Interface Address
94ddef3 P2P: Make peer's P2P Device Address available to authenticator
52177fb P2P: Store P2P Device Address in per-device PSK records
05766ed P2P: Allow per-device PSK to be assigned
698e921 wpa_cli: Add tab completion for p2p_set field values
0b5fb86 P2P: Stop listen state when listen-only duration is over
02a3e5c wpa_cli: Allow first DISCONNECTED event to be reported
cdf8bfa Disallow WEP configuration in WPA network
731ef43 D-Bus: Fix per-iface object unregistration on not existing objects
447969e D-Bus: Do not send network notification for all P2P groups
eb32460 Fix switching from EAP-SIM to EAP-AKA/AKA'
f2b3f4d P2P: Allow P2P functionality to be disabled per interface
50f4f2a hostapd: Add Automatic Channel Selection (ACS) support
43ee470 P2P: Immediate group removal in GC in case of deauthentication
fcf2052 Fix MNC length for Swisscom SIM cards

Bug: 10606228, 10513949

Change-Id: I63ba0e2ab4fa76e6afa7a34be42e8e847e1511b0
Signed-off-by: default avatarDmitry Shmidt <dimitrysh@google.com>
      391c59f0
  47. 29 Aug, 2013 1 commit
  49. 26 Aug, 2013 1 commit
    • Dmitry Shmidt's avatar
      Cumulative patch from commit 853b49a030c00fd6b2dde14e183ca2bf108eaa16 · b7b4d0ec
      Dmitry Shmidt authored 
      
853b49a tests: Increase test_ap_wps_init connection timeout
28de68a P2P: Update peer operating channel from GO Negotiation Confirm
6701fdc P2P: Use the first pref_chan entry as operating channel preference
99d7c76 P2P: Add more debug info on operating channel selection
8d660e0 P2P: Add GO negotiation results into the P2P-GO-NEG-SUCCESS event
2c6f8cf Replace perror() with wpa_printf(strerror) in ctrl_iface calls
e743db4 IBSS RSN: Add IBSS-RSN-COMPLETED event message
4c55901 P2P: Add state info to global STATUS command
ae8c27f Add STATUS command to global control interface
42868f1 Add SAVE_CONFIG command to global control interface
1b9b31c Add SET command for global control interface
0185007 hostapd: Add survey dump support
245e026 hostapd: Split up channel checking into helpers
ba873bd wired: Wait for the link to become active before sending packets
d393de1 P2P: Validate the freq in p2p_group_add
973622c wpa_supplicant: Fix AP mode frequency initialization
d99ca89 P2P: Skip non-P2P interface in p2p_group_remove *
239abaf WPS: Set currently used RF band in RF Bands attribute
bf83eab nl80211: Start P2P Device when rfkill is unblocked
60b13c2 nl80211: Do not change type to station on P2P interfaces
e0591c3 wpa_supplicant: Reduce wait time for control interfaces
5046eb4 P2P: Allow separate interface GO to disconnect low-ack STAs
5bcd5c5 FT RRB: Clear pad field to avoid sending out uninitialized data
b378c41 nl80211: Fix deinit path to unregister nl_mgmt socket
a235aca Fix DETACH command debug prints to avoid use of freed memory
8d6e035 Make global UNIX socket non-blocking for ctrl_iface
86bd141 Change WEP network selection to reject WPA/WPA2 APs
2e145e9 WPS: Fix failure path to allow WSC_NACK and EAP-Failure to be exchanged
3351a38 WPS: Add control interface command for fetching latest status
e96872a WPS: Track peer MAC address from the last operations
ae23935 WPS: Track PBC status
61b6520 WPS: Track result of the latest WPS operation
50396e2 WPS: Add PBC mode activated/disabled events
961750c WPS: Share a common function for error strings
30158a0 nl80211: Update the assoc_freq during connect
83e7bb0 nl80211: Add more debug prints for DEL_STATION commands

Bug: 9056601

Change-Id: I8bc671eb13f4c2c388a4c15cf1ba968c24c9656a
Signed-off-by: default avatarDmitry Shmidt <dimitrysh@google.com>
      b7b4d0ec
  51. 16 Aug, 2013 1 commit