Cumulative security patch from commit ca68a8b561c48393c8ba25055ce294caaa3ac008 ca68a8b WPS: Explicitly reject Public Key attribute with unexpected length 6b94f71 WPS: Truncate variable length string attributes to maximum length f4b64c6 Simplify VHT Operation element parsing d6fefd6 Simplify HT Operation element parsing 40baac0 Simplify VHT Capabilities element parsing baae4cb Simplify HT Capabilities element parsing b39a059 Simplify Timeout Interval element parsing e8997b9 Simplify ERP element parsing f87c99c Simplify DSSS Parameter Set element parsing ae7a42b FT: Check FT, MD, and Timeout Interval length in the parser c9bf7b6 Fix a memory leak on mesh_attr_text() error path 2531036 FT: Fix WMM TSPEC validation in driver-based AP MLME case 632931c P2P: Use WPS_SEC_DEV_TYPE_MAX_LEN in P2P array definition 0f5acfb Use common is_ctrl_char() helper function 5a041ac WPS: Ignore too long SSID attribute d6c3067 Replace SSID_LEN with SSID_MAX_LEN eaa8eef Replace MAX_SSID_LEN with SSID_MAX_LEN 81847c2 Replace HOSTAPD_MAX_SSID_LEN with SSID_MAX_LEN 6fb761c Replace WPA_MAX_SSID_LEN with SSID_MAX_LEN d9d1b95 Use SSID_MAX_LEN define instead of value 32 when comparing SSID length 65b1025 WPS: Ignore too long Device Name attribute cc6f243 Add WPS_DEV_NAME_MAX_LEN define and use it when comparing length dd3d857 P2PS: Check for maximum SSID length in Persistent Group Info 05e46a9 Ignore too long SSID element value in parser 90758f0 Mark QCA vendor command id 53 reserved, but not used anymore f41ded6 Remove unused leftover from multi-SSID design cb71a83 OpenSSL: Clean up TLS PRF implementation 7f90a23 Add QCA vendor subcmd for OCB 897418a eap_example: Fix configuration by added DH parameters Change-Id: If688231edfce41163ef0c1f0ad75291a9bdfbe81 Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

commit: 9d9e60286e05ae45025b672636490bd12586138d [log] [tgz]
author: Dmitry Shmidt <dimitrysh@google.com> Thu Apr 23 10:34:55 2015 -0700
committer: Dmitry Shmidt <dimitrysh@google.com> Thu Apr 23 10:40:14 2015 -0700
tree: a9bb889080996ca5fd8272b6fff7f2c3abb3ce06
parent: 8347444e0bfb85e4550817fc99903f38ce8f5bcc [diff]
diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index b4c47e2..46ed5aa 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c

@@ -652,7 +652,7 @@
 			MACSTR, MAC2STR(res->bssid));
 		return;
 	}
-	if (ssid[1] > 32) {
+	if (ssid[1] > SSID_MAX_LEN) {
 		wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Too long SSID IE included for "
 			MACSTR, MAC2STR(res->bssid));
 		return;
@@ -679,7 +679,7 @@
 	 * (to save memory) */
 
 	mesh = wpa_scan_get_ie(res, WLAN_EID_MESH_ID);
-	if (mesh && mesh[1] <= 32)
+	if (mesh && mesh[1] <= SSID_MAX_LEN)
 		ssid = mesh;
 
 	bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]);

diff --git a/wpa_supplicant/bss.h b/wpa_supplicant/bss.h
index 634aa3c..b215380 100644
--- a/wpa_supplicant/bss.h
+++ b/wpa_supplicant/bss.h

@@ -69,7 +69,7 @@
 	/** HESSID */
 	u8 hessid[ETH_ALEN];
 	/** SSID */
-	u8 ssid[32];
+	u8 ssid[SSID_MAX_LEN];
 	/** Length of SSID */
 	size_t ssid_len;
 	/** Frequency of the channel in MHz (e.g., 2412 = channel 1) */

diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index fb539cc..e1f4883 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c

@@ -1814,7 +1814,7 @@
  * functions.
  */
 static const struct parse_data ssid_fields[] = {
-	{ STR_RANGE(ssid, 0, MAX_SSID_LEN) },
+	{ STR_RANGE(ssid, 0, SSID_MAX_LEN) },
 	{ INT_RANGE(scan_ssid, 0, 1) },
 	{ FUNC(bssid) },
 	{ FUNC(bssid_blacklist) },
@@ -2956,7 +2956,7 @@
 	if (os_strcmp(var, "excluded_ssid") == 0) {
 		struct excluded_ssid *e;
 
-		if (len > MAX_SSID_LEN) {
+		if (len > SSID_MAX_LEN) {
 			wpa_printf(MSG_ERROR, "Line %d: invalid "
 				   "excluded_ssid length %d", line, (int) len);
 			os_free(val);
@@ -4141,7 +4141,8 @@
 	{ FUNC_NO_VAR(load_dynamic_eap), 0 },
 #ifdef CONFIG_WPS
 	{ FUNC(uuid), CFG_CHANGED_UUID },
-	{ STR_RANGE(device_name, 0, 32), CFG_CHANGED_DEVICE_NAME },
+	{ STR_RANGE(device_name, 0, WPS_DEV_NAME_MAX_LEN),
+	  CFG_CHANGED_DEVICE_NAME },
 	{ STR_RANGE(manufacturer, 0, 64), CFG_CHANGED_WPS_STRING },
 	{ STR_RANGE(model_name, 0, 32), CFG_CHANGED_WPS_STRING },
 	{ STR_RANGE(model_number, 0, 32), CFG_CHANGED_WPS_STRING },

diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index 34b754e..16681fd 100644
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h

@@ -37,6 +37,7 @@
 
 #include "config_ssid.h"
 #include "wps/wps.h"
+#include "common/ieee802_11_defs.h"
 #include "common/ieee802_11_common.h"
 
 
@@ -241,7 +242,7 @@
 	char *phase2;
 
 	struct excluded_ssid {
-		u8 ssid[MAX_SSID_LEN];
+		u8 ssid[SSID_MAX_LEN];
 		size_t ssid_len;
 	} *excluded_ssid;
 	size_t num_excluded_ssid;

diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 23a37cc..dbb5a47 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h

@@ -13,8 +13,6 @@
 #include "utils/list.h"
 #include "eap_peer/eap_config.h"
 
-#define MAX_SSID_LEN 32
-
 
 #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
 #define DEFAULT_EAPOL_FLAGS (EAPOL_FLAG_REQUIRE_KEY_UNICAST | \

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index d48ac8a..a6aafee 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c

@@ -153,7 +153,8 @@
 			}
 			ssid = ns;
 
-			if ((end - pos) & 0x01 || end - pos > 2 * 32 ||
+			if ((end - pos) & 0x01 ||
+			    end - pos > 2 * SSID_MAX_LEN ||
 			    hexstr2bin(pos, ssid[ssid_count].ssid,
 				       (end - pos) / 2) < 0) {
 				os_free(ssid);
@@ -1728,7 +1729,7 @@
 		if (ssid) {
 			u8 *_ssid = ssid->ssid;
 			size_t ssid_len = ssid->ssid_len;
-			u8 ssid_buf[MAX_SSID_LEN];
+			u8 ssid_buf[SSID_MAX_LEN];
 			if (ssid_len == 0) {
 				int _res = wpa_drv_get_ssid(wpa_s, ssid_buf);
 				if (_res < 0)
@@ -7706,7 +7707,7 @@
 
 	if (os_strncmp(cmd, " ssid=", 6) == 0) {
 		ssid.ssid_len = os_strlen(cmd + 6);
-		if (ssid.ssid_len > 32)
+		if (ssid.ssid_len > SSID_MAX_LEN)
 			return -1;
 		ssid.ssid = (u8 *) (cmd + 6);
 		ssid_p = &ssid;

diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index 66ee32f..d695d1b 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c

@@ -1034,10 +1034,10 @@
 
 		dbus_message_iter_get_fixed_array(&sub_array_iter, &val, &len);
 
-		if (len > MAX_SSID_LEN) {
+		if (len > SSID_MAX_LEN) {
 			wpa_printf(MSG_DEBUG,
 				   "%s[dbus]: SSID too long (len=%d max_len=%d)",
-				   __func__, len, MAX_SSID_LEN);
+				   __func__, len, SSID_MAX_LEN);
 			*reply = wpas_dbus_error_invalid_args(
 				message, "Invalid SSID: too long");
 			return -1;

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index fc70035..49faadc 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c

@@ -158,7 +158,7 @@
 static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s)
 {
 	struct wpa_ssid *ssid, *old_ssid;
-	u8 drv_ssid[MAX_SSID_LEN];
+	u8 drv_ssid[SSID_MAX_LEN];
 	size_t drv_ssid_len;
 	int res;
 

diff --git a/wpa_supplicant/hs20_supplicant.c b/wpa_supplicant/hs20_supplicant.c
index b9cd681..98af530 100644
--- a/wpa_supplicant/hs20_supplicant.c
+++ b/wpa_supplicant/hs20_supplicant.c

@@ -46,7 +46,7 @@
 
 struct osu_provider {
 	u8 bssid[ETH_ALEN];
-	u8 osu_ssid[32];
+	u8 osu_ssid[SSID_MAX_LEN];
 	u8 osu_ssid_len;
 	char server_uri[256];
 	u32 osu_methods; /* bit 0 = OMA-DM, bit 1 = SOAP-XML SPP */
@@ -822,7 +822,7 @@
 			continue;
 		}
 		osu_ssid_len = *pos++;
-		if (osu_ssid_len > 32) {
+		if (osu_ssid_len > SSID_MAX_LEN) {
 			wpa_printf(MSG_DEBUG, "HS 2.0: Invalid OSU SSID "
 				   "Length %u", osu_ssid_len);
 			continue;

diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
index 33b4af3..ca012e2 100644
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c

@@ -453,22 +453,23 @@
 		ret = os_snprintf(pos, end - pos, "bss_basic_rate_set=%d",
 				  bss_basic_rate_set[0]);
 		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
+			goto fail;
 		pos += ret;
 
 		for (i = 1; i < bss_basic_rate_set_len; i++) {
 			ret = os_snprintf(pos, end - pos, " %d",
 					  bss_basic_rate_set[i]);
 			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
+				goto fail;
 			pos += ret;
 		}
 
 		ret = os_snprintf(pos, end - pos, "\n");
 		if (os_snprintf_error(end - pos, ret))
-			return pos - buf;
+			goto fail;
 		pos += ret;
 	}
+fail:
 	os_free(bss_basic_rate_set);
 
 	return pos - buf;

diff --git a/wpa_supplicant/mesh_mpm.c b/wpa_supplicant/mesh_mpm.c
index 1d6f2be..b29b5ff 100644
--- a/wpa_supplicant/mesh_mpm.c
+++ b/wpa_supplicant/mesh_mpm.c

@@ -551,8 +551,7 @@
 	mesh_mpm_init_link(wpa_s, sta);
 
 #ifdef CONFIG_IEEE80211N
-	copy_sta_ht_capab(data, sta, elems->ht_capabilities,
-			elems->ht_capabilities_len);
+	copy_sta_ht_capab(data, sta, elems->ht_capabilities);
 	update_ht_state(data, sta);
 #endif /* CONFIG_IEEE80211N */
 

diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index 5fe4618..9fbc532 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c

@@ -967,12 +967,12 @@
 		res = os_snprintf(cmd, sizeof(cmd), "WPS_REG %s %s",
 				  argv[0], argv[1]);
 	else if (argc == 5 || argc == 6) {
-		char ssid_hex[2 * 32 + 1];
+		char ssid_hex[2 * SSID_MAX_LEN + 1];
 		char key_hex[2 * 64 + 1];
 		int i;
 
 		ssid_hex[0] = '\0';
-		for (i = 0; i < 32; i++) {
+		for (i = 0; i < SSID_MAX_LEN; i++) {
 			if (argv[2][i] == '\0')
 				break;
 			os_snprintf(&ssid_hex[i * 2], 3, "%02x", argv[2][i]);
@@ -1096,12 +1096,12 @@
 	int res;
 
 	if (argc == 5 || argc == 6) {
-		char ssid_hex[2 * 32 + 1];
+		char ssid_hex[2 * SSID_MAX_LEN + 1];
 		char key_hex[2 * 64 + 1];
 		int i;
 
 		ssid_hex[0] = '\0';
-		for (i = 0; i < 32; i++) {
+		for (i = 0; i < SSID_MAX_LEN; i++) {
 			if (argv[2][i] == '\0')
 				break;
 			os_snprintf(&ssid_hex[i * 2], 3, "%02x", argv[2][i]);

diff --git a/wpa_supplicant/wpa_priv.c b/wpa_supplicant/wpa_priv.c
index ac38d69..6bd60b9 100644
--- a/wpa_supplicant/wpa_priv.c
+++ b/wpa_supplicant/wpa_priv.c

@@ -199,7 +199,7 @@
 	if (bssid[0] | bssid[1] | bssid[2] | bssid[3] | bssid[4] | bssid[5])
 		params.bssid = bssid;
 	params.ssid = assoc->ssid;
-	if (assoc->ssid_len > 32)
+	if (assoc->ssid_len > SSID_MAX_LEN)
 		return;
 	params.ssid_len = assoc->ssid_len;
 	params.freq.mode = assoc->hwmode;
@@ -244,7 +244,7 @@
 static void wpa_priv_cmd_get_ssid(struct wpa_priv_interface *iface,
 				  struct sockaddr_un *from)
 {
-	u8 ssid[sizeof(int) + 32];
+	u8 ssid[sizeof(int) + SSID_MAX_LEN];
 	int res;
 
 	if (iface->drv_priv == NULL)
@@ -254,7 +254,7 @@
 		goto fail;
 
 	res = iface->driver->get_ssid(iface->drv_priv, &ssid[sizeof(int)]);
-	if (res < 0 || res > 32)
+	if (res < 0 || res > SSID_MAX_LEN)
 		goto fail;
 	os_memcpy(ssid, &res, sizeof(int));
 

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 2ba9c38..b96fd8e 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c

@@ -2872,7 +2872,7 @@
 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
 {
 	struct wpa_ssid *entry;
-	u8 ssid[MAX_SSID_LEN];
+	u8 ssid[SSID_MAX_LEN];
 	int res;
 	size_t ssid_len;
 	u8 bssid[ETH_ALEN];

diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 2d517f1..1b9753c 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h

@@ -369,7 +369,7 @@
 };
 
 struct wpa_ssid_value {
-	u8 ssid[32];
+	u8 ssid[SSID_MAX_LEN];
 	size_t ssid_len;
 };
 
@@ -662,7 +662,7 @@
 
 #ifdef CONFIG_SME
 	struct {
-		u8 ssid[32];
+		u8 ssid[SSID_MAX_LEN];
 		size_t ssid_len;
 		int freq;
 		u8 assoc_req_ie[200];
@@ -768,7 +768,7 @@
 	u8 pending_join_iface_addr[ETH_ALEN];
 	u8 pending_join_dev_addr[ETH_ALEN];
 	int pending_join_wps_method;
-	u8 p2p_join_ssid[32];
+	u8 p2p_join_ssid[SSID_MAX_LEN];
 	size_t p2p_join_ssid_len;
 	int p2p_join_scan_count;
 	int auto_pd_scan_retry;

diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index eabe986..52594a1 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c

@@ -1910,7 +1910,7 @@
 				    struct wps_credential *cred)
 {
 	os_memset(cred, 0, sizeof(*cred));
-	if (ssid->ssid_len > 32)
+	if (ssid->ssid_len > SSID_MAX_LEN)
 		return -1;
 	os_memcpy(cred->ssid, ssid->ssid, ssid->ssid_len);
 	cred->ssid_len = ssid->ssid_len;
commit	9d9e60286e05ae45025b672636490bd12586138d	[log] [tgz]
author	Dmitry Shmidt <dimitrysh@google.com>	Thu Apr 23 10:34:55 2015 -0700
committer	Dmitry Shmidt <dimitrysh@google.com>	Thu Apr 23 10:40:14 2015 -0700
tree	a9bb889080996ca5fd8272b6fff7f2c3abb3ce06
parent	8347444e0bfb85e4550817fc99903f38ce8f5bcc [diff]