Cumulative patch from commit 5f7e1c06cd428888a2ed4fa763c5da37a873e422

5f7e1c0 Redirect more frames with ext_mgmt_frame_handling=1
7738163 RADIUS server: Copy IPv4 address only when IPv6 is not used
508e24c dbus: Clean up error reporting for TDLS peer address parsing
3b6170b WPS: Remove duplicate variable setting
78789d9 Remove unnecessary variable initialization
a7c37d9 dbus: Remove duplicated variable assignment
e997bc7 Remove a static analyzer warning about unused variable write
ea3b8c1 Do not use a separate variable for tracking first entry in a list
8a4ce28 WPA: Clean up cipher suite counting in write routines
6ed626d Remove unused gid_str pointer update
749fa14 Debug print trailing WPA/RSN IE bytes, if any
a5802c0 OpenSSL: Avoid never-used analyzer warning
7b6e815 Clean up hostapd add_iface error path operations
67adcd2 WNM: Check wpa_s->current_bss more consistently
3ff8073 EAP-FAST: Use clear eap_get_config() result validation
a8716d1 roboswitch: Verify that register read succeeds before comparing res
3d91a04 DFS: Make sure center frequency is always initialized for VHT
fa0a9f5 trace: Fix memory use on no-function name path
bd27b13 Make code path easier for static analyzers
64abb72 nl80211: Allow old r-o-c offchannel TX to be tested
fa72a88 P2P: Fix validation on Invitation Request error path
ca412c7 Remove unreachable return statement
2af4d87 GAS: Fix additional comeback delay with status code 95
07d462c Interworking: Remove unused password setting for SIM credential
3141b82 Add OSEN to proto config field writer
b908c50 Clear hostapd bss entry to NULL on add-interface-failure
0052ce4 atheros: Add support for OSEN

Change-Id: Ifd78a8f8259e5b0f654d3dbadd24c9ab029d3afb
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index da9580e..23aab4b 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -438,10 +438,10 @@
 	int first = 1, ret;
 	char *buf, *pos, *end;
 
-	pos = buf = os_zalloc(10);
+	pos = buf = os_zalloc(20);
 	if (buf == NULL)
 		return NULL;
-	end = buf + 10;
+	end = buf + 20;
 
 	if (ssid->proto & WPA_PROTO_WPA) {
 		ret = os_snprintf(pos, end - pos, "%sWPA", first ? "" : " ");
@@ -459,6 +459,14 @@
 		first = 0;
 	}
 
+	if (ssid->proto & WPA_PROTO_OSEN) {
+		ret = os_snprintf(pos, end - pos, "%sOSEN", first ? "" : " ");
+		if (ret < 0 || ret >= end - pos)
+			return buf;
+		pos += ret;
+		first = 0;
+	}
+
 	return buf;
 }
 #endif /* NO_CONFIG_WRITE */
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 9f5d4f4..793faec 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -2074,7 +2074,8 @@
 				    const u8 *ie, size_t ie_len)
 {
 	struct wpa_ie_data data;
-	int first, ret;
+	char *start;
+	int ret;
 
 	ret = os_snprintf(pos, end - pos, "[%s-", proto);
 	if (ret < 0 || ret >= end - pos)
@@ -2089,62 +2090,58 @@
 		return pos;
 	}
 
-	first = 1;
+	start = pos;
 	if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
-		ret = os_snprintf(pos, end - pos, "%sEAP", first ? "" : "+");
+		ret = os_snprintf(pos, end - pos, "%sEAP",
+				  pos == start ? "" : "+");
 		if (ret < 0 || ret >= end - pos)
 			return pos;
 		pos += ret;
-		first = 0;
 	}
 	if (data.key_mgmt & WPA_KEY_MGMT_PSK) {
-		ret = os_snprintf(pos, end - pos, "%sPSK", first ? "" : "+");
+		ret = os_snprintf(pos, end - pos, "%sPSK",
+				  pos == start ? "" : "+");
 		if (ret < 0 || ret >= end - pos)
 			return pos;
 		pos += ret;
-		first = 0;
 	}
 	if (data.key_mgmt & WPA_KEY_MGMT_WPA_NONE) {
-		ret = os_snprintf(pos, end - pos, "%sNone", first ? "" : "+");
+		ret = os_snprintf(pos, end - pos, "%sNone",
+				  pos == start ? "" : "+");
 		if (ret < 0 || ret >= end - pos)
 			return pos;
 		pos += ret;
-		first = 0;
 	}
 #ifdef CONFIG_IEEE80211R
 	if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
 		ret = os_snprintf(pos, end - pos, "%sFT/EAP",
-				  first ? "" : "+");
+				  pos == start ? "" : "+");
 		if (ret < 0 || ret >= end - pos)
 			return pos;
 		pos += ret;
-		first = 0;
 	}
 	if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK) {
 		ret = os_snprintf(pos, end - pos, "%sFT/PSK",
-				  first ? "" : "+");
+				  pos == start ? "" : "+");
 		if (ret < 0 || ret >= end - pos)
 			return pos;
 		pos += ret;
-		first = 0;
 	}
 #endif /* CONFIG_IEEE80211R */
 #ifdef CONFIG_IEEE80211W
 	if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
 		ret = os_snprintf(pos, end - pos, "%sEAP-SHA256",
-				  first ? "" : "+");
+				  pos == start ? "" : "+");
 		if (ret < 0 || ret >= end - pos)
 			return pos;
 		pos += ret;
-		first = 0;
 	}
 	if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
 		ret = os_snprintf(pos, end - pos, "%sPSK-SHA256",
-				  first ? "" : "+");
+				  pos == start ? "" : "+");
 		if (ret < 0 || ret >= end - pos)
 			return pos;
 		pos += ret;
-		first = 0;
 	}
 #endif /* CONFIG_IEEE80211W */
 
@@ -2862,7 +2859,7 @@
 					      struct wpa_driver_capa *capa,
 					      char *buf, size_t buflen)
 {
-	int ret, first = 1;
+	int ret;
 	char *pos, *end;
 	size_t len;
 	unsigned int i;
@@ -2882,11 +2879,11 @@
 	for (i = 0; i < ARRAY_SIZE(ciphers); i++) {
 		if (!ciphers[i].group_only && capa->enc & ciphers[i].capa) {
 			ret = os_snprintf(pos, end - pos, "%s%s",
-					  first ? "" : " ", ciphers[i].name);
+					  pos == buf ? "" : " ",
+					  ciphers[i].name);
 			if (ret < 0 || ret >= end - pos)
 				return pos - buf;
 			pos += ret;
-			first = 0;
 		}
 	}
 
@@ -2898,7 +2895,7 @@
 					   struct wpa_driver_capa *capa,
 					   char *buf, size_t buflen)
 {
-	int ret, first = 1;
+	int ret;
 	char *pos, *end;
 	size_t len;
 	unsigned int i;
@@ -2918,11 +2915,11 @@
 	for (i = 0; i < ARRAY_SIZE(ciphers); i++) {
 		if (capa->enc & ciphers[i].capa) {
 			ret = os_snprintf(pos, end - pos, "%s%s",
-					  first ? "" : " ", ciphers[i].name);
+					  pos == buf ? "" : " ",
+					  ciphers[i].name);
 			if (ret < 0 || ret >= end - pos)
 				return pos - buf;
 			pos += ret;
-			first = 0;
 		}
 	}
 
@@ -2987,7 +2984,7 @@
 					   struct wpa_driver_capa *capa,
 					   char *buf, size_t buflen)
 {
-	int ret, first = 1;
+	int ret;
 	char *pos, *end;
 	size_t len;
 
@@ -3005,20 +3002,20 @@
 
 	if (capa->key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
 			      WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
-		ret = os_snprintf(pos, end - pos, "%sRSN", first ? "" : " ");
+		ret = os_snprintf(pos, end - pos, "%sRSN",
+				  pos == buf ? "" : " ");
 		if (ret < 0 || ret >= end - pos)
 			return pos - buf;
 		pos += ret;
-		first = 0;
 	}
 
 	if (capa->key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
 			      WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK)) {
-		ret = os_snprintf(pos, end - pos, "%sWPA", first ? "" : " ");
+		ret = os_snprintf(pos, end - pos, "%sWPA",
+				  pos == buf ? "" : " ");
 		if (ret < 0 || ret >= end - pos)
 			return pos - buf;
 		pos += ret;
-		first = 0;
 	}
 
 	return pos - buf;
@@ -3029,7 +3026,7 @@
 					      struct wpa_driver_capa *capa,
 					      char *buf, size_t buflen)
 {
-	int ret, first = 1;
+	int ret;
 	char *pos, *end;
 	size_t len;
 
@@ -3046,28 +3043,27 @@
 	}
 
 	if (capa->auth & (WPA_DRIVER_AUTH_OPEN)) {
-		ret = os_snprintf(pos, end - pos, "%sOPEN", first ? "" : " ");
+		ret = os_snprintf(pos, end - pos, "%sOPEN",
+				  pos == buf ? "" : " ");
 		if (ret < 0 || ret >= end - pos)
 			return pos - buf;
 		pos += ret;
-		first = 0;
 	}
 
 	if (capa->auth & (WPA_DRIVER_AUTH_SHARED)) {
 		ret = os_snprintf(pos, end - pos, "%sSHARED",
-				  first ? "" : " ");
+				  pos == buf ? "" : " ");
 		if (ret < 0 || ret >= end - pos)
 			return pos - buf;
 		pos += ret;
-		first = 0;
 	}
 
 	if (capa->auth & (WPA_DRIVER_AUTH_LEAP)) {
-		ret = os_snprintf(pos, end - pos, "%sLEAP", first ? "" : " ");
+		ret = os_snprintf(pos, end - pos, "%sLEAP",
+				  pos == buf ? "" : " ");
 		if (ret < 0 || ret >= end - pos)
 			return pos - buf;
 		pos += ret;
-		first = 0;
 	}
 
 	return pos - buf;
@@ -3078,7 +3074,7 @@
 					   struct wpa_driver_capa *capa,
 					   char *buf, size_t buflen)
 {
-	int ret, first = 1;
+	int ret;
 	char *pos, *end;
 	size_t len;
 
@@ -3095,19 +3091,19 @@
 	}
 
 	if (capa->flags & WPA_DRIVER_FLAGS_IBSS) {
-		ret = os_snprintf(pos, end - pos, "%sIBSS", first ? "" : " ");
+		ret = os_snprintf(pos, end - pos, "%sIBSS",
+				  pos == buf ? "" : " ");
 		if (ret < 0 || ret >= end - pos)
 			return pos - buf;
 		pos += ret;
-		first = 0;
 	}
 
 	if (capa->flags & WPA_DRIVER_FLAGS_AP) {
-		ret = os_snprintf(pos, end - pos, "%sAP", first ? "" : " ");
+		ret = os_snprintf(pos, end - pos, "%sAP",
+				  pos == buf ? "" : " ");
 		if (ret < 0 || ret >= end - pos)
 			return pos - buf;
 		pos += ret;
-		first = 0;
 	}
 
 	return pos - buf;
diff --git a/wpa_supplicant/ctrl_iface_unix.c b/wpa_supplicant/ctrl_iface_unix.c
index d44313c..d4e45de 100644
--- a/wpa_supplicant/ctrl_iface_unix.c
+++ b/wpa_supplicant/ctrl_iface_unix.c
@@ -244,7 +244,7 @@
 {
 	char *buf;
 	size_t len;
-	char *pbuf, *dir = NULL, *gid_str = NULL;
+	char *pbuf, *dir = NULL;
 	int res;
 
 	if (wpa_s->conf->ctrl_interface == NULL)
@@ -254,12 +254,11 @@
 	if (pbuf == NULL)
 		return NULL;
 	if (os_strncmp(pbuf, "DIR=", 4) == 0) {
+		char *gid_str;
 		dir = pbuf + 4;
 		gid_str = os_strstr(dir, " GROUP=");
-		if (gid_str) {
+		if (gid_str)
 			*gid_str = '\0';
-			gid_str += 7;
-		}
 	} else
 		dir = pbuf;
 
@@ -573,7 +572,7 @@
 
 	if (priv->sock > -1) {
 		char *fname;
-		char *buf, *dir = NULL, *gid_str = NULL;
+		char *buf, *dir = NULL;
 		eloop_unregister_read_sock(priv->sock);
 		if (!dl_list_empty(&priv->ctrl_dst)) {
 			/*
@@ -599,12 +598,11 @@
 		if (buf == NULL)
 			goto free_dst;
 		if (os_strncmp(buf, "DIR=", 4) == 0) {
+			char *gid_str;
 			dir = buf + 4;
 			gid_str = os_strstr(dir, " GROUP=");
-			if (gid_str) {
+			if (gid_str)
 				*gid_str = '\0';
-				gid_str += 7;
-			}
 		} else
 			dir = buf;
 
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index 5380b43..bfb33d5 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -1995,25 +1995,29 @@
 
 #ifdef CONFIG_TDLS
 
-static DBusMessage * get_peer_hwaddr_helper(DBusMessage *message,
-					    const char *func_name,
-					    u8 *peer_address)
+static int get_peer_hwaddr_helper(DBusMessage *message, const char *func_name,
+				  u8 *peer_address, DBusMessage **error)
 {
 	const char *peer_string;
 
+	*error = NULL;
+
 	if (!dbus_message_get_args(message, NULL,
 				   DBUS_TYPE_STRING, &peer_string,
-				   DBUS_TYPE_INVALID))
-		return wpas_dbus_error_invalid_args(message, NULL);
+				   DBUS_TYPE_INVALID)) {
+		*error = wpas_dbus_error_invalid_args(message, NULL);
+		return -1;
+	}
 
 	if (hwaddr_aton(peer_string, peer_address)) {
 		wpa_printf(MSG_DEBUG, "%s: invalid address '%s'",
 			   func_name, peer_string);
-		return wpas_dbus_error_invalid_args(
+		*error = wpas_dbus_error_invalid_args(
 			message, "Invalid hardware address format");
+		return -1;
 	}
 
-	return NULL;
+	return 0;
 }
 
 
@@ -2032,8 +2036,7 @@
 	DBusMessage *error_reply;
 	int ret;
 
-	error_reply = get_peer_hwaddr_helper(message, __func__, peer);
-	if (error_reply)
+	if (get_peer_hwaddr_helper(message, __func__, peer, &error_reply) < 0)
 		return error_reply;
 
 	wpa_printf(MSG_DEBUG, "DBUS TDLS_DISCOVER " MACSTR, MAC2STR(peer));
@@ -2067,8 +2070,7 @@
 	DBusMessage *error_reply;
 	int ret;
 
-	error_reply = get_peer_hwaddr_helper(message, __func__, peer);
-	if (error_reply)
+	if (get_peer_hwaddr_helper(message, __func__, peer, &error_reply) < 0)
 		return error_reply;
 
 	wpa_printf(MSG_DEBUG, "DBUS TDLS_SETUP " MACSTR, MAC2STR(peer));
@@ -2103,8 +2105,7 @@
 	DBusMessage *reply;
 	const char *tdls_status;
 
-	reply = get_peer_hwaddr_helper(message, __func__, peer);
-	if (reply)
+	if (get_peer_hwaddr_helper(message, __func__, peer, &reply) < 0)
 		return reply;
 
 	wpa_printf(MSG_DEBUG, "DBUS TDLS_STATUS " MACSTR, MAC2STR(peer));
@@ -2133,8 +2134,7 @@
 	DBusMessage *error_reply;
 	int ret;
 
-	error_reply = get_peer_hwaddr_helper(message, __func__, peer);
-	if (error_reply)
+	if (get_peer_hwaddr_helper(message, __func__, peer, &error_reply) < 0)
 		return error_reply;
 
 	wpa_printf(MSG_DEBUG, "DBUS TDLS_TEARDOWN " MACSTR, MAC2STR(peer));
diff --git a/wpa_supplicant/dbus/dbus_new_helpers.c b/wpa_supplicant/dbus/dbus_new_helpers.c
index e26086d..712bffc 100644
--- a/wpa_supplicant/dbus/dbus_new_helpers.c
+++ b/wpa_supplicant/dbus/dbus_new_helpers.c
@@ -840,7 +840,6 @@
 		return;
 	eloop_cancel_timeout(flush_object_timeout_handler, con, obj_desc);
 
-	dsc = obj_desc->properties;
 	for (dsc = obj_desc->properties, i = 0; dsc && dsc->dbus_property;
 	     dsc++, i++) {
 		if (obj_desc->prop_changed_flags == NULL ||
diff --git a/wpa_supplicant/gas_query.c b/wpa_supplicant/gas_query.c
index a63ee6c..aff1950 100644
--- a/wpa_supplicant/gas_query.c
+++ b/wpa_supplicant/gas_query.c
@@ -487,7 +487,10 @@
 	query->status_code = WPA_GET_LE16(pos);
 	pos += 2;
 
-	if (query->status_code != WLAN_STATUS_SUCCESS) {
+	if (query->status_code == WLAN_STATUS_QUERY_RESP_OUTSTANDING &&
+	    action == WLAN_PA_GAS_COMEBACK_RESP) {
+		wpa_printf(MSG_DEBUG, "GAS: Allow non-zero status for outstanding comeback response");
+	} else if (query->status_code != WLAN_STATUS_SUCCESS) {
 		wpa_printf(MSG_DEBUG, "GAS: Query to " MACSTR " dialog token "
 			   "%u failed - status code %u",
 			   MAC2STR(sa), dialog_token, query->status_code);
diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index 42fefb6..e3ad931 100644
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -978,10 +978,6 @@
 			goto fail;
 	}
 
-	if (cred->password && cred->password[0] &&
-	    wpa_config_set_quoted(ssid, "password", cred->password) < 0)
-		goto fail;
-
 	wpa_s->next_ssid = ssid;
 	wpa_config_update_prio_list(wpa_s->conf);
 	interworking_reconnect(wpa_s);
diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index 0619f6d..7db6eb6 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c
@@ -471,12 +471,11 @@
 
 	u8 i, j;
 
-	if (scan_res == NULL || num_neigh_rep == 0)
+	if (scan_res == NULL || num_neigh_rep == 0 || !wpa_s->current_bss)
 		return 0;
 
 	wpa_printf(MSG_DEBUG, "WNM: Current BSS " MACSTR " RSSI %d",
-		   MAC2STR(wpa_s->bssid),
-		   wpa_s->current_bss ? wpa_s->current_bss->level : 0);
+		   MAC2STR(wpa_s->bssid), wpa_s->current_bss->level);
 
 	for (i = 0; i < num_neigh_rep; i++) {
 		for (j = 0; j < scan_res->num; j++) {