Cumulative patch from commit 6280df31bbbd015cb857630868a49c373325ba10
6280df3 Include CONTRIBUTIONS file in the release tarballs
b63b9a7 Change version information for the 2.2 release
6a98f67 ChangeLog entries for v2.2
d4b951f Fix offchannel TX not to retransmit pending frame on callback
95b6bca Add rsn_pairwise bits to set_ieee8021x() driver_ops
95f6f6a RADIUS/EAP server: Use longer username buffer to avoid truncation
5dff6df Fix off-by-one bounds checking in printf_encode()
Change-Id: I531fbbb2111da96174b89fd99507716df25bb1e6
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 5ef9676..9de9438 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -1,5 +1,92 @@
ChangeLog for hostapd
+2014-06-04 - v2.2
+ * fixed SAE confirm-before-commit validation to avoid a potential
+ segmentation fault in an unexpected message sequence that could be
+ triggered remotely
+ * extended VHT support
+ - Operating Mode Notification
+ - Power Constraint element (local_pwr_constraint)
+ - Spectrum management capability (spectrum_mgmt_required=1)
+ - fix VHT80 segment picking in ACS
+ - fix vht_capab 'Maximum A-MPDU Length Exponent' handling
+ - fix VHT20
+ * fixed HT40 co-ex scan for some pri/sec channel switches
+ * extended HT40 co-ex support to allow dynamic channel width changes
+ during the lifetime of the BSS
+ * fixed HT40 co-ex support to check for overlapping 20 MHz BSS
+ * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
+ this fixes password with include UTF-8 characters that use
+ three-byte encoding EAP methods that use NtPasswordHash
+ * reverted TLS certificate validation step change in v2.1 that rejected
+ any AAA server certificate with id-kp-clientAuth even if
+ id-kp-serverAuth EKU was included
+ * fixed STA validation step for WPS ER commands to prevent a potential
+ crash if an ER sends an unexpected PutWLANResponse to a station that
+ is disassociated, but not fully removed
+ * enforce full EAP authentication after RADIUS Disconnect-Request by
+ removing the PMKSA cache entry
+ * added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address
+ in RADIUS Disconnect-Request
+ * added mechanism for removing addresses for MAC ACLs by prefixing an
+ entry with "-"
+ * Interworking/Hotspot 2.0 enhancements
+ - support Hotspot 2.0 Release 2
+ * OSEN network for online signup connection
+ * subscription remediation (based on RADIUS server request or
+ control interface HS20_WNM_NOTIF for testing purposes)
+ * Hotspot 2.0 release number indication in WFA RADIUS VSA
+ * deauthentication request (based on RADIUS server request or
+ control interface WNM_DEAUTH_REQ for testing purposes)
+ * Session Info URL RADIUS AVP to trigger ESS Disassociation Imminent
+ * hs20_icon config parameter to configure icon files for OSU
+ * osu_* config parameters for OSU Providers list
+ - do not use Interworking filtering rules on Probe Request if
+ Interworking is disabled to avoid interop issues
+ * added/fixed nl80211 functionality
+ - AP interface teardown optimization
+ - support vendor specific driver command
+ (VENDOR <vendor id> <sub command id> [<hex formatted data>])
+ * fixed PMF protection of Deauthentication frame when this is triggered
+ by session timeout
+ * internal TLS implementation enhancements/fixes
+ - add SHA256-based cipher suites
+ - add DHE-RSA cipher suites
+ - fix X.509 validation of PKCS#1 signature to check for extra data
+ * RADIUS server functionality
+ - add minimal RADIUS accounting server support (hostapd-as-server);
+ this is mainly to enable testing coverage with hwsim scripts
+ - allow authentication log to be written into SQLite databse
+ - added option for TLS protocol testing of an EAP peer by simulating
+ various misbehaviors/known attacks
+ - MAC ACL support for testing purposes
+ * fixed PTK derivation for CCMP-256 and GCMP-256
+ * extended WPS per-station PSK to support ER case
+ * added option to configure the management group cipher
+ (group_mgmt_cipher=AES-128-CMAC (default), BIP-GMAC-128, BIP-GMAC-256,
+ BIP-CMAC-256)
+ * fixed AP mode default TXOP Limit values for AC_VI and AC_VO (these
+ were rounded incorrectly)
+ * added support for postponing FT response in case PMK-R1 needs to be
+ pulled from R0KH
+ * added option to advertise 40 MHz intolerant HT capability with
+ ht_capab=[40-INTOLERANT]
+ * remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled
+ whenever CONFIG_WPS=y is set
+ * EAP-pwd fixes
+ - fix possible segmentation fault on EAP method deinit if an invalid
+ group is negotiated
+ * fixed RADIUS client retransmit/failover behavior
+ - there was a potential ctash due to freed memory being accessed
+ - failover to a backup server mechanism did not work properly
+ * fixed a possible crash on double DISABLE command when multiple BSSes
+ are enabled
+ * fixed a memory leak in SAE random number generation
+ * fixed GTK rekeying when the station uses FT protocol
+ * fixed off-by-one bounds checking in printf_encode()
+ - this could result in deinial of service in some EAP server cases
+ * various bug fixes
+
2014-02-04 - v2.1
* added support for simultaneous authentication of equals (SAE) for
stronger password-based authentication with WPA2-Personal
diff --git a/src/ap/ap_drv_ops.c b/src/ap/ap_drv_ops.c
index 6d3ae5a..cc4ac10 100644
--- a/src/ap/ap_drv_ops.c
+++ b/src/ap/ap_drv_ops.c
@@ -280,7 +280,8 @@
params.wpa = hapd->conf->wpa;
params.ieee802_1x = hapd->conf->ieee802_1x;
params.wpa_group = hapd->conf->wpa_group;
- params.wpa_pairwise = hapd->conf->wpa_pairwise;
+ params.wpa_pairwise = hapd->conf->wpa_pairwise |
+ hapd->conf->rsn_pairwise;
params.wpa_key_mgmt = hapd->conf->wpa_key_mgmt;
params.rsn_preauth = hapd->conf->rsn_preauth;
#ifdef CONFIG_IEEE80211W
diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index 27525dc..2a4acf2 100644
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -882,8 +882,8 @@
params->basic_rates = hapd->iface->basic_rates;
params->ssid = hapd->conf->ssid.ssid;
params->ssid_len = hapd->conf->ssid.ssid_len;
- params->pairwise_ciphers = hapd->conf->rsn_pairwise ?
- hapd->conf->rsn_pairwise : hapd->conf->wpa_pairwise;
+ params->pairwise_ciphers = hapd->conf->wpa_pairwise |
+ hapd->conf->rsn_pairwise;
params->group_cipher = hapd->conf->wpa_group;
params->key_mgmt_suites = hapd->conf->wpa_key_mgmt;
params->auth_algs = hapd->conf->auth_algs;
diff --git a/src/common/version.h b/src/common/version.h
index fb3b4f5..340afc7 100644
--- a/src/common/version.h
+++ b/src/common/version.h
@@ -5,6 +5,6 @@
#define VERSION_STR_POSTFIX ""
#endif /* VERSION_STR_POSTFIX */
-#define VERSION_STR "2.2-devel" VERSION_STR_POSTFIX
+#define VERSION_STR "2.2" VERSION_STR_POSTFIX
#endif /* VERSION_H */
diff --git a/src/eap_server/eap_server_identity.c b/src/eap_server/eap_server_identity.c
index b3c2087..4501533 100644
--- a/src/eap_server/eap_server_identity.c
+++ b/src/eap_server/eap_server_identity.c
@@ -120,9 +120,9 @@
return; /* Should not happen - frame already validated */
wpa_hexdump_ascii(MSG_DEBUG, "EAP-Identity: Peer identity", pos, len);
- buf = os_malloc(len * 3 + 1);
+ buf = os_malloc(len * 4 + 1);
if (buf) {
- printf_encode(buf, len * 3 + 1, pos, len);
+ printf_encode(buf, len * 4 + 1, pos, len);
eap_log_msg(sm, "EAP-Response/Identity '%s'", buf);
os_free(buf);
}
diff --git a/src/eap_server/eap_server_mschapv2.c b/src/eap_server/eap_server_mschapv2.c
index 790c719..0eb7908 100644
--- a/src/eap_server/eap_server_mschapv2.c
+++ b/src/eap_server/eap_server_mschapv2.c
@@ -330,9 +330,9 @@
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
- buf = os_malloc(name_len * 3 + 1);
+ buf = os_malloc(name_len * 4 + 1);
if (buf) {
- printf_encode(buf, name_len * 3 + 1, name, name_len);
+ printf_encode(buf, name_len * 4 + 1, name, name_len);
eap_log_msg(sm, "EAP-MSCHAPV2 Name '%s'", buf);
os_free(buf);
}
diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c
index 24225a4..d09a769 100644
--- a/src/eap_server/eap_server_ttls.c
+++ b/src/eap_server/eap_server_ttls.c
@@ -985,9 +985,9 @@
if (parse.user_name) {
char *nbuf;
- nbuf = os_malloc(parse.user_name_len * 3 + 1);
+ nbuf = os_malloc(parse.user_name_len * 4 + 1);
if (nbuf) {
- printf_encode(nbuf, parse.user_name_len * 3 + 1,
+ printf_encode(nbuf, parse.user_name_len * 4 + 1,
parse.user_name,
parse.user_name_len);
eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf);
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 78c9961..c35ba55 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -639,12 +639,12 @@
sess->accept_attr = tmp.accept_attr;
sess->macacl = tmp.macacl;
- sess->username = os_malloc(user_len * 2 + 1);
+ sess->username = os_malloc(user_len * 4 + 1);
if (sess->username == NULL) {
radius_server_session_free(data, sess);
return NULL;
}
- printf_encode(sess->username, user_len * 2 + 1, user, user_len);
+ printf_encode(sess->username, user_len * 4 + 1, user, user_len);
sess->nas_ip = os_strdup(from_addr);
if (sess->nas_ip == NULL) {
diff --git a/src/utils/common.c b/src/utils/common.c
index 39751d4..7dc4797 100644
--- a/src/utils/common.c
+++ b/src/utils/common.c
@@ -350,7 +350,7 @@
size_t i;
for (i = 0; i < len; i++) {
- if (txt + 4 > end)
+ if (txt + 4 >= end)
break;
switch (data[i]) {
diff --git a/src/utils/utils_module_tests.c b/src/utils/utils_module_tests.c
index 75b169e..9a9ec40 100644
--- a/src/utils/utils_module_tests.c
+++ b/src/utils/utils_module_tests.c
@@ -67,6 +67,23 @@
}
}
+ buf[5] = 'A';
+ printf_encode(buf, 5, (const u8 *) "abcde", 5);
+ if (buf[5] != 'A') {
+ wpa_printf(MSG_ERROR, "Error in bounds checking#1");
+ errors++;
+ }
+
+ for (i = 5; i < 10; i++) {
+ buf[i] = 'A';
+ printf_encode(buf, i, (const u8 *) "\xdd\xdd\xdd\xdd\xdd", 5);
+ if (buf[i] != 'A') {
+ wpa_printf(MSG_ERROR, "Error in bounds checking#2(%d)",
+ i);
+ errors++;
+ }
+ }
+
if (errors) {
wpa_printf(MSG_ERROR, "%d printf test(s) failed", errors);
return -1;
diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index e40cf91..5558a5e 100644
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -1,5 +1,125 @@
ChangeLog for wpa_supplicant
+2014-06-04 - v2.2
+ * added DFS indicator to get_capability freq
+ * added/fixed nl80211 functionality
+ - BSSID/frequency hint for driver-based BSS selection
+ - fix tearing down WDS STA interfaces
+ - support vendor specific driver command
+ (VENDOR <vendor id> <sub command id> [<hex formatted data>])
+ - GO interface teardown optimization
+ - allow beacon interval to be configured for IBSS
+ - add SHA256-based AKM suites to CONNECT/ASSOCIATE commands
+ * removed unused NFC_RX_HANDOVER_REQ and NFC_RX_HANDOVER_SEL control
+ interface commands (the more generic NFC_REPORT_HANDOVER is now used)
+ * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
+ this fixes password with include UTF-8 characters that use
+ three-byte encoding EAP methods that use NtPasswordHash
+ * fixed couple of sequencies where radio work items could get stuck,
+ e.g., when rfkill blocking happens during scanning or when
+ scan-for-auth workaround is used
+ * P2P enhancements/fixes
+ - enable enable U-APSD on GO automatically if the driver indicates
+ support for this
+ - fixed some service discovery cases with broadcast queries not being
+ sent to all stations
+ - fixed Probe Request frame triggering invitation to trigger only a
+ single invitation instance even if multiple Probe Request frames are
+ received
+ - fixed a potential NULL pointer dereference crash when processing an
+ invalid Invitation Request frame
+ - add optional configuration file for the P2P_DEVICE parameters
+ - optimize scan for GO during persistent group invocation
+ - fix possible segmentation fault when PBC overlap is detected while
+ using a separate P2P group interface
+ - improve GO Negotiation robustness by allowing GO Negotiation
+ Confirmation to be retransmitted
+ - do use freed memory on device found event when P2P NFC
+ * added phase1 network parameter options for disabling TLS v1.1 and v1.2
+ to allow workarounds with misbehaving AAA servers
+ (tls_disable_tlsv1_1=1 and tls_disable_tlsv1_2=1)
+ * added support for OCSP stapling to validate AAA server certificate
+ during TLS exchange
+ * Interworking/Hotspot 2.0 enhancements
+ - prefer the last added network in Interworking connection to make the
+ behavior more consistent with likely user expectation
+ - roaming partner configuration (roaming_partner within a cred block)
+ - support Hotspot 2.0 Release 2
+ * "hs20_anqp_get <BSSID> 8" to request OSU Providers list
+ * "hs20_icon_request <BSSID> <icon filename>" to request icon files
+ * "fetch_osu" and "cancel_osu_fetch" to start/stop full OSU provider
+ search (all suitable APs in scan results)
+ * OSEN network for online signup connection
+ * min_{dl,ul}_bandwidth_{home,roaming} cred parameters
+ * max_bss_load cred parameter
+ * req_conn_capab cred parameter
+ * sp_priority cred parameter
+ * ocsp cred parameter
+ * slow down automatic connection attempts on EAP failure to meet
+ required behavior (no more than 10 retries within a 10-minute
+ interval)
+ * sample implementation of online signup client (both SPP and
+ OMA-DM protocols) (hs20/client/*)
+ - fixed GAS indication for additional comeback delay with status
+ code 95
+ - extend ANQP_GET to accept Hotspot 2.0 subtypes
+ ANQP_GET <addr> <info id>[,<info id>]...
+ [,hs20:<subtype>][...,hs20:<subtype>]
+ - add control interface events CRED-ADDED <id>,
+ CRED-MODIFIED <id> <field>, CRED-REMOVED <id>
+ - add "GET_CRED <id> <field>" command
+ - enable FT for the connection automatically if the AP advertises
+ support for this
+ - fix a case where auto_interworking=1 could end up stopping scanning
+ * fixed TDLS interoperability issues with supported operating class in
+ some deployed stations
+ * internal TLS implementation enhancements/fixes
+ - add SHA256-based cipher suites
+ - add DHE-RSA cipher suites
+ - fix X.509 validation of PKCS#1 signature to check for extra data
+ * fixed PTK derivation for CCMP-256 and GCMP-256
+ * added "reattach" command for fast reassociate-back-to-same-BSS
+ * allow PMF to be enabled for AP mode operation with the ieee80211w
+ parameter
+ * added "get_capability tdls" command
+ * added option to set config blobs through control interface with
+ "SET blob <name> <hexdump>"
+ * D-Bus interface extensions/fixes
+ - make p2p_no_group_iface configurable
+ - declare ServiceDiscoveryRequest method properly
+ - export peer's device address as a property
+ - make reassociate command behave like the control interface one,
+ i.e., to allow connection from disconnected state
+ * added optional "freq=<channel ranges>" parameter to SET pno
+ * added optional "freq=<channel ranges>" parameter to SELECT_NETWORK
+ * fixed OBSS scan result processing for 20/40 MHz co-ex report
+ * remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled
+ whenever CONFIG_WPS=y is set
+ * fixed regression in parsing of WNM Sleep Mode exit key data
+ * fixed potential segmentation fault and memory leaks in WNM neighbor
+ report processing
+ * EAP-pwd fixes
+ - fragmentation of PWD-Confirm-Resp
+ - fix memory leak when fragmentation is used
+ - fix possible segmentation fault on EAP method deinit if an invalid
+ group is negotiated
+ * added MACsec/IEEE Std 802.1X-2010 PAE implementation (currently
+ available only with the macsec_qca driver wrapper)
+ * fixed EAP-SIM counter-too-small message
+ * added 'dup_network <id_s> <id_d> <name>' command; this can be used to
+ clone the psk field without having toextract it from wpa_supplicant
+ * fixed GSM authentication on USIM
+ * added support for usin epoll in eloop (CONFIG_ELOOP_EPOLL=y)
+ * fixed some concurrent virtual interface cases with dedicated P2P
+ management interface to not catch events from removed interface (this
+ could result in the management interface getting disabled)
+ * fixed a memory leak in SAE random number generation
+ * fixed off-by-one bounds checking in printf_encode()
+ - this could result in some control interface ATTACH command cases
+ terminating wpa_supplicant
+ * fixed EAPOL-Key exchange when GCMP is used with SHA256-based AKM
+ * various bug fixes
+
2014-02-04 - v2.1
* added support for simultaneous authentication of equals (SAE) for
stronger password-based authentication with WPA2-Personal
diff --git a/wpa_supplicant/offchannel.c b/wpa_supplicant/offchannel.c
index 40cbea1..77683b6 100644
--- a/wpa_supplicant/offchannel.c
+++ b/wpa_supplicant/offchannel.c
@@ -55,11 +55,12 @@
without_roc = wpa_s->pending_action_without_roc;
wpa_s->pending_action_without_roc = 0;
- wpa_printf(MSG_DEBUG, "Off-channel: Send Action callback "
- "(without_roc=%d pending_action_tx=%p)",
- without_roc, wpa_s->pending_action_tx);
+ wpa_printf(MSG_DEBUG,
+ "Off-channel: Send Action callback (without_roc=%d pending_action_tx=%p pending_action_tx_done=%d)",
+ without_roc, wpa_s->pending_action_tx,
+ !!wpa_s->pending_action_tx_done);
- if (wpa_s->pending_action_tx == NULL)
+ if (wpa_s->pending_action_tx == NULL || wpa_s->pending_action_tx_done)
return;
/*
@@ -235,6 +236,7 @@
MAC2STR(wpa_s->pending_action_dst));
wpabuf_free(wpa_s->pending_action_tx);
}
+ wpa_s->pending_action_tx_done = 0;
wpa_s->pending_action_tx = wpabuf_alloc(len);
if (wpa_s->pending_action_tx == NULL) {
wpa_printf(MSG_DEBUG, "Off-channel: Failed to allocate Action "
@@ -251,18 +253,22 @@
if (freq != 0 && wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) {
struct wpa_supplicant *iface;
+ int ret;
iface = wpas_get_tx_interface(wpa_s,
wpa_s->pending_action_src);
wpa_s->action_tx_wait_time = wait_time;
- return wpa_drv_send_action(
+ ret = wpa_drv_send_action(
iface, wpa_s->pending_action_freq,
wait_time, wpa_s->pending_action_dst,
wpa_s->pending_action_src, wpa_s->pending_action_bssid,
wpabuf_head(wpa_s->pending_action_tx),
wpabuf_len(wpa_s->pending_action_tx),
wpa_s->pending_action_no_cck);
+ if (ret == 0)
+ wpa_s->pending_action_tx_done = 1;
+ return ret;
}
if (freq) {
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 3ae439d..a83c8cd 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -654,6 +654,7 @@
unsigned int pending_action_freq;
int pending_action_no_cck;
int pending_action_without_roc;
+ unsigned int pending_action_tx_done:1;
void (*pending_action_tx_status_cb)(struct wpa_supplicant *wpa_s,
unsigned int freq, const u8 *dst,
const u8 *src, const u8 *bssid,