Cumulative security patch from commit 58606fd98722e92aaa4c2c7b8cb99cc92bd4308c
58606fd EAP-pwd server: Make sure in_frag_pos is cleared to zero on allocation
6aa5d95 EAP-pwd peer: Make sure in_frag_pos is cleared to zero on allocation
28a069a EAP-pwd peer: Fix asymmetric fragmentation behavior
3035cc2 EAP-pwd server: Fix Total-Length parsing for fragment reassembly
477c743 EAP-pwd peer: Fix Total-Length parsing for fragment reassembly
e28a58b EAP-pwd server: Fix payload length validation for Commit and Confirm
dd2f043 EAP-pwd peer: Fix payload length validation for Commit and Confirm
ef566a4 AP WMM: Fix integer underflow in WMM Action frame parser
8640cf7 WPS: Add more debug prints to httpread
1bd0d57 WPS: Replace the httpread_debug design with standard debug prints
7da4f4b WPS: Check maximum HTTP body length earlier in the process
af185d0 WPS: Extra validation step for HTTP reader
5acd23f WPS: Fix HTTP chunked transfer encoding parser
a5da657 dbus: Stop ongoing scheduled scan when scan is requested
0c28071 Fix sending ANQP request to an unknown BSS while associated
74197e0 wpa_cli: Fix memory leak when tracking networks
4504621 TDLS: Add TDLS_LINK_STATUS command to the control interface
01e87ef IBSS: Check ibss_rsn init before starting new IBSS authentication
74d912f libtommath: Fix check mp_init_multi() result
fd66aa6 Check Public Action length explicitly before reading Action Code
ff4a6d4 EAP-SIM/AKA: Explicitly check for header to include Reserved field
f5ed400 EAP-SAKE: Make attribute parser more readable
0dfb7be EAP-SAKE: Pass EAP identifier instead of full request
354e3f7 TLS: Fix debug dump of X.509 certificate
87fcb5a EAP-PAX: Fix PAX_STD-1 and PAX_STD-3 payload length validation
c3c5615 EAP-GPSK: Pass EAP identifier instead of full request
d36c803 EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf
8d9f3b8 EAP-FAST: Do not use type cast to remove const specification
07f9034 EAP-FAST: Pass EAP identifier instead of full request
f153e41 EAP-EKE: Do not pass full request to eap_eke_build_fail()
53f376c Fix a typo in function documentation
5aeebc4 D-Bus Fix network_is_persistent_group() for P2P operations
5441da2 Fix wpas_notify_network_removed()
e8181e2 dbus: Add a debug print on fill_dict_with_properties() getter failures
8a78e22 D-Bus: Fix operations when P2P management interface is used
dea0d8e RADIUS: Fix a copy-paste error in variable name
Change-Id: Ib70bf513c1f6c17974ef135806e44e120a5d5709
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 9e7d70d..8d2a066 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2098,7 +2098,8 @@
case WLAN_ACTION_PUBLIC:
case WLAN_ACTION_PROTECTED_DUAL:
#ifdef CONFIG_IEEE80211N
- if (mgmt->u.action.u.public_action.action ==
+ if (len >= IEEE80211_HDRLEN + 2 &&
+ mgmt->u.action.u.public_action.action ==
WLAN_PA_20_40_BSS_COEX) {
wpa_printf(MSG_DEBUG,
"HT20/40 coex mgmt frame received from STA "
diff --git a/src/ap/wmm.c b/src/ap/wmm.c
index 6d4177c..314e244 100644
--- a/src/ap/wmm.c
+++ b/src/ap/wmm.c
@@ -274,6 +274,9 @@
return;
}
+ if (left < 0)
+ return; /* not a valid WMM Action frame */
+
/* extract the tspec info element */
if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
diff --git a/src/eap_common/eap_common.c b/src/eap_common/eap_common.c
index 1de1328..51a15d7 100644
--- a/src/eap_common/eap_common.c
+++ b/src/eap_common/eap_common.c
@@ -192,7 +192,7 @@
/**
- * eap_get_id - Get EAP Type from wpabuf
+ * eap_get_type - Get EAP Type from wpabuf
* @msg: Buffer starting with an EAP header
* Returns: The EAP Type after the EAP header
*/
diff --git a/src/eap_common/eap_sake_common.c b/src/eap_common/eap_sake_common.c
index a76253d..c22e43e 100644
--- a/src/eap_common/eap_sake_common.c
+++ b/src/eap_common/eap_sake_common.c
@@ -16,99 +16,99 @@
static int eap_sake_parse_add_attr(struct eap_sake_parse_attr *attr,
- const u8 *pos)
+ u8 attr_id, u8 len, const u8 *data)
{
size_t i;
- switch (pos[0]) {
+ switch (attr_id) {
case EAP_SAKE_AT_RAND_S:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_RAND_S");
- if (pos[1] != 2 + EAP_SAKE_RAND_LEN) {
+ if (len != EAP_SAKE_RAND_LEN) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_RAND_S with "
- "invalid length %d", pos[1]);
+ "invalid payload length %d", len);
return -1;
}
- attr->rand_s = pos + 2;
+ attr->rand_s = data;
break;
case EAP_SAKE_AT_RAND_P:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_RAND_P");
- if (pos[1] != 2 + EAP_SAKE_RAND_LEN) {
+ if (len != EAP_SAKE_RAND_LEN) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_RAND_P with "
- "invalid length %d", pos[1]);
+ "invalid payload length %d", len);
return -1;
}
- attr->rand_p = pos + 2;
+ attr->rand_p = data;
break;
case EAP_SAKE_AT_MIC_S:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_MIC_S");
- if (pos[1] != 2 + EAP_SAKE_MIC_LEN) {
+ if (len != EAP_SAKE_MIC_LEN) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_MIC_S with "
- "invalid length %d", pos[1]);
+ "invalid payload length %d", len);
return -1;
}
- attr->mic_s = pos + 2;
+ attr->mic_s = data;
break;
case EAP_SAKE_AT_MIC_P:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_MIC_P");
- if (pos[1] != 2 + EAP_SAKE_MIC_LEN) {
+ if (len != EAP_SAKE_MIC_LEN) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_MIC_P with "
- "invalid length %d", pos[1]);
+ "invalid payload length %d", len);
return -1;
}
- attr->mic_p = pos + 2;
+ attr->mic_p = data;
break;
case EAP_SAKE_AT_SERVERID:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_SERVERID");
- attr->serverid = pos + 2;
- attr->serverid_len = pos[1] - 2;
+ attr->serverid = data;
+ attr->serverid_len = len;
break;
case EAP_SAKE_AT_PEERID:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_PEERID");
- attr->peerid = pos + 2;
- attr->peerid_len = pos[1] - 2;
+ attr->peerid = data;
+ attr->peerid_len = len;
break;
case EAP_SAKE_AT_SPI_S:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_SPI_S");
- attr->spi_s = pos + 2;
- attr->spi_s_len = pos[1] - 2;
+ attr->spi_s = data;
+ attr->spi_s_len = len;
break;
case EAP_SAKE_AT_SPI_P:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_SPI_P");
- attr->spi_p = pos + 2;
- attr->spi_p_len = pos[1] - 2;
+ attr->spi_p = data;
+ attr->spi_p_len = len;
break;
case EAP_SAKE_AT_ANY_ID_REQ:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_ANY_ID_REQ");
- if (pos[1] != 4) {
+ if (len != 2) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: Invalid AT_ANY_ID_REQ"
- " length %d", pos[1]);
+ " payload length %d", len);
return -1;
}
- attr->any_id_req = pos + 2;
+ attr->any_id_req = data;
break;
case EAP_SAKE_AT_PERM_ID_REQ:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_PERM_ID_REQ");
- if (pos[1] != 4) {
+ if (len != 2) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: Invalid "
- "AT_PERM_ID_REQ length %d", pos[1]);
+ "AT_PERM_ID_REQ payload length %d", len);
return -1;
}
- attr->perm_id_req = pos + 2;
+ attr->perm_id_req = data;
break;
case EAP_SAKE_AT_ENCR_DATA:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_ENCR_DATA");
- attr->encr_data = pos + 2;
- attr->encr_data_len = pos[1] - 2;
+ attr->encr_data = data;
+ attr->encr_data_len = len;
break;
case EAP_SAKE_AT_IV:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_IV");
- attr->iv = pos + 2;
- attr->iv_len = pos[1] - 2;
+ attr->iv = data;
+ attr->iv_len = len;
break;
case EAP_SAKE_AT_PADDING:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_PADDING");
- for (i = 2; i < pos[1]; i++) {
- if (pos[i]) {
+ for (i = 0; i < len; i++) {
+ if (data[i]) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_PADDING "
"with non-zero pad byte");
return -1;
@@ -117,26 +117,26 @@
break;
case EAP_SAKE_AT_NEXT_TMPID:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_NEXT_TMPID");
- attr->next_tmpid = pos + 2;
- attr->next_tmpid_len = pos[1] - 2;
+ attr->next_tmpid = data;
+ attr->next_tmpid_len = len;
break;
case EAP_SAKE_AT_MSK_LIFE:
wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_IV");
- if (pos[1] != 6) {
+ if (len != 4) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: Invalid "
- "AT_MSK_LIFE length %d", pos[1]);
+ "AT_MSK_LIFE payload length %d", len);
return -1;
}
- attr->msk_life = pos + 2;
+ attr->msk_life = data;
break;
default:
- if (pos[0] < 128) {
+ if (attr_id < 128) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: Unknown non-skippable"
- " attribute %d", pos[0]);
+ " attribute %d", attr_id);
return -1;
}
wpa_printf(MSG_DEBUG, "EAP-SAKE: Ignoring unknown skippable "
- "attribute %d", pos[0]);
+ "attribute %d", attr_id);
break;
}
@@ -180,7 +180,7 @@
return -1;
}
- if (eap_sake_parse_add_attr(attr, pos))
+ if (eap_sake_parse_add_attr(attr, pos[0], pos[1] - 2, pos + 2))
return -1;
pos += pos[1];
diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c
index 0662ae7..dc9e8cc 100644
--- a/src/eap_peer/eap_aka.c
+++ b/src/eap_peer/eap_aka.c
@@ -1296,7 +1296,7 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, reqData,
&len);
- if (pos == NULL || len < 1) {
+ if (pos == NULL || len < 3) {
ret->ignore = TRUE;
return NULL;
}
diff --git a/src/eap_peer/eap_eke.c b/src/eap_peer/eap_eke.c
index 9fec66c..987af83 100644
--- a/src/eap_peer/eap_eke.c
+++ b/src/eap_peer/eap_eke.c
@@ -195,15 +195,14 @@
static struct wpabuf * eap_eke_build_fail(struct eap_eke_data *data,
struct eap_method_ret *ret,
- const struct wpabuf *reqData,
- u32 failure_code)
+ u8 id, u32 failure_code)
{
struct wpabuf *resp;
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Failure/Response - code=0x%x",
failure_code);
- resp = eap_eke_build_msg(data, eap_get_id(reqData), 4, EAP_EKE_FAILURE);
+ resp = eap_eke_build_msg(data, id, 4, EAP_EKE_FAILURE);
if (resp)
wpabuf_put_be32(resp, failure_code);
@@ -230,9 +229,10 @@
const u8 *pos, *end;
const u8 *prop = NULL;
u8 idtype;
+ u8 id = eap_get_id(reqData);
if (data->state != IDENTITY) {
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
@@ -240,7 +240,7 @@
if (payload_len < 2 + 4) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data");
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
@@ -253,7 +253,7 @@
if (pos + num_prop * 4 > end) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data (num_prop=%u)",
num_prop);
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
@@ -293,7 +293,7 @@
if (prop == NULL) {
wpa_printf(MSG_DEBUG, "EAP-EKE: No acceptable proposal found");
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_NO_PROPOSAL_CHOSEN);
}
@@ -301,7 +301,7 @@
if (pos == end) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data to include IDType/Identity");
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
@@ -312,7 +312,7 @@
os_free(data->serverid);
data->serverid = os_malloc(end - pos);
if (data->serverid == NULL) {
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
os_memcpy(data->serverid, pos, end - pos);
@@ -320,11 +320,11 @@
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-ID/Response");
- resp = eap_eke_build_msg(data, eap_get_id(reqData),
+ resp = eap_eke_build_msg(data, id,
2 + 4 + 1 + data->peerid_len,
EAP_EKE_ID);
if (resp == NULL) {
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
@@ -339,7 +339,7 @@
data->msgs = wpabuf_alloc(wpabuf_len(reqData) + wpabuf_len(resp));
if (data->msgs == NULL) {
wpabuf_free(resp);
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpabuf_put_buf(data->msgs, reqData);
@@ -366,10 +366,11 @@
u8 pub[EAP_EKE_MAX_DH_LEN];
const u8 *password;
size_t password_len;
+ u8 id = eap_get_id(reqData);
if (data->state != COMMIT) {
wpa_printf(MSG_DEBUG, "EAP-EKE: EAP-EKE-Commit/Request received in unexpected state (%d)", data->state);
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
@@ -378,7 +379,7 @@
password = eap_get_config_password(sm, &password_len);
if (password == NULL) {
wpa_printf(MSG_INFO, "EAP-EKE: No password configured!");
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PASSWD_NOT_FOUND);
}
@@ -387,7 +388,7 @@
if (pos + data->sess.dhcomp_len > end) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Commit");
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
@@ -405,7 +406,7 @@
data->serverid, data->serverid_len,
data->peerid, data->peerid_len, key) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive key");
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
@@ -416,7 +417,7 @@
if (eap_eke_dh_init(data->sess.dhgroup, data->dh_priv, pub) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to initialize DH");
os_memset(key, 0, sizeof(key));
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
@@ -424,7 +425,7 @@
{
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive shared secret");
os_memset(key, 0, sizeof(key));
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
@@ -433,18 +434,18 @@
data->peerid, data->peerid_len) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive Ke/Ki");
os_memset(key, 0, sizeof(key));
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Commit/Response");
- resp = eap_eke_build_msg(data, eap_get_id(reqData),
+ resp = eap_eke_build_msg(data, id,
data->sess.dhcomp_len + data->sess.pnonce_len,
EAP_EKE_COMMIT);
if (resp == NULL) {
os_memset(key, 0, sizeof(key));
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
@@ -453,7 +454,7 @@
if (eap_eke_dhcomp(&data->sess, key, pub, rpos) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to build DHComponent_P");
os_memset(key, 0, sizeof(key));
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
os_memset(key, 0, sizeof(key));
@@ -463,7 +464,7 @@
if (random_get_bytes(data->nonce_p, data->sess.nonce_len)) {
wpabuf_free(resp);
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Nonce_P",
@@ -472,7 +473,7 @@
if (eap_eke_prot(&data->sess, data->nonce_p, data->sess.nonce_len,
wpabuf_put(resp, 0), &prot_len) < 0) {
wpabuf_free(resp);
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: PNonce_P",
@@ -484,7 +485,7 @@
if (wpabuf_resize(&data->msgs, wpabuf_len(reqData) + wpabuf_len(resp))
< 0) {
wpabuf_free(resp);
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpabuf_put_buf(data->msgs, reqData);
@@ -509,11 +510,12 @@
u8 auth_s[EAP_EKE_MAX_HASH_LEN];
size_t decrypt_len;
u8 *auth;
+ u8 id = eap_get_id(reqData);
if (data->state != CONFIRM) {
wpa_printf(MSG_DEBUG, "EAP-EKE: EAP-EKE-Confirm/Request received in unexpected state (%d)",
data->state);
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
@@ -524,7 +526,7 @@
if (pos + data->sess.pnonce_ps_len + data->sess.prf_len > end) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Confirm");
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
@@ -532,19 +534,19 @@
if (eap_eke_decrypt_prot(&data->sess, pos, data->sess.pnonce_ps_len,
nonces, &decrypt_len) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to decrypt PNonce_PS");
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
}
if (decrypt_len != (size_t) 2 * data->sess.nonce_len) {
wpa_printf(MSG_INFO, "EAP-EKE: PNonce_PS protected data length does not match length of Nonce_P and Nonce_S");
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
}
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Received Nonce_P | Nonce_S",
nonces, 2 * data->sess.nonce_len);
if (os_memcmp(data->nonce_p, nonces, data->sess.nonce_len) != 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Received Nonce_P does not match transmitted Nonce_P");
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
}
@@ -556,30 +558,30 @@
if (eap_eke_derive_ka(&data->sess, data->serverid, data->serverid_len,
data->peerid, data->peerid_len,
data->nonce_p, data->nonce_s) < 0) {
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
if (eap_eke_auth(&data->sess, "EAP-EKE server", data->msgs, auth_s) < 0)
{
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_S", auth_s, data->sess.prf_len);
if (os_memcmp_const(auth_s, pos + data->sess.pnonce_ps_len,
data->sess.prf_len) != 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Auth_S does not match");
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Confirm/Response");
- resp = eap_eke_build_msg(data, eap_get_id(reqData),
+ resp = eap_eke_build_msg(data, id,
data->sess.pnonce_len + data->sess.prf_len,
EAP_EKE_CONFIRM);
if (resp == NULL) {
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
@@ -587,7 +589,7 @@
if (eap_eke_prot(&data->sess, data->nonce_s, data->sess.nonce_len,
wpabuf_put(resp, 0), &prot_len) < 0) {
wpabuf_free(resp);
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpabuf_put(resp, prot_len);
@@ -595,7 +597,7 @@
auth = wpabuf_put(resp, data->sess.prf_len);
if (eap_eke_auth(&data->sess, "EAP-EKE peer", data->msgs, auth) < 0) {
wpabuf_free(resp);
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_P", auth, data->sess.prf_len);
@@ -606,7 +608,7 @@
data->msk, data->emsk) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive MSK/EMSK");
wpabuf_free(resp);
- return eap_eke_build_fail(data, ret, reqData,
+ return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
@@ -638,7 +640,8 @@
wpa_printf(MSG_INFO, "EAP-EKE: Failure-Code 0x%x", code);
}
- return eap_eke_build_fail(data, ret, reqData, EAP_EKE_FAIL_NO_ERROR);
+ return eap_eke_build_fail(data, ret, eap_get_id(reqData),
+ EAP_EKE_FAIL_NO_ERROR);
}
diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c
index 68d7fba..248b57b 100644
--- a/src/eap_peer/eap_fast.c
+++ b/src/eap_peer/eap_fast.c
@@ -1172,7 +1172,7 @@
static int eap_fast_process_decrypted(struct eap_sm *sm,
struct eap_fast_data *data,
struct eap_method_ret *ret,
- const struct eap_hdr *req,
+ u8 identifier,
struct wpabuf *decrypted,
struct wpabuf **out_data)
{
@@ -1184,18 +1184,18 @@
return 0;
if (resp)
return eap_fast_encrypt_response(sm, data, resp,
- req->identifier, out_data);
+ identifier, out_data);
if (tlv.result == EAP_TLV_RESULT_FAILURE) {
resp = eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 0);
return eap_fast_encrypt_response(sm, data, resp,
- req->identifier, out_data);
+ identifier, out_data);
}
if (tlv.iresult == EAP_TLV_RESULT_FAILURE) {
resp = eap_fast_tlv_result(EAP_TLV_RESULT_FAILURE, 1);
return eap_fast_encrypt_response(sm, data, resp,
- req->identifier, out_data);
+ identifier, out_data);
}
if (tlv.crypto_binding) {
@@ -1277,14 +1277,13 @@
resp = wpabuf_alloc(1);
}
- return eap_fast_encrypt_response(sm, data, resp, req->identifier,
+ return eap_fast_encrypt_response(sm, data, resp, identifier,
out_data);
}
static int eap_fast_decrypt(struct eap_sm *sm, struct eap_fast_data *data,
- struct eap_method_ret *ret,
- const struct eap_hdr *req,
+ struct eap_method_ret *ret, u8 identifier,
const struct wpabuf *in_data,
struct wpabuf **out_data)
{
@@ -1309,7 +1308,7 @@
/* Received TLS ACK - requesting more fragments */
return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_FAST,
data->fast_version,
- req->identifier, NULL, out_data);
+ identifier, NULL, out_data);
}
res = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
@@ -1328,7 +1327,7 @@
return -1;
}
- res = eap_fast_process_decrypted(sm, data, ret, req,
+ res = eap_fast_process_decrypted(sm, data, ret, identifier,
in_decrypted, out_data);
wpabuf_free(in_decrypted);
@@ -1340,7 +1339,7 @@
static const u8 * eap_fast_get_a_id(const u8 *buf, size_t len, size_t *id_len)
{
const u8 *a_id;
- struct pac_tlv_hdr *hdr;
+ const struct pac_tlv_hdr *hdr;
/*
* Parse authority identity (A-ID) from the EAP-FAST/Start. This
@@ -1350,13 +1349,13 @@
*id_len = len;
if (len > sizeof(*hdr)) {
int tlen;
- hdr = (struct pac_tlv_hdr *) buf;
+ hdr = (const struct pac_tlv_hdr *) buf;
tlen = be_to_host16(hdr->len);
if (be_to_host16(hdr->type) == PAC_TYPE_A_ID &&
sizeof(*hdr) + tlen <= len) {
wpa_printf(MSG_DEBUG, "EAP-FAST: A-ID was in TLV "
"(Start)");
- a_id = (u8 *) (hdr + 1);
+ a_id = (const u8 *) (hdr + 1);
*id_len = tlen;
}
}
@@ -1529,6 +1528,7 @@
struct wpabuf *resp;
const u8 *pos;
struct eap_fast_data *data = priv;
+ struct wpabuf msg;
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_FAST, ret,
reqData, &left, &flags);
@@ -1545,13 +1545,13 @@
left = 0; /* A-ID is not used in further packet processing */
}
+ wpabuf_set(&msg, pos, left);
+
resp = NULL;
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
!data->resuming) {
/* Process tunneled (encrypted) phase 2 data. */
- struct wpabuf msg;
- wpabuf_set(&msg, pos, left);
- res = eap_fast_decrypt(sm, data, ret, req, &msg, &resp);
+ res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp);
if (res < 0) {
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
@@ -1565,8 +1565,8 @@
/* Continue processing TLS handshake (phase 1). */
res = eap_peer_tls_process_helper(sm, &data->ssl,
EAP_TYPE_FAST,
- data->fast_version, id, pos,
- left, &resp);
+ data->fast_version, id, &msg,
+ &resp);
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
char cipher[80];
@@ -1590,16 +1590,13 @@
}
if (res == 2) {
- struct wpabuf msg;
/*
* Application data included in the handshake message.
*/
wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = resp;
resp = NULL;
- wpabuf_set(&msg, pos, left);
- res = eap_fast_decrypt(sm, data, ret, req, &msg,
- &resp);
+ res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp);
}
}
diff --git a/src/eap_peer/eap_gpsk.c b/src/eap_peer/eap_gpsk.c
index c54bf11..902b4ba 100644
--- a/src/eap_peer/eap_gpsk.c
+++ b/src/eap_peer/eap_gpsk.c
@@ -274,7 +274,7 @@
static struct wpabuf * eap_gpsk_process_gpsk_1(struct eap_sm *sm,
struct eap_gpsk_data *data,
struct eap_method_ret *ret,
- const struct wpabuf *reqData,
+ u8 identifier,
const u8 *payload,
size_t payload_len)
{
@@ -301,7 +301,7 @@
return NULL;
}
- resp = eap_gpsk_send_gpsk_2(data, eap_get_id(reqData),
+ resp = eap_gpsk_send_gpsk_2(data, identifier,
csuite_list, csuite_list_len);
if (resp == NULL)
return NULL;
@@ -583,7 +583,7 @@
static struct wpabuf * eap_gpsk_process_gpsk_3(struct eap_sm *sm,
struct eap_gpsk_data *data,
struct eap_method_ret *ret,
- const struct wpabuf *reqData,
+ u8 identifier,
const u8 *payload,
size_t payload_len)
{
@@ -615,7 +615,7 @@
(unsigned long) (end - pos));
}
- resp = eap_gpsk_send_gpsk_4(data, eap_get_id(reqData));
+ resp = eap_gpsk_send_gpsk_4(data, identifier);
if (resp == NULL)
return NULL;
@@ -670,6 +670,7 @@
struct wpabuf *resp;
const u8 *pos;
size_t len;
+ u8 opcode, id;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GPSK, reqData, &len);
if (pos == NULL || len < 1) {
@@ -677,25 +678,27 @@
return NULL;
}
- wpa_printf(MSG_DEBUG, "EAP-GPSK: Received frame: opcode %d", *pos);
+ id = eap_get_id(reqData);
+ opcode = *pos++;
+ len--;
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Received frame: opcode %d", opcode);
ret->ignore = FALSE;
ret->methodState = METHOD_MAY_CONT;
ret->decision = DECISION_FAIL;
ret->allowNotifications = FALSE;
- switch (*pos) {
+ switch (opcode) {
case EAP_GPSK_OPCODE_GPSK_1:
- resp = eap_gpsk_process_gpsk_1(sm, data, ret, reqData,
- pos + 1, len - 1);
+ resp = eap_gpsk_process_gpsk_1(sm, data, ret, id, pos, len);
break;
case EAP_GPSK_OPCODE_GPSK_3:
- resp = eap_gpsk_process_gpsk_3(sm, data, ret, reqData,
- pos + 1, len - 1);
+ resp = eap_gpsk_process_gpsk_3(sm, data, ret, id, pos, len);
break;
default:
- wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignoring message with "
- "unknown opcode %d", *pos);
+ wpa_printf(MSG_DEBUG,
+ "EAP-GPSK: Ignoring message with unknown opcode %d",
+ opcode);
ret->ignore = TRUE;
return NULL;
}
diff --git a/src/eap_peer/eap_pax.c b/src/eap_peer/eap_pax.c
index 6d1ff20..c920bcd 100644
--- a/src/eap_peer/eap_pax.c
+++ b/src/eap_peer/eap_pax.c
@@ -333,7 +333,7 @@
u16 flen, mlen;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PAX, reqData, &len);
- if (pos == NULL || len < EAP_PAX_ICV_LEN) {
+ if (pos == NULL || len < sizeof(*req) + EAP_PAX_ICV_LEN) {
ret->ignore = TRUE;
return NULL;
}
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index 86a18bb..4f68fce 100644
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -968,6 +968,7 @@
struct wpabuf *resp;
const u8 *pos;
struct eap_peap_data *data = priv;
+ struct wpabuf msg;
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_PEAP, ret,
reqData, &left, &flags);
@@ -998,17 +999,17 @@
* should always be, anyway */
}
+ wpabuf_set(&msg, pos, left);
+
resp = NULL;
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
!data->resuming) {
- struct wpabuf msg;
- wpabuf_set(&msg, pos, left);
res = eap_peap_decrypt(sm, data, ret, req, &msg, &resp);
} else {
res = eap_peer_tls_process_helper(sm, &data->ssl,
EAP_TYPE_PEAP,
- data->peap_version, id, pos,
- left, &resp);
+ data->peap_version, id, &msg,
+ &resp);
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
char *label;
@@ -1077,14 +1078,12 @@
}
if (res == 2) {
- struct wpabuf msg;
/*
* Application data included in the handshake message.
*/
wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = resp;
resp = NULL;
- wpabuf_set(&msg, pos, left);
res = eap_peap_decrypt(sm, data, ret, req, &msg,
&resp);
}
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index f2b0926..5a60b3f 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -355,6 +355,23 @@
BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL;
u16 offset;
u8 *ptr, *scalar = NULL, *element = NULL;
+ size_t prime_len, order_len;
+
+ if (data->state != PWD_Commit_Req) {
+ ret->ignore = TRUE;
+ goto fin;
+ }
+
+ prime_len = BN_num_bytes(data->grp->prime);
+ order_len = BN_num_bytes(data->grp->order);
+
+ if (payload_len != 2 * prime_len + order_len) {
+ wpa_printf(MSG_INFO,
+ "EAP-pwd: Unexpected Commit payload length %u (expected %u)",
+ (unsigned int) payload_len,
+ (unsigned int) (2 * prime_len + order_len));
+ goto fin;
+ }
if (((data->private_value = BN_new()) == NULL) ||
((data->my_element = EC_POINT_new(data->grp->group)) == NULL) ||
@@ -554,6 +571,18 @@
u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
int offset;
+ if (data->state != PWD_Confirm_Req) {
+ ret->ignore = TRUE;
+ goto fin;
+ }
+
+ if (payload_len != SHA256_MAC_LEN) {
+ wpa_printf(MSG_INFO,
+ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)",
+ (unsigned int) payload_len, SHA256_MAC_LEN);
+ goto fin;
+ }
+
/*
* first build up the ciphersuite which is group | random_function |
* prf
@@ -837,17 +866,30 @@
* if it's the first fragment there'll be a length field
*/
if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
+ if (len < 2) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-pwd: Frame too short to contain Total-Length field");
+ ret->ignore = TRUE;
+ return NULL;
+ }
tot_len = WPA_GET_BE16(pos);
wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose "
"total length = %d", tot_len);
if (tot_len > 15000)
return NULL;
+ if (data->inbuf) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
+ ret->ignore = TRUE;
+ return NULL;
+ }
data->inbuf = wpabuf_alloc(tot_len);
if (data->inbuf == NULL) {
wpa_printf(MSG_INFO, "Out of memory to buffer "
"fragments!");
return NULL;
}
+ data->in_frag_pos = 0;
pos += sizeof(u16);
len -= sizeof(u16);
}
@@ -927,6 +969,7 @@
/*
* we have output! Do we need to fragment it?
*/
+ lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch);
len = wpabuf_len(data->outbuf);
if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu,
diff --git a/src/eap_peer/eap_sake.c b/src/eap_peer/eap_sake.c
index 7d14907..c4f9843 100644
--- a/src/eap_peer/eap_sake.c
+++ b/src/eap_peer/eap_sake.c
@@ -141,7 +141,7 @@
static struct wpabuf * eap_sake_process_identity(struct eap_sm *sm,
struct eap_sake_data *data,
struct eap_method_ret *ret,
- const struct wpabuf *reqData,
+ u8 id,
const u8 *payload,
size_t payload_len)
{
@@ -166,8 +166,7 @@
wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Identity");
- resp = eap_sake_build_msg(data, eap_get_id(reqData),
- 2 + data->peerid_len,
+ resp = eap_sake_build_msg(data, id, 2 + data->peerid_len,
EAP_SAKE_SUBTYPE_IDENTITY);
if (resp == NULL)
return NULL;
@@ -185,7 +184,7 @@
static struct wpabuf * eap_sake_process_challenge(struct eap_sm *sm,
struct eap_sake_data *data,
struct eap_method_ret *ret,
- const struct wpabuf *reqData,
+ u8 id,
const u8 *payload,
size_t payload_len)
{
@@ -247,8 +246,7 @@
rlen = 2 + EAP_SAKE_RAND_LEN + 2 + EAP_SAKE_MIC_LEN;
if (data->peerid)
rlen += 2 + data->peerid_len;
- resp = eap_sake_build_msg(data, eap_get_id(reqData), rlen,
- EAP_SAKE_SUBTYPE_CHALLENGE);
+ resp = eap_sake_build_msg(data, id, rlen, EAP_SAKE_SUBTYPE_CHALLENGE);
if (resp == NULL)
return NULL;
@@ -285,6 +283,7 @@
static struct wpabuf * eap_sake_process_confirm(struct eap_sm *sm,
struct eap_sake_data *data,
struct eap_method_ret *ret,
+ u8 id,
const struct wpabuf *reqData,
const u8 *payload,
size_t payload_len)
@@ -323,14 +322,13 @@
ret->allowNotifications = FALSE;
wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending "
"Response/Auth-Reject");
- return eap_sake_build_msg(data, eap_get_id(reqData), 0,
+ return eap_sake_build_msg(data, id, 0,
EAP_SAKE_SUBTYPE_AUTH_REJECT);
}
wpa_printf(MSG_DEBUG, "EAP-SAKE: Sending Response/Confirm");
- resp = eap_sake_build_msg(data, eap_get_id(reqData),
- 2 + EAP_SAKE_MIC_LEN,
+ resp = eap_sake_build_msg(data, id, 2 + EAP_SAKE_MIC_LEN,
EAP_SAKE_SUBTYPE_CONFIRM);
if (resp == NULL)
return NULL;
@@ -367,7 +365,7 @@
struct wpabuf *resp;
const u8 *pos, *end;
size_t len;
- u8 subtype, session_id;
+ u8 subtype, session_id, id;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SAKE, reqData, &len);
if (pos == NULL || len < sizeof(struct eap_sake_hdr)) {
@@ -377,6 +375,7 @@
req = (const struct eap_sake_hdr *) pos;
end = pos + len;
+ id = eap_get_id(reqData);
subtype = req->subtype;
session_id = req->session_id;
pos = (const u8 *) (req + 1);
@@ -402,15 +401,15 @@
switch (subtype) {
case EAP_SAKE_SUBTYPE_IDENTITY:
- resp = eap_sake_process_identity(sm, data, ret, reqData,
+ resp = eap_sake_process_identity(sm, data, ret, id,
pos, end - pos);
break;
case EAP_SAKE_SUBTYPE_CHALLENGE:
- resp = eap_sake_process_challenge(sm, data, ret, reqData,
+ resp = eap_sake_process_challenge(sm, data, ret, id,
pos, end - pos);
break;
case EAP_SAKE_SUBTYPE_CONFIRM:
- resp = eap_sake_process_confirm(sm, data, ret, reqData,
+ resp = eap_sake_process_confirm(sm, data, ret, id, reqData,
pos, end - pos);
break;
default:
diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index bd06df7..99a2816 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -1042,7 +1042,7 @@
}
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SIM, reqData, &len);
- if (pos == NULL || len < 1) {
+ if (pos == NULL || len < 3) {
ret->ignore = TRUE;
return NULL;
}
diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c
index 5aa3fd5..d81b1cf 100644
--- a/src/eap_peer/eap_tls.c
+++ b/src/eap_peer/eap_tls.c
@@ -228,6 +228,7 @@
u8 flags, id;
const u8 *pos;
struct eap_tls_data *data = priv;
+ struct wpabuf msg;
pos = eap_peer_tls_process_init(sm, &data->ssl, data->eap_type, ret,
reqData, &left, &flags);
@@ -242,8 +243,9 @@
}
resp = NULL;
+ wpabuf_set(&msg, pos, left);
res = eap_peer_tls_process_helper(sm, &data->ssl, data->eap_type, 0,
- id, pos, left, &resp);
+ id, &msg, &resp);
if (res < 0) {
return eap_tls_failure(sm, data, ret, res, resp, id);
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index b4a5b1f..fef7fdb 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -477,22 +477,19 @@
* @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
* @data: Data for TLS processing
* @in_data: Message received from the server
- * @in_len: Length of in_data
* @out_data: Buffer for returning a pointer to application data (if available)
* Returns: 0 on success, 1 if more input data is needed, 2 if application data
* is available, -1 on failure
*/
static int eap_tls_process_input(struct eap_sm *sm, struct eap_ssl_data *data,
- const u8 *in_data, size_t in_len,
+ const struct wpabuf *in_data,
struct wpabuf **out_data)
{
const struct wpabuf *msg;
int need_more_input;
struct wpabuf *appl_data;
- struct wpabuf buf;
- wpabuf_set(&buf, in_data, in_len);
- msg = eap_peer_tls_data_reassemble(data, &buf, &need_more_input);
+ msg = eap_peer_tls_data_reassemble(data, in_data, &need_more_input);
if (msg == NULL)
return need_more_input ? 1 : -1;
@@ -612,7 +609,6 @@
* @peap_version: Version number for EAP-PEAP/TTLS
* @id: EAP identifier for the response
* @in_data: Message received from the server
- * @in_len: Length of in_data
* @out_data: Buffer for returning a pointer to the response message
* Returns: 0 on success, 1 if more input data is needed, 2 if application data
* is available, or -1 on failure
@@ -635,14 +631,15 @@
*/
int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
EapType eap_type, int peap_version,
- u8 id, const u8 *in_data, size_t in_len,
+ u8 id, const struct wpabuf *in_data,
struct wpabuf **out_data)
{
int ret = 0;
*out_data = NULL;
- if (data->tls_out && wpabuf_len(data->tls_out) > 0 && in_len > 0) {
+ if (data->tls_out && wpabuf_len(data->tls_out) > 0 &&
+ wpabuf_len(in_data) > 0) {
wpa_printf(MSG_DEBUG, "SSL: Received non-ACK when output "
"fragments are waiting to be sent out");
return -1;
@@ -653,8 +650,7 @@
* No more data to send out - expect to receive more data from
* the AS.
*/
- int res = eap_tls_process_input(sm, data, in_data, in_len,
- out_data);
+ int res = eap_tls_process_input(sm, data, in_data, out_data);
if (res) {
/*
* Input processing failed (res = -1) or more data is
diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h
index 390c216..acd2b78 100644
--- a/src/eap_peer/eap_tls_common.h
+++ b/src/eap_peer/eap_tls_common.h
@@ -100,7 +100,7 @@
size_t *len);
int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
EapType eap_type, int peap_version,
- u8 id, const u8 *in_data, size_t in_len,
+ u8 id, const struct wpabuf *in_data,
struct wpabuf **out_data);
struct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type,
int peap_version);
diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index b5c028b..25e3cba 100644
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -1385,14 +1385,14 @@
struct eap_ttls_data *data,
struct eap_method_ret *ret,
u8 identifier,
- const u8 *in_data, size_t in_len,
+ const struct wpabuf *in_data,
struct wpabuf **out_data)
{
int res;
res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS,
data->ttls_version, identifier,
- in_data, in_len, out_data);
+ in_data, out_data);
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to "
@@ -1419,15 +1419,13 @@
}
if (res == 2) {
- struct wpabuf msg;
/*
* Application data included in the handshake message.
*/
wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = *out_data;
*out_data = NULL;
- wpabuf_set(&msg, in_data, in_len);
- res = eap_ttls_decrypt(sm, data, ret, identifier, &msg,
+ res = eap_ttls_decrypt(sm, data, ret, identifier, in_data,
out_data);
}
@@ -1477,6 +1475,7 @@
struct wpabuf *resp;
const u8 *pos;
struct eap_ttls_data *data = priv;
+ struct wpabuf msg;
pos = eap_peer_tls_process_init(sm, &data->ssl, EAP_TYPE_TTLS, ret,
reqData, &left, &flags);
@@ -1497,15 +1496,15 @@
left = 0;
}
+ wpabuf_set(&msg, pos, left);
+
resp = NULL;
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
!data->resuming) {
- struct wpabuf msg;
- wpabuf_set(&msg, pos, left);
res = eap_ttls_decrypt(sm, data, ret, id, &msg, &resp);
} else {
res = eap_ttls_process_handshake(sm, data, ret, id,
- pos, left, &resp);
+ &msg, &resp);
}
eap_ttls_check_auth_status(sm, data, ret);
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 66bd5d2..cb83ff7 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -656,9 +656,21 @@
BIGNUM *x = NULL, *y = NULL, *cofactor = NULL;
EC_POINT *K = NULL, *point = NULL;
int res = 0;
+ size_t prime_len, order_len;
wpa_printf(MSG_DEBUG, "EAP-pwd: Received commit response");
+ prime_len = BN_num_bytes(data->grp->prime);
+ order_len = BN_num_bytes(data->grp->order);
+
+ if (payload_len != 2 * prime_len + order_len) {
+ wpa_printf(MSG_INFO,
+ "EAP-pwd: Unexpected Commit payload length %u (expected %u)",
+ (unsigned int) payload_len,
+ (unsigned int) (2 * prime_len + order_len));
+ goto fin;
+ }
+
if (((data->peer_scalar = BN_new()) == NULL) ||
((data->k = BN_new()) == NULL) ||
((cofactor = BN_new()) == NULL) ||
@@ -774,6 +786,13 @@
u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
int offset;
+ if (payload_len != SHA256_MAC_LEN) {
+ wpa_printf(MSG_INFO,
+ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)",
+ (unsigned int) payload_len, SHA256_MAC_LEN);
+ goto fin;
+ }
+
/* build up the ciphersuite: group | random_function | prf */
grp = htons(data->group_num);
ptr = (u8 *) &cs;
@@ -923,17 +942,28 @@
* the first fragment has a total length
*/
if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
+ if (len < 2) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-pwd: Frame too short to contain Total-Length field");
+ return;
+ }
tot_len = WPA_GET_BE16(pos);
wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments, total "
"length = %d", tot_len);
if (tot_len > 15000)
return;
+ if (data->inbuf) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
+ return;
+ }
data->inbuf = wpabuf_alloc(tot_len);
if (data->inbuf == NULL) {
wpa_printf(MSG_INFO, "EAP-pwd: Out of memory to "
"buffer fragments!");
return;
}
+ data->in_frag_pos = 0;
pos += sizeof(u16);
len -= sizeof(u16);
}
diff --git a/src/radius/radius.c b/src/radius/radius.c
index 906d8c8..1ebfd11 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -1225,7 +1225,7 @@
}
/* MS-MPPE-Recv-Key */
- buf = os_malloc(hlen + send_key_len + 16);
+ buf = os_malloc(hlen + recv_key_len + 16);
if (buf == NULL) {
return 0;
}
diff --git a/src/tls/libtommath.c b/src/tls/libtommath.c
index 3fb8fbe..251133e 100644
--- a/src/tls/libtommath.c
+++ b/src/tls/libtommath.c
@@ -1631,7 +1631,7 @@
}
/* init our temps */
- if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL) != MP_OKAY)) {
+ if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL)) != MP_OKAY) {
return res;
}
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index 742af32..b51dfcd 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -1511,7 +1511,7 @@
if (pos + hdr.length < end) {
wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER "
"encoded certificate",
- pos + hdr.length, end - pos + hdr.length);
+ pos + hdr.length, end - (pos + hdr.length));
end = pos + hdr.length;
}
diff --git a/src/wps/httpread.c b/src/wps/httpread.c
index 2f08f37..180b572 100644
--- a/src/wps/httpread.c
+++ b/src/wps/httpread.c
@@ -44,16 +44,6 @@
#define HTTPREAD_HEADER_MAX_SIZE 4096 /* max allowed for headers */
#define HTTPREAD_BODYBUF_DELTA 4096 /* increase allocation by this */
-#if 0
-/* httpread_debug -- set this global variable > 0 e.g. from debugger
- * to enable debugs (larger numbers for more debugs)
- * Make this a #define of 0 to eliminate the debugging code.
- */
-int httpread_debug = 99;
-#else
-#define httpread_debug 0 /* eliminates even the debugging code */
-#endif
-
/* control instance -- actual definition (opaque to application)
*/
@@ -136,8 +126,7 @@
*/
void httpread_destroy(struct httpread *h)
{
- if (httpread_debug >= 10)
- wpa_printf(MSG_DEBUG, "ENTER httpread_destroy(%p)", h);
+ wpa_printf(MSG_DEBUG, "httpread_destroy(%p)", h);
if (!h)
return;
@@ -177,6 +166,12 @@
if (!isdigit(*hbp))
return -1;
h->content_length = atol(hbp);
+ if (h->content_length < 0 || h->content_length > h->max_bytes) {
+ wpa_printf(MSG_DEBUG,
+ "httpread: Unacceptable Content-Length %d",
+ h->content_length);
+ return -1;
+ }
h->got_content_length = 1;
return 0;
}
@@ -380,15 +375,16 @@
char *bbp; /* pointer into body buffer */
char readbuf[HTTPREAD_READBUF_SIZE]; /* temp use to read into */
- if (httpread_debug >= 20)
- wpa_printf(MSG_DEBUG, "ENTER httpread_read_handler(%p)", h);
-
/* read some at a time, then search for the interal
* boundaries between header and data and etc.
*/
+ wpa_printf(MSG_DEBUG, "httpread: Trying to read more data(%p)", h);
nread = read(h->sd, readbuf, sizeof(readbuf));
- if (nread < 0)
+ if (nread < 0) {
+ wpa_printf(MSG_DEBUG, "httpread failed: %s", strerror(errno));
goto bad;
+ }
+ wpa_hexdump_ascii(MSG_MSGDUMP, "httpread - read", readbuf, nread);
if (nread == 0) {
/* end of transmission... this may be normal
* or may be an error... in some cases we can't
@@ -411,8 +407,7 @@
* although dropped connections can cause false
* end
*/
- if (httpread_debug >= 10)
- wpa_printf(MSG_DEBUG, "httpread ok eof(%p)", h);
+ wpa_printf(MSG_DEBUG, "httpread ok eof(%p)", h);
h->got_body = 1;
goto got_file;
}
@@ -432,6 +427,8 @@
if (nread == 0)
goto get_more;
if (h->hdr_nbytes == HTTPREAD_HEADER_MAX_SIZE) {
+ wpa_printf(MSG_DEBUG,
+ "httpread: Too long header");
goto bad;
}
*hbp++ = *rbp++;
@@ -453,16 +450,13 @@
goto bad;
}
if (h->max_bytes == 0) {
- if (httpread_debug >= 10)
- wpa_printf(MSG_DEBUG,
- "httpread no body hdr end(%p)", h);
+ wpa_printf(MSG_DEBUG, "httpread no body hdr end(%p)",
+ h);
goto got_file;
}
if (h->got_content_length && h->content_length == 0) {
- if (httpread_debug >= 10)
- wpa_printf(MSG_DEBUG,
- "httpread zero content length(%p)",
- h);
+ wpa_printf(MSG_DEBUG,
+ "httpread zero content length(%p)", h);
goto got_file;
}
}
@@ -475,9 +469,7 @@
!os_strncasecmp(h->hdr, "HEAD", 4) ||
!os_strncasecmp(h->hdr, "GET", 3)) {
if (!h->got_body) {
- if (httpread_debug >= 10)
- wpa_printf(MSG_DEBUG,
- "httpread NO BODY for sp. type");
+ wpa_printf(MSG_DEBUG, "httpread NO BODY for sp. type");
}
h->got_body = 1;
goto got_file;
@@ -498,8 +490,12 @@
char *new_body;
int new_alloc_nbytes;
- if (h->body_nbytes >= h->max_bytes)
+ if (h->body_nbytes >= h->max_bytes) {
+ wpa_printf(MSG_DEBUG,
+ "httpread: body_nbytes=%d >= max_bytes=%d",
+ h->body_nbytes, h->max_bytes);
goto bad;
+ }
new_alloc_nbytes = h->body_alloc_nbytes +
HTTPREAD_BODYBUF_DELTA;
/* For content-length case, the first time
@@ -509,9 +505,20 @@
if (h->got_content_length &&
new_alloc_nbytes < (h->content_length + 1))
new_alloc_nbytes = h->content_length + 1;
- if ((new_body = os_realloc(h->body, new_alloc_nbytes))
- == NULL)
+ if (new_alloc_nbytes < h->body_alloc_nbytes ||
+ new_alloc_nbytes > h->max_bytes) {
+ wpa_printf(MSG_DEBUG,
+ "httpread: Unacceptable body length %d",
+ new_alloc_nbytes);
goto bad;
+ }
+ if ((new_body = os_realloc(h->body, new_alloc_nbytes))
+ == NULL) {
+ wpa_printf(MSG_DEBUG,
+ "httpread: Failed to reallocate buffer (len=%d)",
+ new_alloc_nbytes);
+ goto bad;
+ }
h->body = new_body;
h->body_alloc_nbytes = new_alloc_nbytes;
@@ -530,9 +537,19 @@
/* hdr line consists solely
* of a hex numeral and CFLF
*/
- if (!isxdigit(*cbp))
+ if (!isxdigit(*cbp)) {
+ wpa_printf(MSG_DEBUG,
+ "httpread: Unexpected chunk header value (not a hex digit)");
goto bad;
+ }
h->chunk_size = strtoul(cbp, NULL, 16);
+ if (h->chunk_size < 0 ||
+ h->chunk_size > h->max_bytes) {
+ wpa_printf(MSG_DEBUG,
+ "httpread: Invalid chunk size %d",
+ h->chunk_size);
+ goto bad;
+ }
/* throw away chunk header
* so we have only real data
*/
@@ -542,10 +559,9 @@
/* end of chunking */
/* trailer follows */
h->in_trailer = 1;
- if (httpread_debug >= 20)
- wpa_printf(
- MSG_DEBUG,
- "httpread end chunks(%p)", h);
+ wpa_printf(MSG_DEBUG,
+ "httpread end chunks(%p)",
+ h);
break;
}
h->in_chunk_data = 1;
@@ -563,8 +579,11 @@
*/
if (bbp[-1] == '\n' &&
bbp[-2] == '\r') {
- } else
+ } else {
+ wpa_printf(MSG_DEBUG,
+ "httpread: Invalid chunk end");
goto bad;
+ }
h->body_nbytes -= 2;
bbp -= 2;
h->chunk_start = h->body_nbytes;
@@ -574,10 +593,8 @@
} else if (h->got_content_length &&
h->body_nbytes >= h->content_length) {
h->got_body = 1;
- if (httpread_debug >= 10)
- wpa_printf(
- MSG_DEBUG,
- "httpread got content(%p)", h);
+ wpa_printf(MSG_DEBUG,
+ "httpread got content(%p)", h);
goto got_file;
}
if (nread <= 0)
@@ -601,6 +618,11 @@
ncopy = nread;
}
/* Note: should never be 0 */
+ if (ncopy < 0) {
+ wpa_printf(MSG_DEBUG,
+ "httpread: Invalid ncopy=%d", ncopy);
+ goto bad;
+ }
if (ncopy > nread)
ncopy = nread;
os_memcpy(bbp, rbp, ncopy);
@@ -635,10 +657,9 @@
if (c == '\n') {
h->trailer_state = trailer_line_begin;
h->in_trailer = 0;
- if (httpread_debug >= 10)
- wpa_printf(
- MSG_DEBUG,
- "httpread got content(%p)", h);
+ wpa_printf(MSG_DEBUG,
+ "httpread got content(%p)",
+ h);
h->got_body = 1;
goto got_file;
}
@@ -666,13 +687,14 @@
return;
get_more:
+ wpa_printf(MSG_DEBUG, "httpread: get more (%p)", h);
return;
got_file:
- if (httpread_debug >= 10)
- wpa_printf(MSG_DEBUG,
- "httpread got file %d bytes type %d",
- h->body_nbytes, h->hdr_type);
+ wpa_printf(MSG_DEBUG, "httpread got file %d bytes type %d",
+ h->body_nbytes, h->hdr_type);
+ wpa_hexdump_ascii(MSG_MSGDUMP, "httpread: body",
+ h->body, h->body_nbytes);
/* Null terminate for convenience of some applications */
if (h->body)
h->body[h->body_nbytes] = 0; /* null terminate */
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 91617fb..4aa602d 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -760,6 +760,33 @@
return wpa_tdls_disable_chan_switch(wpa_s->wpa, peer);
}
+
+static int wpa_supplicant_ctrl_iface_tdls_link_status(
+ struct wpa_supplicant *wpa_s, const char *addr,
+ char *buf, size_t buflen)
+{
+ u8 peer[ETH_ALEN];
+ const char *tdls_status;
+ int ret;
+
+ if (hwaddr_aton(addr, peer)) {
+ wpa_printf(MSG_DEBUG,
+ "CTRL_IFACE TDLS_LINK_STATUS: Invalid address '%s'",
+ addr);
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_LINK_STATUS " MACSTR,
+ MAC2STR(peer));
+
+ tdls_status = wpa_tdls_get_link_status(wpa_s->wpa, peer);
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_LINK_STATUS: %s", tdls_status);
+ ret = os_snprintf(buf, buflen, "TDLS link status: %s\n", tdls_status);
+ if (os_snprintf_error(buflen, ret))
+ return -1;
+
+ return ret;
+}
+
#endif /* CONFIG_TDLS */
@@ -8415,6 +8442,9 @@
if (wpa_supplicant_ctrl_iface_tdls_cancel_chan_switch(wpa_s,
buf + 24))
reply_len = -1;
+ } else if (os_strncmp(buf, "TDLS_LINK_STATUS ", 17) == 0) {
+ reply_len = wpa_supplicant_ctrl_iface_tdls_link_status(
+ wpa_s, buf + 17, reply, reply_size);
#endif /* CONFIG_TDLS */
} else if (os_strcmp(buf, "WMM_AC_STATUS") == 0) {
reply_len = wpas_wmm_ac_status(wpa_s, reply, reply_size);
diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
index 30ef03a..89a562c 100644
--- a/wpa_supplicant/dbus/dbus_new.c
+++ b/wpa_supplicant/dbus/dbus_new.c
@@ -137,7 +137,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(WPAS_DBUS_NEW_PATH,
@@ -200,7 +200,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -239,7 +239,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -307,7 +307,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -374,7 +374,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
os_snprintf(net_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
@@ -467,7 +467,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
field = wpa_supplicant_ctrl_req_to_string(rtype, default_txt, &txt);
@@ -511,6 +511,8 @@
char path[WPAS_DBUS_OBJECT_PATH_MAX];
+ if (!wpa_s->dbus_new_path)
+ return;
os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%d",
wpa_s->dbus_new_path, ssid->id);
@@ -539,7 +541,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -579,7 +581,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -620,7 +622,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -686,7 +688,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -760,7 +762,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -801,7 +803,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -844,7 +846,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -916,7 +918,8 @@
if (parent->p2p_mgmt)
parent = parent->parent;
- if (!wpa_s->dbus_groupobj_path)
+ if (!wpa_s->dbus_groupobj_path || !wpa_s->dbus_new_path ||
+ !parent->dbus_new_path)
return;
msg = dbus_message_new_signal(parent->dbus_new_path,
@@ -984,6 +987,8 @@
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
if (request || !status) {
if (config_methods & WPS_CONFIG_DISPLAY)
@@ -1073,6 +1078,8 @@
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR,
@@ -1105,7 +1112,8 @@
{
char group_name[3];
- if (os_memcmp(ssid->ssid, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN))
+ if (!wpa_s->dbus_new_path ||
+ os_memcmp(ssid->ssid, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN))
return -1;
os_memcpy(group_name, ssid->ssid + P2P_WILDCARD_SSID_LEN, 2);
@@ -1209,7 +1217,7 @@
iface = parent->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !parent->dbus_new_path || !wpa_s->dbus_new_path)
return;
if (wpa_s->dbus_groupobj_path == NULL)
@@ -1272,7 +1280,7 @@
os_memset(freqs, 0, sizeof(freqs));
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
@@ -1386,6 +1394,8 @@
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
WPAS_DBUS_NEW_IFACE_P2PDEVICE,
@@ -1439,6 +1449,8 @@
parent = wpa_s->parent;
if (parent->p2p_mgmt)
parent = parent->parent;
+ if (!parent->dbus_new_path)
+ return;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/"
@@ -1494,6 +1506,8 @@
parent = wpa_s->parent;
if (parent->p2p_mgmt)
parent = parent->parent;
+ if (!parent->dbus_new_path)
+ return;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/"
@@ -1551,6 +1565,8 @@
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
/* Check if this is a known peer */
if (!p2p_peer_known(wpa_s->global->p2p, sa))
@@ -1617,6 +1633,8 @@
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
/* Check if this is a known peer */
if (!p2p_peer_known(wpa_s->global->p2p, sa))
@@ -1678,6 +1696,8 @@
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
os_snprintf(pgrp_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%u",
@@ -1762,6 +1782,8 @@
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
WPAS_DBUS_NEW_IFACE_P2PDEVICE,
"WpsFailed");
@@ -1862,6 +1884,9 @@
char path[WPAS_DBUS_OBJECT_PATH_MAX];
char *prop;
+ if (!wpa_s->dbus_new_path)
+ return;
+
switch (property) {
case WPAS_DBUS_BSS_PROP_SIGNAL:
prop = "Signal";
@@ -2177,7 +2202,7 @@
#endif /* CONFIG_P2P */
/* Do nothing if the control interface is not turned on */
- if (wpa_s == NULL || wpa_s->global == NULL)
+ if (wpa_s == NULL || wpa_s->global == NULL || !wpa_s->dbus_new_path)
return 0;
ctrl_iface = wpa_s->global->dbus;
if (ctrl_iface == NULL)
@@ -2351,7 +2376,7 @@
char bss_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
/* Do nothing if the control interface is not turned on */
- if (wpa_s == NULL || wpa_s->global == NULL)
+ if (wpa_s == NULL || wpa_s->global == NULL || !wpa_s->dbus_new_path)
return 0;
ctrl_iface = wpa_s->global->dbus;
if (ctrl_iface == NULL)
@@ -2394,7 +2419,7 @@
struct bss_handler_args *arg;
/* Do nothing if the control interface is not turned on */
- if (wpa_s == NULL || wpa_s->global == NULL)
+ if (wpa_s == NULL || wpa_s->global == NULL || !wpa_s->dbus_new_path)
return 0;
ctrl_iface = wpa_s->global->dbus;
if (ctrl_iface == NULL)
@@ -3345,7 +3370,7 @@
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
@@ -3422,8 +3447,9 @@
if (ctrl_iface == NULL)
return 0;
- if (wpa_s->p2p_mgmt)
- wpa_s = wpa_s->parent;
+ wpa_s = wpa_s->parent->parent;
+ if (!wpa_s->dbus_new_path)
+ return 0;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR,
@@ -3481,12 +3507,12 @@
int ret;
/* Do nothing if the control interface is not turned on */
- if (wpa_s == NULL || wpa_s->global == NULL ||
- wpa_s->dbus_new_path == NULL)
+ if (wpa_s == NULL || wpa_s->global == NULL)
return 0;
- if (wpa_s->p2p_mgmt)
- wpa_s = wpa_s->parent;
+ wpa_s = wpa_s->parent->parent;
+ if (!wpa_s->dbus_new_path)
+ return 0;
ctrl_iface = wpa_s->global->dbus;
if (ctrl_iface == NULL)
@@ -3512,6 +3538,8 @@
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR,
wpa_s->dbus_new_path, MAC2STR(dev_addr));
@@ -3713,6 +3741,9 @@
/* Do nothing if the control interface is not turned on */
if (wpa_s == NULL || wpa_s->global == NULL)
return 0;
+ wpa_s = wpa_s->parent->parent;
+ if (!wpa_s->dbus_new_path)
+ return 0;
/* Make sure ssid is a persistent group */
if (ssid->disabled != 2 && !ssid->p2p_persistent_group)
@@ -3797,15 +3828,13 @@
int ret;
/* Do nothing if the control interface is not turned on */
- if (wpa_s == NULL || wpa_s->global == NULL ||
- wpa_s->dbus_new_path == NULL)
+ if (wpa_s == NULL || wpa_s->global == NULL)
return 0;
- if (wpa_s->p2p_mgmt)
- wpa_s = wpa_s->parent;
+ wpa_s = wpa_s->parent->parent;
ctrl_iface = wpa_s->global->dbus;
- if (ctrl_iface == NULL)
+ if (ctrl_iface == NULL || !wpa_s->dbus_new_path)
return 0;
os_snprintf(pgrp_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index d695d1b..97db9a8 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -157,7 +157,8 @@
struct wpa_supplicant *wpa_s;
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
- if (os_strcmp(wpa_s->dbus_new_path, path) == 0)
+ if (wpa_s->dbus_new_path &&
+ os_strcmp(wpa_s->dbus_new_path, path) == 0)
return wpa_s;
}
return NULL;
@@ -600,7 +601,7 @@
iface.bridge_ifname = bridge_ifname;
/* Otherwise, have wpa_supplicant attach to it. */
wpa_s = wpa_supplicant_add_iface(global, &iface, NULL);
- if (wpa_s) {
+ if (wpa_s && wpa_s->dbus_new_path) {
const char *path = wpa_s->dbus_new_path;
reply = dbus_message_new_method_return(message);
@@ -684,7 +685,7 @@
DBUS_TYPE_INVALID);
wpa_s = wpa_supplicant_get_iface(global, ifname);
- if (wpa_s == NULL)
+ if (wpa_s == NULL || wpa_s->dbus_new_path == NULL)
return wpas_dbus_error_iface_unknown(message);
path = wpa_s->dbus_new_path;
@@ -876,8 +877,10 @@
unsigned int i = 0, num = 0;
dbus_bool_t success;
- for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
- num++;
+ for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
+ if (wpa_s->dbus_new_path)
+ num++;
+ }
paths = os_calloc(num, sizeof(char *));
if (!paths) {
@@ -885,8 +888,10 @@
return FALSE;
}
- for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
- paths[i++] = wpa_s->dbus_new_path;
+ for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
+ if (wpa_s->dbus_new_path)
+ paths[i++] = wpa_s->dbus_new_path;
+ }
success = wpas_dbus_simple_array_property_getter(iter,
DBUS_TYPE_OBJECT_PATH,
@@ -1327,14 +1332,25 @@
message,
"You can specify only Channels in passive scan");
goto out;
- } else if (params.freqs && params.freqs[0]) {
- if (wpa_supplicant_trigger_scan(wpa_s, ¶ms)) {
- reply = wpas_dbus_error_scan_error(
- message, "Scan request rejected");
- }
} else {
- wpa_s->scan_req = MANUAL_SCAN_REQ;
- wpa_supplicant_req_scan(wpa_s, 0, 0);
+ if (wpa_s->sched_scanning) {
+ wpa_printf(MSG_DEBUG,
+ "%s[dbus]: Stop ongoing sched_scan to allow requested scan to proceed",
+ __func__);
+ wpa_supplicant_cancel_sched_scan(wpa_s);
+ }
+
+ if (params.freqs && params.freqs[0]) {
+ if (wpa_supplicant_trigger_scan(wpa_s,
+ ¶ms)) {
+ reply = wpas_dbus_error_scan_error(
+ message,
+ "Scan request rejected");
+ }
+ } else {
+ wpa_s->scan_req = MANUAL_SCAN_REQ;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+ }
}
} else if (os_strcmp(type, "active") == 0) {
if (!params.num_ssids) {
@@ -1344,6 +1360,13 @@
#ifdef CONFIG_AUTOSCAN
autoscan_deinit(wpa_s);
#endif /* CONFIG_AUTOSCAN */
+ if (wpa_s->sched_scanning) {
+ wpa_printf(MSG_DEBUG,
+ "%s[dbus]: Stop ongoing sched_scan to allow requested scan to proceed",
+ __func__);
+ wpa_supplicant_cancel_sched_scan(wpa_s);
+ }
+
if (wpa_supplicant_trigger_scan(wpa_s, ¶ms)) {
reply = wpas_dbus_error_scan_error(
message, "Scan request rejected");
@@ -1478,7 +1501,8 @@
dbus_message_iter_init(message, &iter);
- ssid = wpa_config_add_network(wpa_s->conf);
+ if (wpa_s->dbus_new_path)
+ ssid = wpa_config_add_network(wpa_s->conf);
if (ssid == NULL) {
wpa_printf(MSG_ERROR, "%s[dbus]: can't add new interface.",
__func__);
@@ -1602,7 +1626,7 @@
iface = wpas_dbus_new_decompose_object_path(op,
WPAS_DBUS_NEW_NETWORKS_PART,
&net_id);
- if (iface == NULL || net_id == NULL ||
+ if (iface == NULL || net_id == NULL || !wpa_s->dbus_new_path ||
os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
reply = wpas_dbus_error_invalid_args(message, op);
goto out;
@@ -1715,7 +1739,7 @@
iface = wpas_dbus_new_decompose_object_path(op,
WPAS_DBUS_NEW_NETWORKS_PART,
&net_id);
- if (iface == NULL || net_id == NULL ||
+ if (iface == NULL || net_id == NULL || !wpa_s->dbus_new_path ||
os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
reply = wpas_dbus_error_invalid_args(message, op);
goto out;
@@ -1773,7 +1797,7 @@
iface = wpas_dbus_new_decompose_object_path(op,
WPAS_DBUS_NEW_NETWORKS_PART,
&net_id);
- if (iface == NULL || net_id == NULL ||
+ if (iface == NULL || net_id == NULL || !wpa_s->dbus_new_path ||
os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
reply = wpas_dbus_error_invalid_args(message, op);
goto out;
@@ -2266,12 +2290,14 @@
message, DBUS_ERROR_FAILED,
"Reinit of the EAPOL state machine with the new PKCS #11 engine and module path failed.");
- wpa_dbus_mark_property_changed(
- wpa_s->global->dbus, wpa_s->dbus_new_path,
- WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11EnginePath");
- wpa_dbus_mark_property_changed(
- wpa_s->global->dbus, wpa_s->dbus_new_path,
- WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11ModulePath");
+ if (wpa_s->dbus_new_path) {
+ wpa_dbus_mark_property_changed(
+ wpa_s->global->dbus, wpa_s->dbus_new_path,
+ WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11EnginePath");
+ wpa_dbus_mark_property_changed(
+ wpa_s->global->dbus, wpa_s->dbus_new_path,
+ WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11ModulePath");
+ }
return NULL;
}
@@ -3024,7 +3050,7 @@
struct wpa_supplicant *wpa_s = user_data;
char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *bss_obj_path = path_buf;
- if (wpa_s->current_bss)
+ if (wpa_s->current_bss && wpa_s->dbus_new_path)
os_snprintf(bss_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_BSSIDS_PART "/%u",
wpa_s->dbus_new_path, wpa_s->current_bss->id);
@@ -3052,7 +3078,7 @@
struct wpa_supplicant *wpa_s = user_data;
char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *net_obj_path = path_buf;
- if (wpa_s->current_ssid)
+ if (wpa_s->current_ssid && wpa_s->dbus_new_path)
os_snprintf(net_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%u",
wpa_s->dbus_new_path, wpa_s->current_ssid->id);
@@ -3140,6 +3166,12 @@
unsigned int i = 0;
dbus_bool_t success = FALSE;
+ if (!wpa_s->dbus_new_path) {
+ dbus_set_error(error, DBUS_ERROR_FAILED,
+ "%s: no D-Bus interface", __func__);
+ return FALSE;
+ }
+
paths = os_calloc(wpa_s->num_bss, sizeof(char *));
if (!paths) {
dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
@@ -3191,6 +3223,12 @@
unsigned int i = 0, num = 0;
dbus_bool_t success = FALSE;
+ if (!wpa_s->dbus_new_path) {
+ dbus_set_error(error, DBUS_ERROR_FAILED,
+ "%s: no D-Bus interface", __func__);
+ return FALSE;
+ }
+
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
if (!network_is_persistent_group(ssid))
num++;
@@ -4104,7 +4142,7 @@
struct wpas_dbus_priv *priv = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (priv == NULL)
+ if (priv == NULL || !wpa_s->dbus_new_path)
return;
if (wpa_s->preq_notify_peer == NULL)
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
index 0eff763..32f0a35 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
@@ -354,7 +354,8 @@
pg_object_path, WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART,
&net_id_str);
if (iface == NULL || net_id_str == NULL ||
- os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
+ !wpa_s->parent->dbus_new_path ||
+ os_strcmp(iface, wpa_s->parent->dbus_new_path) != 0) {
reply =
wpas_dbus_error_invalid_args(message,
pg_object_path);
@@ -649,7 +650,8 @@
WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART,
&net_id_str);
if (iface == NULL || net_id_str == NULL ||
- os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
+ !wpa_s->parent->dbus_new_path ||
+ os_strcmp(iface, wpa_s->parent->dbus_new_path) != 0) {
reply = wpas_dbus_error_invalid_args(message,
pg_object_path);
goto out;
@@ -1043,7 +1045,8 @@
char **peer_obj_paths = NULL;
- if (!wpa_dbus_p2p_check_enabled(wpa_s, NULL, NULL, error))
+ if (!wpa_dbus_p2p_check_enabled(wpa_s, NULL, NULL, error) ||
+ !wpa_s->parent->parent->dbus_new_path)
return FALSE;
dl_list_init(&peer_objpath_list);
@@ -1064,7 +1067,8 @@
os_snprintf(node->path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART
"/" COMPACT_MACSTR,
- wpa_s->dbus_new_path, MAC2STR(addr));
+ wpa_s->parent->parent->dbus_new_path,
+ MAC2STR(addr));
dl_list_add_tail(&peer_objpath_list, &node->list);
num++;
@@ -1184,13 +1188,17 @@
struct wpa_supplicant *wpa_s = user_data;
char go_peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path;
+ if (!wpa_s->parent->parent->dbus_new_path)
+ return FALSE;
+
if (wpas_get_p2p_role(wpa_s) != WPAS_P2P_ROLE_CLIENT)
os_snprintf(go_peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, "/");
else
os_snprintf(go_peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/"
COMPACT_MACSTR,
- wpa_s->dbus_new_path, MAC2STR(wpa_s->go_dev_addr));
+ wpa_s->parent->parent->dbus_new_path,
+ MAC2STR(wpa_s->go_dev_addr));
path = go_peer_obj_path;
return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_OBJECT_PATH,
@@ -1636,6 +1644,11 @@
unsigned int i = 0, num = 0;
dbus_bool_t success = FALSE;
+ if (wpa_s->p2p_dev)
+ wpa_s = wpa_s->p2p_dev;
+ if (!wpa_s->parent->dbus_new_path)
+ return FALSE;
+
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
if (network_is_persistent_group(ssid))
num++;
@@ -1659,7 +1672,7 @@
/* Construct the object path for this network. */
os_snprintf(paths[i++], WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%d",
- wpa_s->dbus_new_path, ssid->id);
+ wpa_s->parent->dbus_new_path, ssid->id);
}
success = wpas_dbus_simple_array_property_getter(iter,
@@ -1746,7 +1759,10 @@
dbus_message_iter_init(message, &iter);
- ssid = wpa_config_add_network(wpa_s->conf);
+ if (wpa_s->p2p_dev)
+ wpa_s = wpa_s->p2p_dev;
+ if (wpa_s->parent->dbus_new_path)
+ ssid = wpa_config_add_network(wpa_s->conf);
if (ssid == NULL) {
wpa_printf(MSG_ERROR,
"dbus: %s: Cannot add new persistent group",
@@ -1779,7 +1795,7 @@
/* Construct the object path for this network. */
os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%d",
- wpa_s->dbus_new_path, ssid->id);
+ wpa_s->parent->dbus_new_path, ssid->id);
reply = dbus_message_new_method_return(message);
if (reply == NULL) {
@@ -1826,6 +1842,9 @@
dbus_message_get_args(message, NULL, DBUS_TYPE_OBJECT_PATH, &op,
DBUS_TYPE_INVALID);
+ if (wpa_s->p2p_dev)
+ wpa_s = wpa_s->p2p_dev;
+
/*
* Extract the network ID and ensure the network is actually a child of
* this interface.
@@ -1834,7 +1853,8 @@
op, WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART,
&persistent_group_id);
if (iface == NULL || persistent_group_id == NULL ||
- os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
+ !wpa_s->parent->dbus_new_path ||
+ os_strcmp(iface, wpa_s->parent->dbus_new_path) != 0) {
reply = wpas_dbus_error_invalid_args(message, op);
goto out;
}
@@ -1899,6 +1919,8 @@
struct wpa_ssid *ssid, *next;
struct wpa_config *config;
+ if (wpa_s->p2p_dev)
+ wpa_s = wpa_s->p2p_dev;
config = wpa_s->conf;
ssid = config->ssid;
while (ssid) {
@@ -1928,6 +1950,9 @@
const u8 *addr;
dbus_bool_t success = FALSE;
+ if (!wpa_s->parent->parent->dbus_new_path)
+ return FALSE;
+
/* Verify correct role for this property */
if (wpas_get_p2p_role(wpa_s) != WPAS_P2P_ROLE_GO) {
return wpas_dbus_simple_array_property_getter(
@@ -1955,7 +1980,8 @@
os_snprintf(paths[i], WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART
"/" COMPACT_MACSTR,
- wpa_s->parent->dbus_new_path, MAC2STR(addr));
+ wpa_s->parent->parent->dbus_new_path,
+ MAC2STR(addr));
i++;
}
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_wps.c b/wpa_supplicant/dbus/dbus_new_handlers_wps.c
index a94a0e5..734ac4a 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers_wps.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers_wps.c
@@ -358,6 +358,8 @@
struct wpa_supplicant *wpa_s = user_data;
dbus_bool_t process_credentials, old_pc;
+ if (!wpa_s->dbus_new_path)
+ return FALSE;
if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_BOOLEAN,
&process_credentials))
return FALSE;
diff --git a/wpa_supplicant/dbus/dbus_new_helpers.c b/wpa_supplicant/dbus/dbus_new_helpers.c
index 15b0901..45623f3 100644
--- a/wpa_supplicant/dbus/dbus_new_helpers.c
+++ b/wpa_supplicant/dbus/dbus_new_helpers.c
@@ -46,8 +46,13 @@
goto error;
/* An error getting a property fails the request entirely */
- if (!dsc->getter(&entry_iter, error, user_data))
+ if (!dsc->getter(&entry_iter, error, user_data)) {
+ wpa_printf(MSG_INFO,
+ "dbus: %s dbus_interface=%s dbus_property=%s getter failed",
+ __func__, dsc->dbus_interface,
+ dsc->dbus_property);
return FALSE;
+ }
if (!dbus_message_iter_close_container(dict_iter, &entry_iter))
goto error;
diff --git a/wpa_supplicant/dbus/dbus_old.c b/wpa_supplicant/dbus/dbus_old.c
index 45bb402..88227af 100644
--- a/wpa_supplicant/dbus/dbus_old.c
+++ b/wpa_supplicant/dbus/dbus_old.c
@@ -383,7 +383,7 @@
DBusMessage *_signal;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_path)
return;
_signal = dbus_message_new_signal(wpa_s->dbus_path,
@@ -474,7 +474,7 @@
dbus_bool_t scanning = wpa_s->scanning ? TRUE : FALSE;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_path)
return;
_signal = dbus_message_new_signal(wpa_s->dbus_path,
@@ -509,7 +509,7 @@
if (wpa_s->global == NULL)
return;
iface = wpa_s->global->dbus;
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_path)
return;
_signal = dbus_message_new_signal(wpa_s->dbus_path,
@@ -559,7 +559,7 @@
if (wpa_s->global == NULL)
return;
iface = wpa_s->global->dbus;
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_path)
return;
_signal = dbus_message_new_signal(wpa_s->dbus_path,
@@ -738,7 +738,7 @@
struct wpa_supplicant *wpa_s;
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
- if (strcmp(wpa_s->dbus_path, path) == 0)
+ if (wpa_s->dbus_path && strcmp(wpa_s->dbus_path, path) == 0)
return wpa_s;
}
return NULL;
diff --git a/wpa_supplicant/dbus/dbus_old_handlers.c b/wpa_supplicant/dbus/dbus_old_handlers.c
index 773ee8b..0ffa1be 100644
--- a/wpa_supplicant/dbus/dbus_old_handlers.c
+++ b/wpa_supplicant/dbus/dbus_old_handlers.c
@@ -166,7 +166,7 @@
iface.bridge_ifname = bridge_ifname;
/* Otherwise, have wpa_supplicant attach to it. */
wpa_s = wpa_supplicant_add_iface(global, &iface, NULL);
- if (wpa_s) {
+ if (wpa_s && wpa_s->dbus_path) {
const char *path = wpa_s->dbus_path;
reply = dbus_message_new_method_return(message);
@@ -262,7 +262,7 @@
}
wpa_s = wpa_supplicant_get_iface(global, ifname);
- if (wpa_s == NULL) {
+ if (wpa_s == NULL || !wpa_s->dbus_path) {
reply = wpas_dbus_new_invalid_iface_error(message);
goto out;
}
@@ -354,6 +354,11 @@
DBusMessageIter sub_iter;
struct wpa_bss *bss;
+ if (!wpa_s->dbus_path)
+ return dbus_message_new_error(message,
+ WPAS_ERROR_INTERNAL_ERROR,
+ "no D-Bus interface available");
+
/* Create and initialize the return message */
reply = dbus_message_new_method_return(message);
dbus_message_iter_init_append(reply, &iter);
@@ -708,10 +713,11 @@
struct wpa_supplicant *wpa_s)
{
DBusMessage *reply = NULL;
- struct wpa_ssid *ssid;
+ struct wpa_ssid *ssid = NULL;
char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *path = path_buf;
- ssid = wpa_config_add_network(wpa_s->conf);
+ if (wpa_s->dbus_path)
+ ssid = wpa_config_add_network(wpa_s->conf);
if (ssid == NULL) {
reply = dbus_message_new_error(
message, WPAS_ERROR_ADD_NETWORK_ERROR,
@@ -769,7 +775,7 @@
}
/* Ensure the network is actually a child of this interface */
- if (os_strcmp(iface, wpa_s->dbus_path) != 0) {
+ if (!wpa_s->dbus_path || os_strcmp(iface, wpa_s->dbus_path) != 0) {
reply = wpas_dbus_new_invalid_network_error(message);
goto out;
}
@@ -1020,7 +1026,7 @@
goto out;
}
/* Ensure the object path really points to this interface */
- if (network == NULL ||
+ if (network == NULL || !wpa_s->dbus_path ||
os_strcmp(iface_obj_path, wpa_s->dbus_path) != 0) {
reply = wpas_dbus_new_invalid_network_error(message);
goto out;
diff --git a/wpa_supplicant/hs20_supplicant.c b/wpa_supplicant/hs20_supplicant.c
index 98af530..a1afc85 100644
--- a/wpa_supplicant/hs20_supplicant.c
+++ b/wpa_supplicant/hs20_supplicant.c
@@ -188,14 +188,16 @@
struct wpa_bss *bss;
int res;
- freq = wpa_s->assoc_freq;
bss = wpa_bss_get_bssid(wpa_s, dst);
- if (bss) {
- wpa_bss_anqp_unshare_alloc(bss);
- freq = bss->freq;
- }
- if (freq <= 0)
+ if (!bss) {
+ wpa_printf(MSG_WARNING,
+ "ANQP: Cannot send query to unknown BSS "
+ MACSTR, MAC2STR(dst));
return -1;
+ }
+
+ wpa_bss_anqp_unshare_alloc(bss);
+ freq = bss->freq;
wpa_printf(MSG_DEBUG, "HS20: ANQP Query Request to " MACSTR " for "
"subtypes 0x%x", MAC2STR(dst), stypes);
diff --git a/wpa_supplicant/ibss_rsn.c b/wpa_supplicant/ibss_rsn.c
index d0ae135..6299191 100644
--- a/wpa_supplicant/ibss_rsn.c
+++ b/wpa_supplicant/ibss_rsn.c
@@ -571,6 +571,9 @@
struct ibss_rsn_peer *peer;
int res;
+ if (!ibss_rsn)
+ return -1;
+
/* if the peer already exists, exit immediately */
peer = ibss_rsn_get_peer(ibss_rsn, addr);
if (peer)
diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index 35885ee..fd47c17 100644
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -2673,14 +2673,16 @@
struct wpa_bss *bss;
int res;
- freq = wpa_s->assoc_freq;
bss = wpa_bss_get_bssid(wpa_s, dst);
- if (bss) {
- wpa_bss_anqp_unshare_alloc(bss);
- freq = bss->freq;
- }
- if (freq <= 0)
+ if (!bss) {
+ wpa_printf(MSG_WARNING,
+ "ANQP: Cannot send query to unknown BSS "
+ MACSTR, MAC2STR(dst));
return -1;
+ }
+
+ wpa_bss_anqp_unshare_alloc(bss);
+ freq = bss->freq;
wpa_msg(wpa_s, MSG_DEBUG,
"ANQP: Query Request to " MACSTR " for %u id(s)",
diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
index ea7dbdb..184a95c 100644
--- a/wpa_supplicant/notify.c
+++ b/wpa_supplicant/notify.c
@@ -307,14 +307,12 @@
void wpas_notify_network_removed(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid)
{
- if (wpa_s->p2p_mgmt)
- return;
-
if (wpa_s->next_ssid == ssid)
wpa_s->next_ssid = NULL;
if (wpa_s->wpa)
wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
- if (!ssid->p2p_group && wpa_s->global->p2p_group_formation != wpa_s)
+ if (!ssid->p2p_group && wpa_s->global->p2p_group_formation != wpa_s &&
+ !wpa_s->p2p_mgmt)
wpas_dbus_unregister_network(wpa_s, ssid->id);
if (network_is_persistent_group(ssid))
wpas_notify_persistent_group_removed(wpa_s, ssid);
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index bf0a03f..bd5846b 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -1456,7 +1456,8 @@
char *argv[])
{
int res = wpa_ctrl_command(ctrl, "ADD_NETWORK");
- update_networks(ctrl);
+ if (interactive)
+ update_networks(ctrl);
return res;
}
@@ -1465,7 +1466,8 @@
char *argv[])
{
int res = wpa_cli_cmd(ctrl, "REMOVE_NETWORK", 1, argc, argv);
- update_networks(ctrl);
+ if (interactive)
+ update_networks(ctrl);
return res;
}
@@ -2653,6 +2655,13 @@
}
+static int wpa_cli_cmd_tdls_link_status(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_cli_cmd(ctrl, "TDLS_LINK_STATUS", 1, argc, argv);
+}
+
+
static int wpa_cli_cmd_wmm_ac_addts(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
@@ -3280,6 +3289,9 @@
{ "tdls_teardown", wpa_cli_cmd_tdls_teardown, NULL,
cli_cmd_flag_none,
"<addr> = tear down TDLS with <addr>" },
+ { "tdls_link_status", wpa_cli_cmd_tdls_link_status, NULL,
+ cli_cmd_flag_none,
+ "<addr> = TDLS link status with <addr>" },
{ "wmm_ac_addts", wpa_cli_cmd_wmm_ac_addts, NULL,
cli_cmd_flag_none,
"<uplink/downlink/bidi> <tsid=0..7> <up=0..7> [nominal_msdu_size=#] "
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 8ed8b72..364ba19 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -1118,13 +1118,13 @@
int eap_register_methods(void);
/**
- * Utility method to tell if a given network is a persistent group
+ * Utility method to tell if a given network is for persistent group storage
* @ssid: Network object
* Returns: 1 if network is a persistent group, 0 otherwise
*/
static inline int network_is_persistent_group(struct wpa_ssid *ssid)
{
- return ((ssid->disabled == 2) || ssid->p2p_persistent_group);
+ return ssid->disabled == 2 && ssid->p2p_persistent_group;
}
int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);