make a snapshot to upstream c8b94bc7b347
Resolves: #2007334 Signed-off-by: Davide Caratti <dcaratti@redhat.com>
This commit is contained in:
parent
cb006c440e
commit
58bcfe3913
1
.gitignore
vendored
1
.gitignore
vendored
@ -21,3 +21,4 @@ wpa_supplicant-0.6.8.tar.gz
|
||||
/wpa_supplicant-2.7.tar.gz
|
||||
/wpa_supplicant-2.8.tar.gz
|
||||
/wpa_supplicant-2.9.tar.gz
|
||||
/wpa_supplicant-2.9.20211112.gitc8b94bc7b347.tar.gz
|
||||
|
@ -1,73 +0,0 @@
|
||||
From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Thu, 29 Aug 2019 11:52:04 +0300
|
||||
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
|
||||
address
|
||||
|
||||
Do not process any received Management frames with unexpected/invalid SA
|
||||
so that we do not add any state for unexpected STA addresses or end up
|
||||
sending out frames to unexpected destination. This prevents unexpected
|
||||
sequences where an unprotected frame might end up causing the AP to send
|
||||
out a response to another device and that other device processing the
|
||||
unexpected response.
|
||||
|
||||
In particular, this prevents some potential denial of service cases
|
||||
where the unexpected response frame from the AP might result in a
|
||||
connected station dropping its association.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
---
|
||||
src/ap/drv_callbacks.c | 13 +++++++++++++
|
||||
src/ap/ieee802_11.c | 12 ++++++++++++
|
||||
2 files changed, 25 insertions(+)
|
||||
|
||||
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
|
||||
index 31587685fe3b..34ca379edc3d 100644
|
||||
--- a/src/ap/drv_callbacks.c
|
||||
+++ b/src/ap/drv_callbacks.c
|
||||
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
|
||||
"hostapd_notif_assoc: Skip event with no address");
|
||||
return -1;
|
||||
}
|
||||
+
|
||||
+ if (is_multicast_ether_addr(addr) ||
|
||||
+ is_zero_ether_addr(addr) ||
|
||||
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
|
||||
+ /* Do not process any frames with unexpected/invalid SA so that
|
||||
+ * we do not add any state for unexpected STA addresses or end
|
||||
+ * up sending out frames to unexpected destination. */
|
||||
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
|
||||
+ " in received indication - ignore this indication silently",
|
||||
+ __func__, MAC2STR(addr));
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
random_add_randomness(addr, ETH_ALEN);
|
||||
|
||||
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
|
||||
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
|
||||
index c85a28db44b7..e7065372e158 100644
|
||||
--- a/src/ap/ieee802_11.c
|
||||
+++ b/src/ap/ieee802_11.c
|
||||
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
|
||||
fc = le_to_host16(mgmt->frame_control);
|
||||
stype = WLAN_FC_GET_STYPE(fc);
|
||||
|
||||
+ if (is_multicast_ether_addr(mgmt->sa) ||
|
||||
+ is_zero_ether_addr(mgmt->sa) ||
|
||||
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
|
||||
+ /* Do not process any frames with unexpected/invalid SA so that
|
||||
+ * we do not add any state for unexpected STA addresses or end
|
||||
+ * up sending out frames to unexpected destination. */
|
||||
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
|
||||
+ " in received frame - ignore this frame silently",
|
||||
+ MAC2STR(mgmt->sa));
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (stype == WLAN_FC_STYPE_BEACON) {
|
||||
handle_beacon(hapd, mgmt, len, fi);
|
||||
return 1;
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,200 +0,0 @@
|
||||
From 1c58317f56e312576b6872440f125f794e45f991 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <1c58317f56e312576b6872440f125f794e45f991.1602774933.git.davide.caratti@gmail.com>
|
||||
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||
Date: Wed, 30 Sep 2020 18:34:36 +0200
|
||||
Subject: [PATCH] D-Bus: Allow changing an interface bridge via D-Bus
|
||||
|
||||
D-Bus clients can call CreateInterface() once and use the resulting
|
||||
Interface object to connect multiple times to different networks.
|
||||
|
||||
However, if the network interface gets added to a bridge, clients
|
||||
currently have to remove the Interface object and create a new one.
|
||||
|
||||
Improve this by supporting the change of the BridgeIfname property of
|
||||
an existing Interface object.
|
||||
|
||||
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
|
||||
---
|
||||
src/rsn_supp/tdls.c | 5 +++
|
||||
wpa_supplicant/dbus/dbus_new.c | 2 +-
|
||||
wpa_supplicant/dbus/dbus_new_handlers.c | 37 ++++++++++++++++
|
||||
wpa_supplicant/dbus/dbus_new_handlers.h | 1 +
|
||||
wpa_supplicant/wpa_supplicant.c | 59 +++++++++++++++++++++++++
|
||||
wpa_supplicant/wpa_supplicant_i.h | 2 +
|
||||
6 files changed, 105 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
|
||||
index 7b47e3ac5..eff8cd829 100644
|
||||
--- a/src/rsn_supp/tdls.c
|
||||
+++ b/src/rsn_supp/tdls.c
|
||||
@@ -2807,6 +2807,11 @@ int wpa_tdls_init(struct wpa_sm *sm)
|
||||
if (sm == NULL)
|
||||
return -1;
|
||||
|
||||
+ if (sm->l2_tdls) {
|
||||
+ l2_packet_deinit(sm->l2_tdls);
|
||||
+ sm->l2_tdls = NULL;
|
||||
+ }
|
||||
+
|
||||
sm->l2_tdls = l2_packet_init(sm->bridge_ifname ? sm->bridge_ifname :
|
||||
sm->ifname,
|
||||
sm->own_addr,
|
||||
diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
|
||||
index 793a881ef..ab7628f87 100644
|
||||
--- a/wpa_supplicant/dbus/dbus_new.c
|
||||
+++ b/wpa_supplicant/dbus/dbus_new.c
|
||||
@@ -3613,7 +3613,7 @@ static const struct wpa_dbus_property_desc wpas_dbus_interface_properties[] = {
|
||||
},
|
||||
{ "BridgeIfname", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
|
||||
wpas_dbus_getter_bridge_ifname,
|
||||
- NULL,
|
||||
+ wpas_dbus_setter_bridge_ifname,
|
||||
NULL
|
||||
},
|
||||
{ "ConfigFile", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
|
||||
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
index 34abab752..2cfc87fa8 100644
|
||||
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
@@ -3635,6 +3635,43 @@ dbus_bool_t wpas_dbus_getter_bridge_ifname(
|
||||
}
|
||||
|
||||
|
||||
+dbus_bool_t wpas_dbus_setter_bridge_ifname(
|
||||
+ const struct wpa_dbus_property_desc *property_desc,
|
||||
+ DBusMessageIter *iter, DBusError *error, void *user_data)
|
||||
+{
|
||||
+ struct wpa_supplicant *wpa_s = user_data;
|
||||
+ const char *bridge_ifname = NULL;
|
||||
+ const char *msg;
|
||||
+ int r;
|
||||
+
|
||||
+ if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
|
||||
+ &bridge_ifname))
|
||||
+ return FALSE;
|
||||
+
|
||||
+ r = wpa_supplicant_update_bridge_ifname(wpa_s, bridge_ifname);
|
||||
+ if (r != 0) {
|
||||
+ switch (r) {
|
||||
+ case -EINVAL:
|
||||
+ msg = "invalid interface name";
|
||||
+ break;
|
||||
+ case -EBUSY:
|
||||
+ msg = "interface is busy";
|
||||
+ break;
|
||||
+ case -EIO:
|
||||
+ msg = "socket error";
|
||||
+ break;
|
||||
+ default:
|
||||
+ msg = "unknown error";
|
||||
+ break;
|
||||
+ }
|
||||
+ dbus_set_error_const(error, DBUS_ERROR_FAILED, msg);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
+ return TRUE;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/**
|
||||
* wpas_dbus_getter_config_file - Get interface configuration file path
|
||||
* @iter: Pointer to incoming dbus message iter
|
||||
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.h b/wpa_supplicant/dbus/dbus_new_handlers.h
|
||||
index afa26efed..d528c0816 100644
|
||||
--- a/wpa_supplicant/dbus/dbus_new_handlers.h
|
||||
+++ b/wpa_supplicant/dbus/dbus_new_handlers.h
|
||||
@@ -167,6 +167,7 @@ DECLARE_ACCESSOR(wpas_dbus_setter_scan_interval);
|
||||
DECLARE_ACCESSOR(wpas_dbus_getter_ifname);
|
||||
DECLARE_ACCESSOR(wpas_dbus_getter_driver);
|
||||
DECLARE_ACCESSOR(wpas_dbus_getter_bridge_ifname);
|
||||
+DECLARE_ACCESSOR(wpas_dbus_setter_bridge_ifname);
|
||||
DECLARE_ACCESSOR(wpas_dbus_getter_config_file);
|
||||
DECLARE_ACCESSOR(wpas_dbus_getter_current_bss);
|
||||
DECLARE_ACCESSOR(wpas_dbus_getter_current_network);
|
||||
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
|
||||
index 39e92fb68..a7e9e459e 100644
|
||||
--- a/wpa_supplicant/wpa_supplicant.c
|
||||
+++ b/wpa_supplicant/wpa_supplicant.c
|
||||
@@ -4906,6 +4906,65 @@ static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
|
||||
}
|
||||
|
||||
|
||||
+int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
|
||||
+ const char *bridge_ifname)
|
||||
+{
|
||||
+ if (wpa_s->wpa_state > WPA_SCANNING)
|
||||
+ return -EBUSY;
|
||||
+
|
||||
+ if (bridge_ifname &&
|
||||
+ os_strlen(bridge_ifname) >= sizeof(wpa_s->bridge_ifname))
|
||||
+ return -EINVAL;
|
||||
+
|
||||
+ if (!bridge_ifname)
|
||||
+ bridge_ifname = "";
|
||||
+
|
||||
+ if (os_strcmp(wpa_s->bridge_ifname, bridge_ifname) == 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (wpa_s->l2_br) {
|
||||
+ l2_packet_deinit(wpa_s->l2_br);
|
||||
+ wpa_s->l2_br = NULL;
|
||||
+ }
|
||||
+
|
||||
+ os_strlcpy(wpa_s->bridge_ifname, bridge_ifname,
|
||||
+ sizeof(wpa_s->bridge_ifname));
|
||||
+
|
||||
+ if (wpa_s->bridge_ifname[0]) {
|
||||
+ wpa_dbg(wpa_s, MSG_DEBUG,
|
||||
+ "Receiving packets from bridge interface '%s'",
|
||||
+ wpa_s->bridge_ifname);
|
||||
+ wpa_s->l2_br = l2_packet_init_bridge(
|
||||
+ wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
|
||||
+ ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
|
||||
+ if (!wpa_s->l2_br) {
|
||||
+ wpa_msg(wpa_s, MSG_ERROR,
|
||||
+ "Failed to open l2_packet connection for the bridge interface '%s'",
|
||||
+ wpa_s->bridge_ifname);
|
||||
+ goto fail;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+#ifdef CONFIG_TDLS
|
||||
+ if (!wpa_s->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
|
||||
+ goto fail;
|
||||
+#endif /* CONFIG_TDLS */
|
||||
+
|
||||
+ return 0;
|
||||
+fail:
|
||||
+ wpa_s->bridge_ifname[0] = 0;
|
||||
+ if (wpa_s->l2_br) {
|
||||
+ l2_packet_deinit(wpa_s->l2_br);
|
||||
+ wpa_s->l2_br = NULL;
|
||||
+ }
|
||||
+#ifdef CONFIG_TDLS
|
||||
+ if (!wpa_s->p2p_mgmt)
|
||||
+ wpa_tdls_init(wpa_s->wpa);
|
||||
+#endif /* CONFIG_TDLS */
|
||||
+ return -EIO;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/**
|
||||
* wpa_supplicant_driver_init - Initialize driver interface parameters
|
||||
* @wpa_s: Pointer to wpa_supplicant data
|
||||
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
|
||||
index 31a9b7427..eac3491cc 100644
|
||||
--- a/wpa_supplicant/wpa_supplicant_i.h
|
||||
+++ b/wpa_supplicant/wpa_supplicant_i.h
|
||||
@@ -1351,6 +1351,8 @@ int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s);
|
||||
const char * wpa_supplicant_state_txt(enum wpa_states state);
|
||||
int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s);
|
||||
int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s);
|
||||
+int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
|
||||
+ const char *bridge_ifname);
|
||||
int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
|
||||
struct wpa_bss *bss, struct wpa_ssid *ssid,
|
||||
u8 *wpa_ie, size_t *wpa_ie_len);
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,209 +0,0 @@
|
||||
From b2ad4e6b24ed0271ca76cb27856def0a701fb778 Mon Sep 17 00:00:00 2001
|
||||
From: Davide Caratti <davide.caratti@gmail.com>
|
||||
Date: Wed, 2 Oct 2019 14:08:41 +0200
|
||||
Subject: [PATCH] D-Bus: Fix P2P NULL dereference after interface removal
|
||||
|
||||
When the P2P management interface is deleted, P2P is then disabled and
|
||||
global->p2p_init_wpa_s is set to NULL. After that, other interfaces can
|
||||
still trigger P2P functions (like wpas_p2p_find()) using D-Bus. This
|
||||
makes wpa_supplicant terminate with SIGSEGV, because it dereferences a
|
||||
NULL pointer. Fix this by adding proper checks, like it's done with
|
||||
wpa_cli.
|
||||
|
||||
CC: Beniamino Galvani <bgalvani@redhat.com>
|
||||
CC: Benjamin Berg <benjamin@sipsolutions.net>
|
||||
Reported-by: Vladimir Benes <vbenes@redhat.com>
|
||||
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
|
||||
---
|
||||
wpa_supplicant/dbus/dbus_new_handlers_p2p.c | 69 ++++++++++++++++++++-
|
||||
1 file changed, 67 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
|
||||
index 8cdd88564..19715eb4c 100644
|
||||
--- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
|
||||
+++ b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
|
||||
@@ -40,6 +40,14 @@ static int wpas_dbus_validate_dbus_ipaddr(struct wpa_dbus_dict_entry entry)
|
||||
}
|
||||
|
||||
|
||||
+static dbus_bool_t no_p2p_mgmt_interface(DBusError *error)
|
||||
+{
|
||||
+ dbus_set_error_const(error, WPAS_DBUS_ERROR_IFACE_UNKNOWN,
|
||||
+ "Could not find P2P mgmt interface");
|
||||
+ return FALSE;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/**
|
||||
* Parses out the mac address from the peer object path.
|
||||
* @peer_path - object path of the form
|
||||
@@ -78,6 +86,22 @@ wpas_dbus_error_persistent_group_unknown(DBusMessage *message)
|
||||
}
|
||||
|
||||
|
||||
+/**
|
||||
+ * wpas_dbus_error_no_p2p_mgmt_iface - Return a new InterfaceUnknown error
|
||||
+ * message
|
||||
+ * @message: Pointer to incoming dbus message this error refers to
|
||||
+ * Returns: a dbus error message
|
||||
+ *
|
||||
+ * Convenience function to create and return an unknown interface error.
|
||||
+ */
|
||||
+static DBusMessage * wpas_dbus_error_no_p2p_mgmt_iface(DBusMessage *message)
|
||||
+{
|
||||
+ wpa_printf(MSG_DEBUG, "dbus: Could not find P2P mgmt interface");
|
||||
+ return dbus_message_new_error(message, WPAS_DBUS_ERROR_IFACE_UNKNOWN,
|
||||
+ "Could not find P2P mgmt interface");
|
||||
+}
|
||||
+
|
||||
+
|
||||
DBusMessage * wpas_dbus_handler_p2p_find(DBusMessage *message,
|
||||
struct wpa_supplicant *wpa_s)
|
||||
{
|
||||
@@ -145,6 +169,10 @@ DBusMessage * wpas_dbus_handler_p2p_find(DBusMessage *message,
|
||||
}
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s) {
|
||||
+ reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
+ goto error_nop2p;
|
||||
+ }
|
||||
|
||||
if (wpas_p2p_find(wpa_s, timeout, type, num_req_dev_types,
|
||||
req_dev_types, NULL, 0, 0, NULL, freq))
|
||||
@@ -157,8 +185,9 @@ DBusMessage * wpas_dbus_handler_p2p_find(DBusMessage *message,
|
||||
error_clear:
|
||||
wpa_dbus_dict_entry_clear(&entry);
|
||||
error:
|
||||
- os_free(req_dev_types);
|
||||
reply = wpas_dbus_error_invalid_args(message, entry.key);
|
||||
+error_nop2p:
|
||||
+ os_free(req_dev_types);
|
||||
return reply;
|
||||
}
|
||||
|
||||
@@ -166,7 +195,9 @@ error:
|
||||
DBusMessage * wpas_dbus_handler_p2p_stop_find(DBusMessage *message,
|
||||
struct wpa_supplicant *wpa_s)
|
||||
{
|
||||
- wpas_p2p_stop_find(wpa_s->global->p2p_init_wpa_s);
|
||||
+ wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (wpa_s)
|
||||
+ wpas_p2p_stop_find(wpa_s);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -185,6 +216,8 @@ DBusMessage * wpas_dbus_handler_p2p_rejectpeer(DBusMessage *message,
|
||||
return wpas_dbus_error_invalid_args(message, NULL);
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
|
||||
if (wpas_p2p_reject(wpa_s, peer_addr) < 0)
|
||||
return wpas_dbus_error_unknown_error(message,
|
||||
@@ -204,6 +237,8 @@ DBusMessage * wpas_dbus_handler_p2p_listen(DBusMessage *message,
|
||||
return wpas_dbus_error_no_memory(message);
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
|
||||
if (wpas_p2p_listen(wpa_s, (unsigned int) timeout)) {
|
||||
return dbus_message_new_error(message,
|
||||
@@ -245,6 +280,8 @@ DBusMessage * wpas_dbus_handler_p2p_extendedlisten(
|
||||
}
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
|
||||
if (wpas_p2p_ext_listen(wpa_s, period, interval))
|
||||
return wpas_dbus_error_unknown_error(
|
||||
@@ -350,6 +387,10 @@ DBusMessage * wpas_dbus_handler_p2p_group_add(DBusMessage *message,
|
||||
}
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s) {
|
||||
+ reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
if (pg_object_path != NULL) {
|
||||
char *net_id_str;
|
||||
@@ -433,6 +474,12 @@ static dbus_bool_t wpa_dbus_p2p_check_enabled(struct wpa_supplicant *wpa_s,
|
||||
"P2P is not available for this interface");
|
||||
return FALSE;
|
||||
}
|
||||
+ if (!wpa_s->global->p2p_init_wpa_s) {
|
||||
+ if (out_reply)
|
||||
+ *out_reply = wpas_dbus_error_no_p2p_mgmt_iface(
|
||||
+ message);
|
||||
+ return no_p2p_mgmt_interface(error);
|
||||
+ }
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@@ -822,6 +869,8 @@ DBusMessage * wpas_dbus_handler_p2p_prov_disc_req(DBusMessage *message,
|
||||
return wpas_dbus_error_invalid_args(message, NULL);
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
|
||||
if (wpas_p2p_prov_disc(wpa_s, peer_addr, config_method,
|
||||
WPAS_P2P_PD_FOR_GO_NEG, NULL) < 0)
|
||||
@@ -1882,6 +1931,8 @@ dbus_bool_t wpas_dbus_getter_p2p_peer_groups(
|
||||
|
||||
wpa_s = peer_args->wpa_s;
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return no_p2p_mgmt_interface(error);
|
||||
|
||||
wpa_s_go = wpas_get_p2p_client_iface(wpa_s, info->p2p_device_addr);
|
||||
if (wpa_s_go) {
|
||||
@@ -1963,6 +2014,9 @@ dbus_bool_t wpas_dbus_getter_persistent_groups(
|
||||
dbus_bool_t success = FALSE;
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return no_p2p_mgmt_interface(error);
|
||||
+
|
||||
if (!wpa_s->parent->dbus_new_path)
|
||||
return FALSE;
|
||||
|
||||
@@ -2077,6 +2131,11 @@ DBusMessage * wpas_dbus_handler_add_persistent_group(
|
||||
dbus_message_iter_init(message, &iter);
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s) {
|
||||
+ reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
if (wpa_s->parent->dbus_new_path)
|
||||
ssid = wpa_config_add_network(wpa_s->conf);
|
||||
if (ssid == NULL) {
|
||||
@@ -2159,6 +2218,10 @@ DBusMessage * wpas_dbus_handler_remove_persistent_group(
|
||||
DBUS_TYPE_INVALID);
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s) {
|
||||
+ reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Extract the network ID and ensure the network is actually a child of
|
||||
@@ -2235,6 +2298,8 @@ DBusMessage * wpas_dbus_handler_remove_all_persistent_groups(
|
||||
struct wpa_config *config;
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
|
||||
config = wpa_s->conf;
|
||||
ssid = config->ssid;
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,110 +0,0 @@
|
||||
From 872609c15110d32ee2d306aeeeffdd4e42ef6fc6 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <872609c15110d32ee2d306aeeeffdd4e42ef6fc6.1627507211.git.davide.caratti@gmail.com>
|
||||
From: Alexander Clouter <alex@digriz.org.uk>
|
||||
Date: Fri, 16 Oct 2020 09:49:36 +0100
|
||||
Subject: [PATCH] EAP-TTLS/PEAP peer: Fix failure when using session tickets
|
||||
under TLS 1.3
|
||||
|
||||
EAP peer does not expect data present when beginning the Phase 2 in
|
||||
EAP-{TTLS,PEAP} but in TLS 1.3 session tickets are sent after the
|
||||
handshake completes.
|
||||
|
||||
There are several strategies that can be used to handle this, but this
|
||||
patch picks up from the discussion[1] and implements the proposed use of
|
||||
SSL_MODE_AUTO_RETRY. SSL_MODE_AUTO_RETRY has already been enabled by
|
||||
default in OpenSSL 1.1.1, but it needs to be enabled for older versions.
|
||||
|
||||
The main OpenSSL wrapper change in tls_connection_decrypt() takes care
|
||||
of the new possible case with SSL_MODE_AUTO_RETRY for
|
||||
SSL_ERROR_WANT_READ to indicate that a non-application_data was
|
||||
processed. That is not really an error case with TLS 1.3, so allow it to
|
||||
complete and return an empty decrypted application data buffer.
|
||||
EAP-PEAP/TTLS processing can then use this to move ahead with starting
|
||||
Phase 2.
|
||||
|
||||
[1] https://www.spinics.net/lists/hostap/msg05376.html
|
||||
|
||||
Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
|
||||
---
|
||||
src/crypto/tls_openssl.c | 18 ++++++++++++++----
|
||||
src/eap_peer/eap_peap.c | 4 ++++
|
||||
src/eap_peer/eap_ttls.c | 5 +++++
|
||||
3 files changed, 23 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
|
||||
index ef872c50e..345a35ee1 100644
|
||||
--- a/src/crypto/tls_openssl.c
|
||||
+++ b/src/crypto/tls_openssl.c
|
||||
@@ -1045,6 +1045,8 @@ void * tls_init(const struct tls_config *conf)
|
||||
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
|
||||
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
|
||||
|
||||
+ SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
|
||||
+
|
||||
#ifdef SSL_MODE_NO_AUTO_CHAIN
|
||||
/* Number of deployed use cases assume the default OpenSSL behavior of
|
||||
* auto chaining the local certificate is in use. BoringSSL removed this
|
||||
@@ -4543,10 +4545,18 @@ struct wpabuf * tls_connection_decrypt(void *tls_ctx,
|
||||
return NULL;
|
||||
res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
|
||||
if (res < 0) {
|
||||
- tls_show_errors(MSG_INFO, __func__,
|
||||
- "Decryption failed - SSL_read");
|
||||
- wpabuf_free(buf);
|
||||
- return NULL;
|
||||
+ int err = SSL_get_error(conn->ssl, res);
|
||||
+
|
||||
+ if (err == SSL_ERROR_WANT_READ) {
|
||||
+ wpa_printf(MSG_DEBUG,
|
||||
+ "SSL: SSL_connect - want more data");
|
||||
+ res = 0;
|
||||
+ } else {
|
||||
+ tls_show_errors(MSG_INFO, __func__,
|
||||
+ "Decryption failed - SSL_read");
|
||||
+ wpabuf_free(buf);
|
||||
+ return NULL;
|
||||
+ }
|
||||
}
|
||||
wpabuf_put(buf, res);
|
||||
|
||||
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
|
||||
index 7c3704369..a13428d37 100644
|
||||
--- a/src/eap_peer/eap_peap.c
|
||||
+++ b/src/eap_peer/eap_peap.c
|
||||
@@ -803,6 +803,10 @@ static int eap_peap_decrypt(struct eap_sm *sm, struct eap_peap_data *data,
|
||||
res = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
|
||||
if (res)
|
||||
return res;
|
||||
+ if (wpabuf_len(in_decrypted) == 0) {
|
||||
+ wpabuf_free(in_decrypted);
|
||||
+ return 1;
|
||||
+ }
|
||||
|
||||
continue_req:
|
||||
wpa_hexdump_buf(MSG_DEBUG, "EAP-PEAP: Decrypted Phase 2 EAP",
|
||||
diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
|
||||
index 642d179c6..3bf1e97e6 100644
|
||||
--- a/src/eap_peer/eap_ttls.c
|
||||
+++ b/src/eap_peer/eap_ttls.c
|
||||
@@ -1441,6 +1441,7 @@ static int eap_ttls_decrypt(struct eap_sm *sm, struct eap_ttls_data *data,
|
||||
|
||||
if ((in_data == NULL || wpabuf_len(in_data) == 0) &&
|
||||
data->phase2_start) {
|
||||
+start:
|
||||
return eap_ttls_phase2_start(sm, data, ret, identifier,
|
||||
out_data);
|
||||
}
|
||||
@@ -1455,6 +1456,10 @@ static int eap_ttls_decrypt(struct eap_sm *sm, struct eap_ttls_data *data,
|
||||
retval = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
|
||||
if (retval)
|
||||
goto done;
|
||||
+ if (wpabuf_len(in_decrypted) == 0) {
|
||||
+ wpabuf_free(in_decrypted);
|
||||
+ goto start;
|
||||
+ }
|
||||
|
||||
continue_req:
|
||||
data->phase2_start = 0;
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,66 +0,0 @@
|
||||
From 9afb68b03976d019bb450e5e33b0d8e48867691c Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <9afb68b03976d019bb450e5e33b0d8e48867691c.1626202922.git.davide.caratti@gmail.com>
|
||||
From: Jouni Malinen <jouni@codeaurora.org>
|
||||
Date: Tue, 8 Sep 2020 17:55:36 +0300
|
||||
Subject: [PATCH] OpenSSL: Allow systemwide secpolicy overrides for TLS version
|
||||
|
||||
Explicit configuration to enable TLS v1.0 and/or v1.1 did not work with
|
||||
systemwide OpenSSL secpolicy=2 cases (e.g., Ubuntu 20.04). Allow such
|
||||
systemwide configuration to be overridden if the older TLS versions have
|
||||
been explicitly enabled in the network profile. The default behavior
|
||||
follows the systemwide policy, but this allows compatibility with old
|
||||
authentication servers without having to touch the systemwide policy.
|
||||
|
||||
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
||||
---
|
||||
src/crypto/tls_openssl.c | 26 +++++++++++++++++---------
|
||||
1 file changed, 17 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
|
||||
index e73dd7f5b..f7dfecbbf 100644
|
||||
--- a/src/crypto/tls_openssl.c
|
||||
+++ b/src/crypto/tls_openssl.c
|
||||
@@ -2995,16 +2995,12 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
|
||||
|
||||
/* Explicit request to enable TLS versions even if needing to
|
||||
* override systemwide policies. */
|
||||
- if (flags & TLS_CONN_ENABLE_TLSv1_0) {
|
||||
+ if (flags & TLS_CONN_ENABLE_TLSv1_0)
|
||||
version = TLS1_VERSION;
|
||||
- } else if (flags & TLS_CONN_ENABLE_TLSv1_1) {
|
||||
- if (!(flags & TLS_CONN_DISABLE_TLSv1_0))
|
||||
- version = TLS1_1_VERSION;
|
||||
- } else if (flags & TLS_CONN_ENABLE_TLSv1_2) {
|
||||
- if (!(flags & (TLS_CONN_DISABLE_TLSv1_0 |
|
||||
- TLS_CONN_DISABLE_TLSv1_1)))
|
||||
- version = TLS1_2_VERSION;
|
||||
- }
|
||||
+ else if (flags & TLS_CONN_ENABLE_TLSv1_1)
|
||||
+ version = TLS1_1_VERSION;
|
||||
+ else if (flags & TLS_CONN_ENABLE_TLSv1_2)
|
||||
+ version = TLS1_2_VERSION;
|
||||
if (!version) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"OpenSSL: Invalid TLS version configuration");
|
||||
@@ -3018,6 +3014,18 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
|
||||
}
|
||||
}
|
||||
#endif /* >= 1.1.0 */
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
|
||||
+ !defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+ !defined(OPENSSL_IS_BORINGSSL)
|
||||
+ if ((flags & (TLS_CONN_ENABLE_TLSv1_0 | TLS_CONN_ENABLE_TLSv1_1)) &&
|
||||
+ SSL_get_security_level(ssl) >= 2) {
|
||||
+ /*
|
||||
+ * Need to drop to security level 1 to allow TLS versions older
|
||||
+ * than 1.2 to be used when explicitly enabled in configuration.
|
||||
+ */
|
||||
+ SSL_set_security_level(conn->ssl, 1);
|
||||
+ }
|
||||
+#endif
|
||||
|
||||
#ifdef CONFIG_SUITEB
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,111 +0,0 @@
|
||||
From 9ad3c12dd1bf56824ef8b3425e057e8d1e84e69d Mon Sep 17 00:00:00 2001
|
||||
From: Benjamin Berg <bberg@redhat.com>
|
||||
Date: Fri, 3 Jan 2020 22:18:51 +0100
|
||||
Subject: [PATCH] P2P: Always use global p2p_long_listen
|
||||
|
||||
The p2p_long_listen value was set on the control wpa_s struct while in a
|
||||
lot of cases it operated on the p2p struct. Explicitly use the global
|
||||
p2p_init_wpa_s struct in cases where we might not be operating on it
|
||||
already.
|
||||
|
||||
Without this, simply starting a p2p_listen operation (e.g., using
|
||||
wpa_cli) will not work properly. As the p2p_long_listen is set on the
|
||||
controlling interface and wpas_p2p_cancel_remain_on_channel_cb() uses
|
||||
p2p_init_wpa_s, it would not actually work. This results in
|
||||
wpa_supplicant stopping listening after the maximum remain-on-channel
|
||||
time passes when using a separate P2P Device interface.
|
||||
|
||||
Signed-off-by: Benjamin Berg <bberg@redhat.com>
|
||||
---
|
||||
wpa_supplicant/p2p_supplicant.c | 19 ++++++++++---------
|
||||
1 file changed, 10 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
|
||||
index 95bacec19..a7d3b7f1d 100644
|
||||
--- a/wpa_supplicant/p2p_supplicant.c
|
||||
+++ b/wpa_supplicant/p2p_supplicant.c
|
||||
@@ -2422,7 +2422,7 @@ static void wpas_go_neg_completed(void *ctx, struct p2p_go_neg_results *res)
|
||||
wpas_start_wps_enrollee(group_wpa_s, res);
|
||||
}
|
||||
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
|
||||
|
||||
eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL);
|
||||
@@ -4750,7 +4750,8 @@ void wpas_p2p_deinit(struct wpa_supplicant *wpa_s)
|
||||
eloop_cancel_timeout(wpas_p2p_psk_failure_removal, wpa_s, NULL);
|
||||
eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL);
|
||||
eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ if (wpa_s->global->p2p_init_wpa_s)
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
|
||||
eloop_cancel_timeout(wpas_p2p_group_idle_timeout, wpa_s, NULL);
|
||||
wpas_p2p_remove_pending_group_interface(wpa_s);
|
||||
@@ -5635,7 +5636,7 @@ int wpas_p2p_connect(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
|
||||
go_intent = wpa_s->conf->p2p_go_intent;
|
||||
|
||||
if (!auth)
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
|
||||
wpa_s->p2p_wps_method = wps_method;
|
||||
wpa_s->p2p_persistent_group = !!persistent_group;
|
||||
@@ -6952,7 +6953,7 @@ int wpas_p2p_find(struct wpa_supplicant *wpa_s, unsigned int timeout,
|
||||
u8 seek_cnt, const char **seek_string, int freq)
|
||||
{
|
||||
wpas_p2p_clear_pending_action_tx(wpa_s);
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
|
||||
if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL ||
|
||||
wpa_s->p2p_in_provisioning) {
|
||||
@@ -6997,7 +6998,7 @@ static void wpas_p2p_scan_res_ignore_search(struct wpa_supplicant *wpa_s,
|
||||
static void wpas_p2p_stop_find_oper(struct wpa_supplicant *wpa_s)
|
||||
{
|
||||
wpas_p2p_clear_pending_action_tx(wpa_s);
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
|
||||
eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
|
||||
|
||||
@@ -7023,7 +7024,7 @@ void wpas_p2p_stop_find(struct wpa_supplicant *wpa_s)
|
||||
static void wpas_p2p_long_listen_timeout(void *eloop_ctx, void *timeout_ctx)
|
||||
{
|
||||
struct wpa_supplicant *wpa_s = eloop_ctx;
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
}
|
||||
|
||||
|
||||
@@ -7052,7 +7053,7 @@ int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout)
|
||||
timeout = 3600;
|
||||
}
|
||||
eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
|
||||
/*
|
||||
* Stop previous find/listen operation to avoid trying to request a new
|
||||
@@ -7064,7 +7065,7 @@ int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout)
|
||||
|
||||
res = wpas_p2p_listen_start(wpa_s, timeout * 1000);
|
||||
if (res == 0 && timeout * 1000 > wpa_s->max_remain_on_chan) {
|
||||
- wpa_s->p2p_long_listen = timeout * 1000;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = timeout * 1000;
|
||||
eloop_register_timeout(timeout, 0,
|
||||
wpas_p2p_long_listen_timeout,
|
||||
wpa_s, NULL);
|
||||
@@ -7171,7 +7172,7 @@ static void wpas_p2p_group_deinit(struct wpa_supplicant *wpa_s)
|
||||
|
||||
int wpas_p2p_reject(struct wpa_supplicant *wpa_s, const u8 *addr)
|
||||
{
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
|
||||
if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
|
||||
return -1;
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,50 +0,0 @@
|
||||
From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <jouni@codeaurora.org>
|
||||
Date: Tue, 8 Dec 2020 23:52:50 +0200
|
||||
Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request
|
||||
|
||||
p2p_add_device() may remove the oldest entry if there is no room in the
|
||||
peer table for a new peer. This would result in any pointer to that
|
||||
removed entry becoming stale. A corner case with an invalid PD Request
|
||||
frame could result in such a case ending up using (read+write) freed
|
||||
memory. This could only by triggered when the peer table has reached its
|
||||
maximum size and the PD Request frame is received from the P2P Device
|
||||
Address of the oldest remaining entry and the frame has incorrect P2P
|
||||
Device Address in the payload.
|
||||
|
||||
Fix this by fetching the dev pointer again after having called
|
||||
p2p_add_device() so that the stale pointer cannot be used.
|
||||
|
||||
Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
|
||||
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
||||
---
|
||||
src/p2p/p2p_pd.c | 12 +++++-------
|
||||
1 file changed, 5 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
|
||||
index 3994ec03f86b..05fd593494ef 100644
|
||||
--- a/src/p2p/p2p_pd.c
|
||||
+++ b/src/p2p/p2p_pd.c
|
||||
@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa,
|
||||
goto out;
|
||||
}
|
||||
|
||||
+ dev = p2p_get_device(p2p, sa);
|
||||
if (!dev) {
|
||||
- dev = p2p_get_device(p2p, sa);
|
||||
- if (!dev) {
|
||||
- p2p_dbg(p2p,
|
||||
- "Provision Discovery device not found "
|
||||
- MACSTR, MAC2STR(sa));
|
||||
- goto out;
|
||||
- }
|
||||
+ p2p_dbg(p2p,
|
||||
+ "Provision Discovery device not found "
|
||||
+ MACSTR, MAC2STR(sa));
|
||||
+ goto out;
|
||||
}
|
||||
} else if (msg.wfd_subelems) {
|
||||
wpabuf_free(dev->info.wfd_subelems);
|
||||
--
|
||||
2.25.1
|
||||
|
@ -1,39 +0,0 @@
|
||||
From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <947272febe24a8f0ea828b5b2f35f13c3821901e.1612435525.git.davide.caratti@gmail.com>
|
||||
From: Jouni Malinen <jouni@codeaurora.org>
|
||||
Date: Mon, 9 Nov 2020 11:43:12 +0200
|
||||
Subject: [PATCH] P2P: Fix copying of secondary device types for P2P group
|
||||
client
|
||||
|
||||
Parsing and copying of WPS secondary device types list was verifying
|
||||
that the contents is not too long for the internal maximum in the case
|
||||
of WPS messages, but similar validation was missing from the case of P2P
|
||||
group information which encodes this information in a different
|
||||
attribute. This could result in writing beyond the memory area assigned
|
||||
for these entries and corrupting memory within an instance of struct
|
||||
p2p_device. This could result in invalid operations and unexpected
|
||||
behavior when trying to free pointers from that corrupted memory.
|
||||
|
||||
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269
|
||||
Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers")
|
||||
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
||||
---
|
||||
src/p2p/p2p.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
|
||||
index 74b7b52ae..5cbfc217f 100644
|
||||
--- a/src/p2p/p2p.c
|
||||
+++ b/src/p2p/p2p.c
|
||||
@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev,
|
||||
dev->info.config_methods = cli->config_methods;
|
||||
os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8);
|
||||
dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types;
|
||||
+ if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN)
|
||||
+ dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN;
|
||||
os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types,
|
||||
dev->info.wps_sec_dev_type_list_len);
|
||||
}
|
||||
--
|
||||
2.29.2
|
||||
|
@ -1,343 +0,0 @@
|
||||
From c7e62303fb92f4608599a77ade315b9b5c9e161d Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <c7e62303fb92f4608599a77ade315b9b5c9e161d.1553704253.git.dcaratti@redhat.com>
|
||||
From: Davide Caratti <dcaratti@redhat.com>
|
||||
Date: Tue, 29 Jan 2019 19:01:59 +0100
|
||||
Subject: [PATCH] add sanity tests for standalone wpa_supplicant
|
||||
|
||||
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
|
||||
---
|
||||
tests/tests.yml | 13 ++
|
||||
tests/wpa_supplicant_standalone/Makefile | 63 ++++++
|
||||
tests/wpa_supplicant_standalone/PURPOSE | 3 +
|
||||
tests/wpa_supplicant_standalone/runtest.sh | 219 +++++++++++++++++++++
|
||||
4 files changed, 298 insertions(+)
|
||||
create mode 100644 tests/tests.yml
|
||||
create mode 100644 tests/wpa_supplicant_standalone/Makefile
|
||||
create mode 100644 tests/wpa_supplicant_standalone/PURPOSE
|
||||
create mode 100755 tests/wpa_supplicant_standalone/runtest.sh
|
||||
|
||||
diff --git a/tests/tests.yml b/tests/tests.yml
|
||||
new file mode 100644
|
||||
index 0000000..bab9514
|
||||
--- /dev/null
|
||||
+++ b/tests/tests.yml
|
||||
@@ -0,0 +1,13 @@
|
||||
+---
|
||||
+- hosts: localhost
|
||||
+ roles:
|
||||
+ - role: standard-test-beakerlib
|
||||
+ tags:
|
||||
+ - classic
|
||||
+ tests:
|
||||
+ - wpa_supplicant_standalone
|
||||
+ required_packages:
|
||||
+ - wpa_supplicant
|
||||
+ - iproute
|
||||
+ - iw
|
||||
+ - util-linux
|
||||
diff --git a/tests/wpa_supplicant_standalone/Makefile b/tests/wpa_supplicant_standalone/Makefile
|
||||
new file mode 100644
|
||||
index 0000000..c4bfe53
|
||||
--- /dev/null
|
||||
+++ b/tests/wpa_supplicant_standalone/Makefile
|
||||
@@ -0,0 +1,63 @@
|
||||
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
+#
|
||||
+# Makefile of /CoreOS/wpa_supplicant/Sanity/wpa_supplicant_standalone
|
||||
+# Description: sanity test for wpa_supplicant
|
||||
+# Author: Davide Caratti <dcaratti@redhat.com>
|
||||
+#
|
||||
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
+#
|
||||
+# Copyright (c) 2019 Red Hat, Inc.
|
||||
+#
|
||||
+# This program is free software: you can redistribute it and/or
|
||||
+# modify it under the terms of the GNU General Public License as
|
||||
+# published by the Free Software Foundation, either version 2 of
|
||||
+# the License, or (at your option) any later version.
|
||||
+#
|
||||
+# This program is distributed in the hope that it will be
|
||||
+# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
+# PURPOSE. See the GNU General Public License for more details.
|
||||
+#
|
||||
+# You should have received a copy of the GNU General Public License
|
||||
+# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
+#
|
||||
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
+
|
||||
+export TEST=/CoreOS/wpa_supplicant/Sanity/wpa_supplicant_standalone
|
||||
+export TESTVERSION=1.0
|
||||
+
|
||||
+BUILT_FILES=
|
||||
+
|
||||
+FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
+
|
||||
+.PHONY: all install download clean
|
||||
+
|
||||
+run: $(FILES) build
|
||||
+ ./runtest.sh
|
||||
+
|
||||
+build: $(BUILT_FILES)
|
||||
+ test -x runtest.sh || chmod a+x runtest.sh
|
||||
+
|
||||
+clean:
|
||||
+ rm -f *~ $(BUILT_FILES)
|
||||
+
|
||||
+
|
||||
+include /usr/share/rhts/lib/rhts-make.include
|
||||
+
|
||||
+$(METADATA): Makefile
|
||||
+ @echo "Owner: Davide Caratti <dcaratti@redhat.com>" > $(METADATA)
|
||||
+ @echo "Name: $(TEST)" >> $(METADATA)
|
||||
+ @echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
+ @echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
+ @echo "Description: sanity test for wpa_supplicant" >> $(METADATA)
|
||||
+ @echo "Type: Sanity" >> $(METADATA)
|
||||
+ @echo "TestTime: 10m" >> $(METADATA)
|
||||
+ @echo "RunFor: wpa_supplicant" >> $(METADATA)
|
||||
+ @echo "Requires: util-linux iproute iw wpa_supplicant" >> $(METADATA)
|
||||
+ @echo "Priority: Normal" >> $(METADATA)
|
||||
+ @echo "License: GPLv2+" >> $(METADATA)
|
||||
+ @echo "Confidential: no" >> $(METADATA)
|
||||
+ @echo "Destructive: no" >> $(METADATA)
|
||||
+ @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||
+
|
||||
+ rhts-lint $(METADATA)
|
||||
diff --git a/tests/wpa_supplicant_standalone/PURPOSE b/tests/wpa_supplicant_standalone/PURPOSE
|
||||
new file mode 100644
|
||||
index 0000000..a183dc3
|
||||
--- /dev/null
|
||||
+++ b/tests/wpa_supplicant_standalone/PURPOSE
|
||||
@@ -0,0 +1,3 @@
|
||||
+PURPOSE of /CoreOS/wpa_supplicant/Sanity/wpa_supplicant_standalone
|
||||
+Description: sanity test for wpa_supplicant
|
||||
+Author: Davide Caratti <dcaratti@redhat.com>
|
||||
diff --git a/tests/wpa_supplicant_standalone/runtest.sh b/tests/wpa_supplicant_standalone/runtest.sh
|
||||
new file mode 100755
|
||||
index 0000000..16390d8
|
||||
--- /dev/null
|
||||
+++ b/tests/wpa_supplicant_standalone/runtest.sh
|
||||
@@ -0,0 +1,219 @@
|
||||
+#!/bin/bash
|
||||
+# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
+#
|
||||
+# runtest.sh of /CoreOS/wpa_supplicant/Sanity/wpa_supplicant_standalone
|
||||
+# Description: sanity test for wpa_supplicant
|
||||
+# Author: Davide Caratti <dcaratti@redhat.com>
|
||||
+#
|
||||
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
+#
|
||||
+# Copyright (c) 2019 Red Hat, Inc.
|
||||
+#
|
||||
+# This program is free software: you can redistribute it and/or
|
||||
+# modify it under the terms of the GNU General Public License as
|
||||
+# published by the Free Software Foundation, either version 2 of
|
||||
+# the License, or (at your option) any later version.
|
||||
+#
|
||||
+# This program is distributed in the hope that it will be
|
||||
+# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
+# PURPOSE. See the GNU General Public License for more details.
|
||||
+#
|
||||
+# You should have received a copy of the GNU General Public License
|
||||
+# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
+#
|
||||
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
+
|
||||
+# Include Beaker environment
|
||||
+. /usr/bin/rhts-environment.sh || exit 1
|
||||
+. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
+
|
||||
+PACKAGE="wpa_supplicant"
|
||||
+
|
||||
+MACSTA="00:00:0a:bb:e1:1a"
|
||||
+IFACEAP="wlan0"
|
||||
+IFACESTA="wlan1"
|
||||
+
|
||||
+open_ap() {
|
||||
+ local SSID=${1:-notreallyassid}
|
||||
+
|
||||
+ cat >openap.conf <<-EOF
|
||||
+ network={
|
||||
+ frequency=2412
|
||||
+ ssid="$SSID"
|
||||
+ mode=2
|
||||
+ key_mgmt=NONE
|
||||
+ }
|
||||
+ EOF
|
||||
+ wpa_supplicant -ddd -Dnl80211 -i$IFACEAP -copenap.conf -B -fopenap.log -Pw1ap.pid
|
||||
+}
|
||||
+
|
||||
+open_sta() {
|
||||
+ local SSID=${1:-notreallyassid}
|
||||
+
|
||||
+ cat >opensta.conf <<-EOF
|
||||
+ network={
|
||||
+ ssid="$SSID"
|
||||
+ key_mgmt=NONE
|
||||
+ }
|
||||
+ EOF
|
||||
+ wpa_supplicant -ddd -Dnl80211 -i$IFACESTA -copensta.conf -B -fopensta.log -Pw1sta.pid
|
||||
+}
|
||||
+
|
||||
+wpa2psk_ap() {
|
||||
+ local SSID=${1:-notreallyassid}
|
||||
+
|
||||
+ cat >wpapskap.conf <<-EOF
|
||||
+ network={
|
||||
+ frequency=2437
|
||||
+ ssid="$SSID"
|
||||
+ mode=2
|
||||
+ key_mgmt=WPA-PSK
|
||||
+ pairwise=CCMP
|
||||
+ group=CCMP
|
||||
+ psk="hunter2?"
|
||||
+ }
|
||||
+ EOF
|
||||
+ wpa_supplicant -ddd -Dnl80211 -i$IFACEAP -cwpapskap.conf -B -fwpapskap.log -Pw2ap.pid
|
||||
+}
|
||||
+
|
||||
+wpa2psk_sta() {
|
||||
+ local SSID=${1:-notreallyassid}
|
||||
+
|
||||
+ cat >wpapsksta.conf <<-EOF
|
||||
+ network={
|
||||
+ frequency=2437
|
||||
+ ssid="$SSID"
|
||||
+ proto=WPA
|
||||
+ key_mgmt=WPA-PSK
|
||||
+ pairwise=CCMP
|
||||
+ group=CCMP
|
||||
+ psk="hunter2?"
|
||||
+ }
|
||||
+ EOF
|
||||
+ wpa_supplicant -ddd -Dnl80211 -i$IFACESTA -cwpapsksta.conf -B -fwpapsksta.log -Pw2sta.pid
|
||||
+}
|
||||
+
|
||||
+kill_supplicants() {
|
||||
+ local a=`cat w*.pid`
|
||||
+ local iter=0
|
||||
+
|
||||
+ while [ ${#a} -gt 0 -a $iter -lt 10 ]; do
|
||||
+ for a in $a; do
|
||||
+ kill $a 1>/dev/null 2>&1
|
||||
+ sleep 1
|
||||
+ done
|
||||
+ a=`cat w*.pid`
|
||||
+ iter=$((iter+1))
|
||||
+ done
|
||||
+
|
||||
+ ip link set dev $IFACEAP down
|
||||
+ ip link set dev $IFACESTA down
|
||||
+
|
||||
+ if [ $iter -ge 10 -a ${#a} -gt 0 ]; then
|
||||
+ return 1
|
||||
+ else
|
||||
+ return 0
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+check_for_associated_sta()
|
||||
+{
|
||||
+
|
||||
+ local assoc_found=0 assoc_missed=0
|
||||
+
|
||||
+ ip link set dev $IFACEAP up
|
||||
+ while sleep 2; do
|
||||
+ if iw dev $IFACEAP station dump | grep -i $MACSTA ; then
|
||||
+ assoc_found=$((assoc_found+1))
|
||||
+ rlLog "found $MACSTA in $IFACEAP associations ($assoc_found)"
|
||||
+ else
|
||||
+ if [ $assoc_found -gt 0 ]; then
|
||||
+ rlLog "association disappeared after $assoc_found cycles"
|
||||
+ return 1
|
||||
+ fi
|
||||
+ rlLog "didn't find association ($assoc_missed)"
|
||||
+ assoc_missed=$((assoc_missed+1))
|
||||
+ fi
|
||||
+ if [ $assoc_missed -gt 5 ]; then
|
||||
+ rlLog "timeout waiting for $MACSTA in $IFACEAP station dump"
|
||||
+ return 1
|
||||
+ fi
|
||||
+ if [ $assoc_found -gt 5 ]; then
|
||||
+ return 0
|
||||
+ fi
|
||||
+ done
|
||||
+ rlLog "sleep failed!"
|
||||
+ return 1
|
||||
+}
|
||||
+
|
||||
+check_for_running_aps()
|
||||
+{
|
||||
+ local probe_ok=0 probe_missed=0
|
||||
+
|
||||
+ ip link set dev $IFACESTA up
|
||||
+ while sleep 1; do
|
||||
+ if iw dev $IFACESTA scan | grep "${1:-notreallyassid}"; then
|
||||
+ probe_ok=$((probe_ok+1))
|
||||
+ rlLog "$probe_ok probe received"
|
||||
+ else
|
||||
+ if [ $probe_ok -gt 0 ]; then
|
||||
+ rlLog "probe failure after $probe_ok attempts"
|
||||
+ return 1
|
||||
+ fi
|
||||
+ rlLog "missed probe response"
|
||||
+ probe_missed=$((probe_missed+1))
|
||||
+ fi
|
||||
+ if [ $probe_missed -gt 5 ]; then
|
||||
+ rlLog "timeout waiting for beacons"
|
||||
+ return 1
|
||||
+ fi
|
||||
+ if [ $probe_ok -gt 5 ]; then
|
||||
+ return 0
|
||||
+ fi
|
||||
+ done
|
||||
+ rlLog "sleep failed!"
|
||||
+ return 1
|
||||
+}
|
||||
+
|
||||
+rlJournalStart
|
||||
+ rlPhaseStartSetup
|
||||
+ rlAssertRpm $PACKAGE
|
||||
+ # avoid randomizing MAC for wlan0 and wlan1
|
||||
+ rlRun "systemctl stop NetworkManager"
|
||||
+ # allow scans
|
||||
+ rlRun "systemctl stop wpa_supplicant"
|
||||
+ rlRun "rfkill unblock wifi"
|
||||
+ rlRun "modprobe mac80211_hwsim radio=2"
|
||||
+ rlRun "ip link set dev $IFACESTA address $MACSTA"
|
||||
+ rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||
+ rlRun "pushd $TmpDir"
|
||||
+ rlPhaseEnd
|
||||
+
|
||||
+ rlPhaseStartTest
|
||||
+ # cleartext wifi
|
||||
+ rlRun "kill_supplicants"
|
||||
+ rlRun "open_ap test_OPEN"
|
||||
+ rlRun "check_for_running_aps test_OPEN"
|
||||
+ rlRun "open_sta test_OPEN"
|
||||
+ rlRun "check_for_associated_sta test_OPEN"
|
||||
+
|
||||
+ # WPA2 personal
|
||||
+ rlRun "kill_supplicants"
|
||||
+ rlRun "wpa2psk_ap test_WPAPSK"
|
||||
+ rlRun "check_for_running_aps test_WPAPSK"
|
||||
+ rlRun "wpa2psk_sta test_WPAPSK"
|
||||
+ rlRun "check_for_associated_sta test_WPAPSK"
|
||||
+ rlPhaseEnd
|
||||
+
|
||||
+ rlPhaseStartCleanup
|
||||
+ rlRun kill_supplicants
|
||||
+ rlRun "popd"
|
||||
+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||
+ rlRun "modprobe -r mac80211_hwsim"
|
||||
+ rlRun "systemctl restart wpa_supplicant"
|
||||
+ rlRun "systemctl restart NetworkManager"
|
||||
+ rlPhaseEnd
|
||||
+ rlJournalPrintText
|
||||
+rlJournalEnd
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,62 +0,0 @@
|
||||
From 7800725afb27397f7d6033d4969e2aeb61af4737 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <7800725afb27397f7d6033d4969e2aeb61af4737.1602780273.git.davide.caratti@gmail.com>
|
||||
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||
Date: Sun, 13 Oct 2019 15:18:54 +0200
|
||||
Subject: [PATCH] dbus: Export OWE capability and OWE BSS key_mgmt
|
||||
|
||||
Export a new 'owe' capability to indicate that wpa_supplicant was
|
||||
built with OWE support and accepts 'key_mgmt=OWE'. Also, support 'owe'
|
||||
in the array of BSS' available key managements.
|
||||
|
||||
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
|
||||
---
|
||||
wpa_supplicant/dbus/dbus_new_handlers.c | 12 +++++++++---
|
||||
1 file changed, 9 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
index d2c84e5c5..1206c3cde 100644
|
||||
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
@@ -984,8 +984,7 @@ dbus_bool_t wpas_dbus_getter_global_capabilities(
|
||||
const struct wpa_dbus_property_desc *property_desc,
|
||||
DBusMessageIter *iter, DBusError *error, void *user_data)
|
||||
{
|
||||
- const char *capabilities[10] = { NULL, NULL, NULL, NULL, NULL, NULL,
|
||||
- NULL, NULL, NULL, NULL };
|
||||
+ const char *capabilities[11];
|
||||
size_t num_items = 0;
|
||||
#ifdef CONFIG_FILS
|
||||
struct wpa_global *global = user_data;
|
||||
@@ -1028,6 +1027,9 @@ dbus_bool_t wpas_dbus_getter_global_capabilities(
|
||||
#ifdef CONFIG_SHA384
|
||||
capabilities[num_items++] = "sha384";
|
||||
#endif /* CONFIG_SHA384 */
|
||||
+#ifdef CONFIG_OWE
|
||||
+ capabilities[num_items++] = "owe";
|
||||
+#endif /* CONFIG_OWE */
|
||||
|
||||
return wpas_dbus_simple_array_property_getter(iter,
|
||||
DBUS_TYPE_STRING,
|
||||
@@ -4491,7 +4493,7 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop(
|
||||
DBusMessageIter iter_dict, variant_iter;
|
||||
const char *group;
|
||||
const char *pairwise[5]; /* max 5 pairwise ciphers is supported */
|
||||
- const char *key_mgmt[15]; /* max 15 key managements may be supported */
|
||||
+ const char *key_mgmt[16]; /* max 16 key managements may be supported */
|
||||
int n;
|
||||
|
||||
if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
|
||||
@@ -4544,6 +4546,10 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop(
|
||||
if (ie_data->key_mgmt & WPA_KEY_MGMT_FT_SAE)
|
||||
key_mgmt[n++] = "ft-sae";
|
||||
#endif /* CONFIG_SAE */
|
||||
+#ifdef CONFIG_OWE
|
||||
+ if (ie_data->key_mgmt & WPA_KEY_MGMT_OWE)
|
||||
+ key_mgmt[n++] = "owe";
|
||||
+#endif /* CONFIG_OWE */
|
||||
if (ie_data->key_mgmt & WPA_KEY_MGMT_NONE)
|
||||
key_mgmt[n++] = "wpa-none";
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,58 +0,0 @@
|
||||
From e2e9adc3d9b6bb9c433ebb6404ee439b42e91746 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <e2e9adc3d9b6bb9c433ebb6404ee439b42e91746.1629375427.git.davide.caratti@gmail.com>
|
||||
From: Davide Caratti <davide.caratti@gmail.com>
|
||||
Date: Tue, 17 Aug 2021 10:58:53 +0200
|
||||
Subject: [PATCH] openssl: Disable padding after initializing the cipher suite
|
||||
|
||||
according to OpenSSL documentation [1], EVP_CIPHER_CTX_set_padding()
|
||||
should be called after EVP_EncryptInit_ex(), EVP_DecryptInit_ex(), or
|
||||
EVP_CipherInit_ex(). Not doing this causes EVP_CIPHER_CTX_set_padding()
|
||||
to return false on OpenSSL-3.0.0, resulting in the impossibility to
|
||||
connect in many scenarios. Fix this changing the order of function calls
|
||||
where needed.
|
||||
|
||||
[1] https://www.openssl.org/docs/man1.1.1/man3/EVP_CIPHER_CTX_set_padding.html
|
||||
|
||||
Reported-by: Vladimir Benes <vbenes@redhat.com>
|
||||
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
|
||||
---
|
||||
src/crypto/crypto_openssl.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
|
||||
index 9411cb9cf..4b87702e4 100644
|
||||
--- a/src/crypto/crypto_openssl.c
|
||||
+++ b/src/crypto/crypto_openssl.c
|
||||
@@ -248,8 +248,8 @@ int rc4_skip(const u8 *key, size_t keylen, size_t skip,
|
||||
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (!ctx ||
|
||||
- !EVP_CIPHER_CTX_set_padding(ctx, 0) ||
|
||||
!EVP_CipherInit_ex(ctx, EVP_rc4(), NULL, NULL, NULL, 1) ||
|
||||
+ !EVP_CIPHER_CTX_set_padding(ctx, 0) ||
|
||||
!EVP_CIPHER_CTX_set_key_length(ctx, keylen) ||
|
||||
!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, 1))
|
||||
goto out;
|
||||
@@ -709,8 +709,8 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
|
||||
}
|
||||
|
||||
if (!(ctx->enc = EVP_CIPHER_CTX_new()) ||
|
||||
- !EVP_CIPHER_CTX_set_padding(ctx->enc, 0) ||
|
||||
!EVP_EncryptInit_ex(ctx->enc, cipher, NULL, NULL, NULL) ||
|
||||
+ !EVP_CIPHER_CTX_set_padding(ctx->enc, 0) ||
|
||||
!EVP_CIPHER_CTX_set_key_length(ctx->enc, key_len) ||
|
||||
!EVP_EncryptInit_ex(ctx->enc, NULL, NULL, key, iv)) {
|
||||
if (ctx->enc)
|
||||
@@ -720,8 +720,8 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
|
||||
}
|
||||
|
||||
if (!(ctx->dec = EVP_CIPHER_CTX_new()) ||
|
||||
- !EVP_CIPHER_CTX_set_padding(ctx->dec, 0) ||
|
||||
!EVP_DecryptInit_ex(ctx->dec, cipher, NULL, NULL, NULL) ||
|
||||
+ !EVP_CIPHER_CTX_set_padding(ctx->dec, 0) ||
|
||||
!EVP_CIPHER_CTX_set_key_length(ctx->dec, key_len) ||
|
||||
!EVP_DecryptInit_ex(ctx->dec, NULL, NULL, key, iv)) {
|
||||
EVP_CIPHER_CTX_free(ctx->enc);
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,68 +0,0 @@
|
||||
From d265dd2d965db3669d07caa69539beb8def0edb2 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <d265dd2d965db3669d07caa69539beb8def0edb2.1629375437.git.davide.caratti@gmail.com>
|
||||
From: Davide Caratti <davide.caratti@gmail.com>
|
||||
Date: Tue, 17 Aug 2021 10:58:54 +0200
|
||||
Subject: [PATCH] openssl: Remove deprecated functions from des_encrypt()
|
||||
|
||||
NetworkManager-CI detected systematic failures on test scenarios using
|
||||
MSCHAPv2 when wpa_supplicant uses OpenSSL-3.0.0.
|
||||
The 'test_module_tests.py' script also fails, and the following log is
|
||||
shown:
|
||||
|
||||
1627404013.761569: generate_nt_response failed
|
||||
1627404013.761582: ms_funcs: 1 error
|
||||
|
||||
It seems that either DES_set_key() or DES_ecb_encrypt() changed their
|
||||
semantic, but it doesn't make sense to fix them since their use has been
|
||||
deprecated. Converting des_encrypt() to avoid use of deprecated
|
||||
functions proved to fix the problem, and removed a couple of build
|
||||
warnings at the same time.
|
||||
|
||||
Reported-by: Vladimir Benes <vbenes@redhat.com>
|
||||
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
|
||||
---
|
||||
src/crypto/crypto_openssl.c | 21 +++++++++++++++------
|
||||
1 file changed, 15 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
|
||||
index a4b1083bb..9411cb9cf 100644
|
||||
--- a/src/crypto/crypto_openssl.c
|
||||
+++ b/src/crypto/crypto_openssl.c
|
||||
@@ -206,8 +206,8 @@ int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
|
||||
int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
|
||||
{
|
||||
u8 pkey[8], next, tmp;
|
||||
- int i;
|
||||
- DES_key_schedule ks;
|
||||
+ int i, plen, ret = -1;
|
||||
+ EVP_CIPHER_CTX *ctx;
|
||||
|
||||
/* Add parity bits to the key */
|
||||
next = 0;
|
||||
@@ -218,10 +218,19 @@ int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
|
||||
}
|
||||
pkey[i] = next | 1;
|
||||
|
||||
- DES_set_key((DES_cblock *) &pkey, &ks);
|
||||
- DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks,
|
||||
- DES_ENCRYPT);
|
||||
- return 0;
|
||||
+ ctx = EVP_CIPHER_CTX_new();
|
||||
+ if (ctx &&
|
||||
+ EVP_EncryptInit_ex(ctx, EVP_des_ecb(), NULL, pkey, NULL) == 1 &&
|
||||
+ EVP_CIPHER_CTX_set_padding(ctx, 0) == 1 &&
|
||||
+ EVP_EncryptUpdate(ctx, cypher, &plen, clear, 8) == 1 &&
|
||||
+ EVP_EncryptFinal_ex(ctx, &cypher[plen], &plen) == 1)
|
||||
+ ret = 0;
|
||||
+ else
|
||||
+ wpa_printf(MSG_ERROR, "OpenSSL: DES encrypt failed");
|
||||
+
|
||||
+ if (ctx)
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,30 +0,0 @@
|
||||
From d4348cbbdbdba5d045b5b389ba6ce97b74936f30 Mon Sep 17 00:00:00 2001
|
||||
From: Benjamin Berg <bberg@redhat.com>
|
||||
Date: Mon, 15 Jun 2020 16:17:43 +0200
|
||||
Subject: [PATCH] p2p: Limit P2P_DEVICE name to appropriate ifname size
|
||||
|
||||
Otherwise the WPA_IF_P2P_DEVICE cannot be created. As this is not a
|
||||
netdev device, it is acceptable if the name is not completely unique. As
|
||||
such, simply insert a NUL byte at the appropriate place.
|
||||
---
|
||||
wpa_supplicant/p2p_supplicant.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
|
||||
index e94bffe52..17c25889c 100644
|
||||
--- a/wpa_supplicant/p2p_supplicant.c
|
||||
+++ b/wpa_supplicant/p2p_supplicant.c
|
||||
@@ -3929,6 +3929,10 @@ int wpas_p2p_add_p2pdev_interface(struct wpa_supplicant *wpa_s,
|
||||
wpa_s->ifname);
|
||||
if (os_snprintf_error(sizeof(ifname), ret))
|
||||
return -1;
|
||||
+ /* Cut length at the maximum size. Note that we don't need to ensure
|
||||
+ * collision free names here as the created interface is not a netdev.
|
||||
+ */
|
||||
+ ifname[IFNAMSIZ-1] = '\0';
|
||||
force_name[0] = '\0';
|
||||
wpa_s->pending_interface_type = WPA_IF_P2P_DEVICE;
|
||||
ret = wpa_drv_if_add(wpa_s, WPA_IF_P2P_DEVICE, ifname, NULL, NULL,
|
||||
--
|
||||
2.26.2
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (wpa_supplicant-2.9.tar.gz) = 37a33f22cab9d27084fbef29856eaea0f692ff339c5b38bd32402dccf293cb849afd4a870cd3b5ca78179f0102f4011ce2f3444a53dc41dc75a5863b0a2226c8
|
||||
SHA512 (wpa_supplicant-2.9.20211112.gitc8b94bc7b347.tar.gz) = 09781ecfea99f9003a3b558179083c96fc46363694d08592b0ff3c2f33494e47dec799b93c473f1236ccc003d677ac5cdc035f7ebf52bda30688131ad55a73a1
|
||||
|
@ -9,15 +9,6 @@ Subject: [PATCH] defconfig: Fedora configuration
|
||||
|
||||
--- a/wpa_supplicant/defconfig
|
||||
+++ b/wpa_supplicant/defconfig
|
||||
@@ -77,7 +77,7 @@ CONFIG_DRIVER_WIRED=y
|
||||
#CONFIG_DRIVER_MACSEC_QCA=y
|
||||
|
||||
# Driver interface for Linux MACsec drivers
|
||||
-#CONFIG_DRIVER_MACSEC_LINUX=y
|
||||
+CONFIG_DRIVER_MACSEC_LINUX=y
|
||||
|
||||
# Driver interface for the Broadcom RoboSwitch family
|
||||
#CONFIG_DRIVER_ROBOSWITCH=y
|
||||
@@ -146,7 +146,7 @@ CONFIG_EAP_PAX=y
|
||||
CONFIG_EAP_LEAP=y
|
||||
|
||||
@ -27,16 +18,7 @@ Subject: [PATCH] defconfig: Fedora configuration
|
||||
|
||||
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
|
||||
# This requires CONFIG_EAP_AKA to be enabled, too.
|
||||
@@ -183,7 +183,7 @@ CONFIG_EAP_IKEV2=y
|
||||
#CONFIG_EAP_EKE=y
|
||||
|
||||
# MACsec
|
||||
-#CONFIG_MACSEC=y
|
||||
+CONFIG_MACSEC=y
|
||||
|
||||
# PKCS#12 (PFX) support (used to read private key and certificate file from
|
||||
# a file that usually has extension .p12 or .pfx)
|
||||
@@ -342,6 +342,7 @@ CONFIG_IEEE80211W=y
|
||||
@@ -338,6 +338,7 @@ CONFIG_BACKEND=file
|
||||
# Select which ciphers to use by default with OpenSSL if the user does not
|
||||
# specify them.
|
||||
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
|
||||
@ -44,25 +26,16 @@ Subject: [PATCH] defconfig: Fedora configuration
|
||||
|
||||
# If CONFIG_TLS=internal is used, additional library and include paths are
|
||||
# needed for LibTomMath. Alternatively, an integrated, minimal version of
|
||||
@@ -473,7 +474,7 @@ CONFIG_DEBUG_SYSLOG=y
|
||||
@@ -469,7 +470,7 @@ CONFIG_DEBUG_SYSLOG=y
|
||||
# Should we attempt to use the getrandom(2) call that provides more reliable
|
||||
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
|
||||
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
|
||||
-#CONFIG_GETRANDOM=y
|
||||
+CONFIG_GETRANDOM=y
|
||||
|
||||
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
|
||||
CONFIG_IEEE80211N=y
|
||||
@@ -514,7 +515,7 @@ CONFIG_AP=y
|
||||
CONFIG_P2P=y
|
||||
|
||||
# Enable TDLS support
|
||||
-#CONFIG_TDLS=y
|
||||
+CONFIG_TDLS=y
|
||||
|
||||
# Wi-Fi Display
|
||||
# This can be used to enable Wi-Fi Display extensions for P2P using an external
|
||||
@@ -593,7 +594,7 @@ CONFIG_IBSS_RSN=y
|
||||
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
|
||||
CONFIG_IEEE80211AC=y
|
||||
@@ -587,7 +588,7 @@ CONFIG_IBSS_RSN=y
|
||||
#CONFIG_PMKSA_CACHE_EXTERNAL=y
|
||||
|
||||
# Mesh Networking (IEEE 802.11s)
|
||||
@ -71,7 +44,7 @@ Subject: [PATCH] defconfig: Fedora configuration
|
||||
|
||||
# Background scanning modules
|
||||
# These can be used to request wpa_supplicant to perform background scanning
|
||||
@@ -607,9 +608,10 @@ CONFIG_BGSCAN_SIMPLE=y
|
||||
@@ -601,7 +602,7 @@ CONFIG_BGSCAN_SIMPLE=y
|
||||
|
||||
# Opportunistic Wireless Encryption (OWE)
|
||||
# Experimental implementation of draft-harkins-owe-07.txt
|
||||
@ -79,7 +52,11 @@ Subject: [PATCH] defconfig: Fedora configuration
|
||||
+CONFIG_OWE=y
|
||||
|
||||
# Device Provisioning Protocol (DPP)
|
||||
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
|
||||
# wpa_supplicant/README-DPP for details)
|
||||
CONFIG_DPP=y
|
||||
@@ -628,3 +629,6 @@ CONFIG_DPP=y
|
||||
# design is still subject to change. As such, this should not yet be enabled in
|
||||
# production use.
|
||||
#CONFIG_PASN=y
|
||||
+#
|
||||
+CONFIG_SUITEB192=y
|
||||
+
|
||||
|
@ -1,49 +1,35 @@
|
||||
--- wpa_supplicant-0.6.3/src/utils/wpa_debug.c.flush-debug 2007-07-30 23:15:34.000000000 -0400
|
||||
+++ wpa_supplicant-0.6.3/src/utils/wpa_debug.c 2007-07-30 23:17:06.000000000 -0400
|
||||
@@ -157,6 +157,7 @@ void wpa_debug_print_timestamp(void)
|
||||
if (out_file) {
|
||||
--- a/src/utils/wpa_debug.c
|
||||
+++ b/src/utils/wpa_debug.c
|
||||
@@ -79,6 +79,7 @@ void wpa_debug_print_timestamp(void)
|
||||
if (out_file)
|
||||
fprintf(out_file, "%ld.%06u: ", (long) tv.sec,
|
||||
(unsigned int) tv.usec);
|
||||
+ fflush(out_file);
|
||||
} else
|
||||
+ fflush(out_file);
|
||||
#endif /* CONFIG_DEBUG_FILE */
|
||||
printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec);
|
||||
@@ -185,6 +186,7 @@ void wpa_printf(int level, char *fmt, ..
|
||||
if (out_file) {
|
||||
if (!out_file && !wpa_debug_syslog)
|
||||
printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec);
|
||||
@@ -230,6 +231,7 @@ void wpa_printf(int level, const char *f
|
||||
va_start(ap, fmt);
|
||||
vfprintf(out_file, fmt, ap);
|
||||
fprintf(out_file, "\n");
|
||||
+ fflush(out_file);
|
||||
} else {
|
||||
va_end(ap);
|
||||
}
|
||||
#endif /* CONFIG_DEBUG_FILE */
|
||||
vprintf(fmt, ap);
|
||||
@@ -217,6 +219,7 @@ static void _wpa_hexdump(int level, cons
|
||||
@@ -365,6 +367,7 @@ static void _wpa_hexdump(int level, cons
|
||||
fprintf(out_file, " [REMOVED]");
|
||||
}
|
||||
fprintf(out_file, "\n");
|
||||
+ fflush(out_file);
|
||||
} else {
|
||||
}
|
||||
#endif /* CONFIG_DEBUG_FILE */
|
||||
printf("%s - hexdump(len=%lu):", title, (unsigned long) len);
|
||||
@@ -262,12 +265,14 @@ static void _wpa_hexdump_ascii(int level
|
||||
fprintf(out_file,
|
||||
"%s - hexdump_ascii(len=%lu): [REMOVED]\n",
|
||||
title, (unsigned long) len);
|
||||
+ fflush(out_file);
|
||||
return;
|
||||
}
|
||||
if (buf == NULL) {
|
||||
fprintf(out_file,
|
||||
"%s - hexdump_ascii(len=%lu): [NULL]\n",
|
||||
title, (unsigned long) len);
|
||||
+ fflush(out_file);
|
||||
return;
|
||||
}
|
||||
fprintf(out_file, "%s - hexdump_ascii(len=%lu):\n",
|
||||
@@ -292,6 +297,7 @@ static void _wpa_hexdump_ascii(int level
|
||||
pos += llen;
|
||||
len -= llen;
|
||||
if (!wpa_debug_syslog && !out_file) {
|
||||
@@ -468,6 +471,8 @@ static void _wpa_hexdump_ascii(int level
|
||||
}
|
||||
}
|
||||
file_done:
|
||||
+ if (out_file)
|
||||
+ fflush(out_file);
|
||||
} else {
|
||||
#endif /* CONFIG_DEBUG_FILE */
|
||||
if (!show) {
|
||||
if (!wpa_debug_syslog && !out_file) {
|
||||
if (!show) {
|
||||
|
@ -9,12 +9,10 @@ different locations.
|
||||
wpa_supplicant/Makefile | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
|
||||
index ad9ead9..b19676d 100644
|
||||
--- a/wpa_supplicant/Makefile
|
||||
+++ b/wpa_supplicant/Makefile
|
||||
@@ -11,6 +11,9 @@ export INCDIR ?= /usr/local/include/
|
||||
export BINDIR ?= /usr/local/sbin/
|
||||
@@ -35,6 +35,9 @@ export INCDIR ?= /usr/local/include
|
||||
export BINDIR ?= /usr/local/sbin
|
||||
PKG_CONFIG ?= pkg-config
|
||||
|
||||
+QMAKE ?= qmake
|
||||
@ -23,7 +21,7 @@ index ad9ead9..b19676d 100644
|
||||
CFLAGS += $(EXTRA_CFLAGS)
|
||||
CFLAGS += -I$(abspath ../src)
|
||||
CFLAGS += -I$(abspath ../src/utils)
|
||||
@@ -1787,10 +1790,10 @@ wpa_gui:
|
||||
@@ -2039,10 +2042,10 @@ wpa_gui:
|
||||
@echo "wpa_gui has been removed - see wpa_gui-qt4 for replacement"
|
||||
|
||||
wpa_gui-qt4/Makefile:
|
||||
@ -36,6 +34,3 @@ index ad9ead9..b19676d 100644
|
||||
|
||||
wpa_gui-qt4: wpa_gui-qt4/Makefile wpa_gui-qt4/lang/wpa_gui_de.qm
|
||||
$(MAKE) -C wpa_gui-qt4
|
||||
--
|
||||
2.6.2
|
||||
|
||||
|
@ -1,3 +1,8 @@
|
||||
%global gitdate 20211112
|
||||
%global gitcommit c8b94bc7b347dac0422d32a3e330d4425d898906
|
||||
%global gitshortcommit %(c=%{gitcommit}; echo ${c:0:12})
|
||||
%global snapshot .%{gitdate}.git%{gitshortcommit}
|
||||
|
||||
%global _hardened_build 1
|
||||
%if 0%{?fedora}
|
||||
%bcond_without gui
|
||||
@ -9,9 +14,9 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant
|
||||
Name: wpa_supplicant
|
||||
Epoch: 1
|
||||
Version: 2.9
|
||||
Release: 17%{?dist}
|
||||
Release: 17%{snapshot}%{?dist}
|
||||
License: BSD
|
||||
Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz
|
||||
Source0: http://w1.fi/releases/%{name}-%{version}%{snapshot}.tar.gz
|
||||
Source1: wpa_supplicant.conf
|
||||
Source2: wpa_supplicant.service
|
||||
Source3: wpa_supplicant.sysconfig
|
||||
@ -29,32 +34,6 @@ Patch2: wpa_supplicant-flush-debug-output.patch
|
||||
Patch3: wpa_supplicant-quiet-scan-results-message.patch
|
||||
# distro specific customization for Qt4 build tools, not suitable for upstream
|
||||
Patch4: wpa_supplicant-gui-qt4.patch
|
||||
# fix AP mode PMF disconnection protection bypass
|
||||
Patch5: 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
|
||||
|
||||
# fix some issues with P2P operation
|
||||
Patch6: 0001-P2P-Always-use-global-p2p_long_listen.patch
|
||||
Patch7: 0001-D-Bus-Fix-P2P-NULL-dereference-after-interface-remov.patch
|
||||
Patch8: 0001-p2p-Limit-P2P_DEVICE-name-to-appropriate-ifname-size.patch
|
||||
|
||||
#fix for bz1915236
|
||||
Patch9: 0001-D-Bus-Allow-changing-an-interface-bridge-via-D-Bus.patch
|
||||
|
||||
#expose OWE capability in D-Bus
|
||||
Patch10: 0001-dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch
|
||||
|
||||
#fix for CVE-2021-0326
|
||||
Patch11: 0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
|
||||
|
||||
#fix for CVE-2021-27803
|
||||
Patch12: 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
|
||||
|
||||
#fix for bz1975718
|
||||
Patch13: 0001-OpenSSL-Allow-systemwide-secpolicy-overrides-for-TLS.patch
|
||||
Patch14: 0001-EAP-TTLS-PEAP-peer-Fix-failure-when-using-session-ti.patch
|
||||
Patch15: 0001-openssl-Disable-padding-after-initializing-the-ciphe.patch
|
||||
Patch16: 0001-openssl-Remove-deprecated-functions-from-des_encrypt.patch
|
||||
|
||||
|
||||
URL: http://w1.fi/wpa_supplicant/
|
||||
|
||||
@ -98,7 +77,7 @@ Graphical User Interface for wpa_supplicant written using QT
|
||||
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
%autosetup -p1 -n %{name}-%{version}%{snapshot}
|
||||
|
||||
|
||||
%build
|
||||
@ -215,6 +194,10 @@ chmod -R 0644 wpa_supplicant/examples/*.py
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Nov 22 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-17.20211112gitc8b94bc7b347
|
||||
- Update to latest upstream tree to include support for H2E
|
||||
Resolves: rhbz#2007334
|
||||
|
||||
* Thu Aug 19 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-17
|
||||
- Fix NetworkManager-CI failures with OpenSSL 3.0
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user