import wpa_supplicant-2.10-1.el8
This commit is contained in:
parent
9659c49696
commit
63e8381a92
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/wpa_supplicant-2.9.tar.gz
|
||||
SOURCES/wpa_supplicant-2.10.tar.gz
|
||||
|
@ -1 +1 @@
|
||||
b784c0e5e56889c81d027757a4623659bf15f9a8 SOURCES/wpa_supplicant-2.9.tar.gz
|
||||
e295b07d599da4b99c3836d4402ec5746f77e8e8 SOURCES/wpa_supplicant-2.10.tar.gz
|
||||
|
@ -1,73 +0,0 @@
|
||||
From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Thu, 29 Aug 2019 11:52:04 +0300
|
||||
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
|
||||
address
|
||||
|
||||
Do not process any received Management frames with unexpected/invalid SA
|
||||
so that we do not add any state for unexpected STA addresses or end up
|
||||
sending out frames to unexpected destination. This prevents unexpected
|
||||
sequences where an unprotected frame might end up causing the AP to send
|
||||
out a response to another device and that other device processing the
|
||||
unexpected response.
|
||||
|
||||
In particular, this prevents some potential denial of service cases
|
||||
where the unexpected response frame from the AP might result in a
|
||||
connected station dropping its association.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
---
|
||||
src/ap/drv_callbacks.c | 13 +++++++++++++
|
||||
src/ap/ieee802_11.c | 12 ++++++++++++
|
||||
2 files changed, 25 insertions(+)
|
||||
|
||||
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
|
||||
index 31587685fe3b..34ca379edc3d 100644
|
||||
--- a/src/ap/drv_callbacks.c
|
||||
+++ b/src/ap/drv_callbacks.c
|
||||
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
|
||||
"hostapd_notif_assoc: Skip event with no address");
|
||||
return -1;
|
||||
}
|
||||
+
|
||||
+ if (is_multicast_ether_addr(addr) ||
|
||||
+ is_zero_ether_addr(addr) ||
|
||||
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
|
||||
+ /* Do not process any frames with unexpected/invalid SA so that
|
||||
+ * we do not add any state for unexpected STA addresses or end
|
||||
+ * up sending out frames to unexpected destination. */
|
||||
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
|
||||
+ " in received indication - ignore this indication silently",
|
||||
+ __func__, MAC2STR(addr));
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
random_add_randomness(addr, ETH_ALEN);
|
||||
|
||||
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
|
||||
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
|
||||
index c85a28db44b7..e7065372e158 100644
|
||||
--- a/src/ap/ieee802_11.c
|
||||
+++ b/src/ap/ieee802_11.c
|
||||
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
|
||||
fc = le_to_host16(mgmt->frame_control);
|
||||
stype = WLAN_FC_GET_STYPE(fc);
|
||||
|
||||
+ if (is_multicast_ether_addr(mgmt->sa) ||
|
||||
+ is_zero_ether_addr(mgmt->sa) ||
|
||||
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
|
||||
+ /* Do not process any frames with unexpected/invalid SA so that
|
||||
+ * we do not add any state for unexpected STA addresses or end
|
||||
+ * up sending out frames to unexpected destination. */
|
||||
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
|
||||
+ " in received frame - ignore this frame silently",
|
||||
+ MAC2STR(mgmt->sa));
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (stype == WLAN_FC_STYPE_BEACON) {
|
||||
handle_beacon(hapd, mgmt, len, fi);
|
||||
return 1;
|
||||
--
|
||||
2.20.1
|
||||
|
@ -44,3 +44,4 @@ CONFIG_OWE=y
|
||||
CONFIG_DPP=y
|
||||
CONFIG_WIFI_DISPLAY=y
|
||||
CONFIG_SUITEB192=y
|
||||
CONFIG_WEP=Y
|
||||
|
@ -1,200 +0,0 @@
|
||||
From 1c58317f56e312576b6872440f125f794e45f991 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <1c58317f56e312576b6872440f125f794e45f991.1602774933.git.davide.caratti@gmail.com>
|
||||
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||
Date: Wed, 30 Sep 2020 18:34:36 +0200
|
||||
Subject: [PATCH] D-Bus: Allow changing an interface bridge via D-Bus
|
||||
|
||||
D-Bus clients can call CreateInterface() once and use the resulting
|
||||
Interface object to connect multiple times to different networks.
|
||||
|
||||
However, if the network interface gets added to a bridge, clients
|
||||
currently have to remove the Interface object and create a new one.
|
||||
|
||||
Improve this by supporting the change of the BridgeIfname property of
|
||||
an existing Interface object.
|
||||
|
||||
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
|
||||
---
|
||||
src/rsn_supp/tdls.c | 5 +++
|
||||
wpa_supplicant/dbus/dbus_new.c | 2 +-
|
||||
wpa_supplicant/dbus/dbus_new_handlers.c | 37 ++++++++++++++++
|
||||
wpa_supplicant/dbus/dbus_new_handlers.h | 1 +
|
||||
wpa_supplicant/wpa_supplicant.c | 59 +++++++++++++++++++++++++
|
||||
wpa_supplicant/wpa_supplicant_i.h | 2 +
|
||||
6 files changed, 105 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
|
||||
index 7b47e3ac5..eff8cd829 100644
|
||||
--- a/src/rsn_supp/tdls.c
|
||||
+++ b/src/rsn_supp/tdls.c
|
||||
@@ -2807,6 +2807,11 @@ int wpa_tdls_init(struct wpa_sm *sm)
|
||||
if (sm == NULL)
|
||||
return -1;
|
||||
|
||||
+ if (sm->l2_tdls) {
|
||||
+ l2_packet_deinit(sm->l2_tdls);
|
||||
+ sm->l2_tdls = NULL;
|
||||
+ }
|
||||
+
|
||||
sm->l2_tdls = l2_packet_init(sm->bridge_ifname ? sm->bridge_ifname :
|
||||
sm->ifname,
|
||||
sm->own_addr,
|
||||
diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
|
||||
index 793a881ef..ab7628f87 100644
|
||||
--- a/wpa_supplicant/dbus/dbus_new.c
|
||||
+++ b/wpa_supplicant/dbus/dbus_new.c
|
||||
@@ -3613,7 +3613,7 @@ static const struct wpa_dbus_property_desc wpas_dbus_interface_properties[] = {
|
||||
},
|
||||
{ "BridgeIfname", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
|
||||
wpas_dbus_getter_bridge_ifname,
|
||||
- NULL,
|
||||
+ wpas_dbus_setter_bridge_ifname,
|
||||
NULL
|
||||
},
|
||||
{ "ConfigFile", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
|
||||
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
index 34abab752..2cfc87fa8 100644
|
||||
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
@@ -3635,6 +3635,43 @@ dbus_bool_t wpas_dbus_getter_bridge_ifname(
|
||||
}
|
||||
|
||||
|
||||
+dbus_bool_t wpas_dbus_setter_bridge_ifname(
|
||||
+ const struct wpa_dbus_property_desc *property_desc,
|
||||
+ DBusMessageIter *iter, DBusError *error, void *user_data)
|
||||
+{
|
||||
+ struct wpa_supplicant *wpa_s = user_data;
|
||||
+ const char *bridge_ifname = NULL;
|
||||
+ const char *msg;
|
||||
+ int r;
|
||||
+
|
||||
+ if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
|
||||
+ &bridge_ifname))
|
||||
+ return FALSE;
|
||||
+
|
||||
+ r = wpa_supplicant_update_bridge_ifname(wpa_s, bridge_ifname);
|
||||
+ if (r != 0) {
|
||||
+ switch (r) {
|
||||
+ case -EINVAL:
|
||||
+ msg = "invalid interface name";
|
||||
+ break;
|
||||
+ case -EBUSY:
|
||||
+ msg = "interface is busy";
|
||||
+ break;
|
||||
+ case -EIO:
|
||||
+ msg = "socket error";
|
||||
+ break;
|
||||
+ default:
|
||||
+ msg = "unknown error";
|
||||
+ break;
|
||||
+ }
|
||||
+ dbus_set_error_const(error, DBUS_ERROR_FAILED, msg);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
+ return TRUE;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/**
|
||||
* wpas_dbus_getter_config_file - Get interface configuration file path
|
||||
* @iter: Pointer to incoming dbus message iter
|
||||
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.h b/wpa_supplicant/dbus/dbus_new_handlers.h
|
||||
index afa26efed..d528c0816 100644
|
||||
--- a/wpa_supplicant/dbus/dbus_new_handlers.h
|
||||
+++ b/wpa_supplicant/dbus/dbus_new_handlers.h
|
||||
@@ -167,6 +167,7 @@ DECLARE_ACCESSOR(wpas_dbus_setter_scan_interval);
|
||||
DECLARE_ACCESSOR(wpas_dbus_getter_ifname);
|
||||
DECLARE_ACCESSOR(wpas_dbus_getter_driver);
|
||||
DECLARE_ACCESSOR(wpas_dbus_getter_bridge_ifname);
|
||||
+DECLARE_ACCESSOR(wpas_dbus_setter_bridge_ifname);
|
||||
DECLARE_ACCESSOR(wpas_dbus_getter_config_file);
|
||||
DECLARE_ACCESSOR(wpas_dbus_getter_current_bss);
|
||||
DECLARE_ACCESSOR(wpas_dbus_getter_current_network);
|
||||
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
|
||||
index 39e92fb68..a7e9e459e 100644
|
||||
--- a/wpa_supplicant/wpa_supplicant.c
|
||||
+++ b/wpa_supplicant/wpa_supplicant.c
|
||||
@@ -4906,6 +4906,65 @@ static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
|
||||
}
|
||||
|
||||
|
||||
+int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
|
||||
+ const char *bridge_ifname)
|
||||
+{
|
||||
+ if (wpa_s->wpa_state > WPA_SCANNING)
|
||||
+ return -EBUSY;
|
||||
+
|
||||
+ if (bridge_ifname &&
|
||||
+ os_strlen(bridge_ifname) >= sizeof(wpa_s->bridge_ifname))
|
||||
+ return -EINVAL;
|
||||
+
|
||||
+ if (!bridge_ifname)
|
||||
+ bridge_ifname = "";
|
||||
+
|
||||
+ if (os_strcmp(wpa_s->bridge_ifname, bridge_ifname) == 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (wpa_s->l2_br) {
|
||||
+ l2_packet_deinit(wpa_s->l2_br);
|
||||
+ wpa_s->l2_br = NULL;
|
||||
+ }
|
||||
+
|
||||
+ os_strlcpy(wpa_s->bridge_ifname, bridge_ifname,
|
||||
+ sizeof(wpa_s->bridge_ifname));
|
||||
+
|
||||
+ if (wpa_s->bridge_ifname[0]) {
|
||||
+ wpa_dbg(wpa_s, MSG_DEBUG,
|
||||
+ "Receiving packets from bridge interface '%s'",
|
||||
+ wpa_s->bridge_ifname);
|
||||
+ wpa_s->l2_br = l2_packet_init_bridge(
|
||||
+ wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
|
||||
+ ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
|
||||
+ if (!wpa_s->l2_br) {
|
||||
+ wpa_msg(wpa_s, MSG_ERROR,
|
||||
+ "Failed to open l2_packet connection for the bridge interface '%s'",
|
||||
+ wpa_s->bridge_ifname);
|
||||
+ goto fail;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+#ifdef CONFIG_TDLS
|
||||
+ if (!wpa_s->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
|
||||
+ goto fail;
|
||||
+#endif /* CONFIG_TDLS */
|
||||
+
|
||||
+ return 0;
|
||||
+fail:
|
||||
+ wpa_s->bridge_ifname[0] = 0;
|
||||
+ if (wpa_s->l2_br) {
|
||||
+ l2_packet_deinit(wpa_s->l2_br);
|
||||
+ wpa_s->l2_br = NULL;
|
||||
+ }
|
||||
+#ifdef CONFIG_TDLS
|
||||
+ if (!wpa_s->p2p_mgmt)
|
||||
+ wpa_tdls_init(wpa_s->wpa);
|
||||
+#endif /* CONFIG_TDLS */
|
||||
+ return -EIO;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/**
|
||||
* wpa_supplicant_driver_init - Initialize driver interface parameters
|
||||
* @wpa_s: Pointer to wpa_supplicant data
|
||||
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
|
||||
index 31a9b7427..eac3491cc 100644
|
||||
--- a/wpa_supplicant/wpa_supplicant_i.h
|
||||
+++ b/wpa_supplicant/wpa_supplicant_i.h
|
||||
@@ -1351,6 +1351,8 @@ int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s);
|
||||
const char * wpa_supplicant_state_txt(enum wpa_states state);
|
||||
int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s);
|
||||
int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s);
|
||||
+int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
|
||||
+ const char *bridge_ifname);
|
||||
int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
|
||||
struct wpa_bss *bss, struct wpa_ssid *ssid,
|
||||
u8 *wpa_ie, size_t *wpa_ie_len);
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,112 +0,0 @@
|
||||
From 9ad3c12dd1bf56824ef8b3425e057e8d1e84e69d Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <9ad3c12dd1bf56824ef8b3425e057e8d1e84e69d.1602752483.git.davide.caratti@gmail.com>
|
||||
From: Benjamin Berg <bberg@redhat.com>
|
||||
Date: Fri, 3 Jan 2020 22:18:51 +0100
|
||||
Subject: [PATCH] P2P: Always use global p2p_long_listen
|
||||
|
||||
The p2p_long_listen value was set on the control wpa_s struct while in a
|
||||
lot of cases it operated on the p2p struct. Explicitly use the global
|
||||
p2p_init_wpa_s struct in cases where we might not be operating on it
|
||||
already.
|
||||
|
||||
Without this, simply starting a p2p_listen operation (e.g., using
|
||||
wpa_cli) will not work properly. As the p2p_long_listen is set on the
|
||||
controlling interface and wpas_p2p_cancel_remain_on_channel_cb() uses
|
||||
p2p_init_wpa_s, it would not actually work. This results in
|
||||
wpa_supplicant stopping listening after the maximum remain-on-channel
|
||||
time passes when using a separate P2P Device interface.
|
||||
|
||||
Signed-off-by: Benjamin Berg <bberg@redhat.com>
|
||||
---
|
||||
wpa_supplicant/p2p_supplicant.c | 19 ++++++++++---------
|
||||
1 file changed, 10 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
|
||||
index 95bacec19..a7d3b7f1d 100644
|
||||
--- a/wpa_supplicant/p2p_supplicant.c
|
||||
+++ b/wpa_supplicant/p2p_supplicant.c
|
||||
@@ -2422,7 +2422,7 @@ static void wpas_go_neg_completed(void *ctx, struct p2p_go_neg_results *res)
|
||||
wpas_start_wps_enrollee(group_wpa_s, res);
|
||||
}
|
||||
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
|
||||
|
||||
eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL);
|
||||
@@ -4750,7 +4750,8 @@ void wpas_p2p_deinit(struct wpa_supplicant *wpa_s)
|
||||
eloop_cancel_timeout(wpas_p2p_psk_failure_removal, wpa_s, NULL);
|
||||
eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL);
|
||||
eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ if (wpa_s->global->p2p_init_wpa_s)
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
|
||||
eloop_cancel_timeout(wpas_p2p_group_idle_timeout, wpa_s, NULL);
|
||||
wpas_p2p_remove_pending_group_interface(wpa_s);
|
||||
@@ -5635,7 +5636,7 @@ int wpas_p2p_connect(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
|
||||
go_intent = wpa_s->conf->p2p_go_intent;
|
||||
|
||||
if (!auth)
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
|
||||
wpa_s->p2p_wps_method = wps_method;
|
||||
wpa_s->p2p_persistent_group = !!persistent_group;
|
||||
@@ -6952,7 +6953,7 @@ int wpas_p2p_find(struct wpa_supplicant *wpa_s, unsigned int timeout,
|
||||
u8 seek_cnt, const char **seek_string, int freq)
|
||||
{
|
||||
wpas_p2p_clear_pending_action_tx(wpa_s);
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
|
||||
if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL ||
|
||||
wpa_s->p2p_in_provisioning) {
|
||||
@@ -6997,7 +6998,7 @@ static void wpas_p2p_scan_res_ignore_search(struct wpa_supplicant *wpa_s,
|
||||
static void wpas_p2p_stop_find_oper(struct wpa_supplicant *wpa_s)
|
||||
{
|
||||
wpas_p2p_clear_pending_action_tx(wpa_s);
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
|
||||
eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
|
||||
|
||||
@@ -7023,7 +7024,7 @@ void wpas_p2p_stop_find(struct wpa_supplicant *wpa_s)
|
||||
static void wpas_p2p_long_listen_timeout(void *eloop_ctx, void *timeout_ctx)
|
||||
{
|
||||
struct wpa_supplicant *wpa_s = eloop_ctx;
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
}
|
||||
|
||||
|
||||
@@ -7052,7 +7053,7 @@ int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout)
|
||||
timeout = 3600;
|
||||
}
|
||||
eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
|
||||
/*
|
||||
* Stop previous find/listen operation to avoid trying to request a new
|
||||
@@ -7064,7 +7065,7 @@ int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout)
|
||||
|
||||
res = wpas_p2p_listen_start(wpa_s, timeout * 1000);
|
||||
if (res == 0 && timeout * 1000 > wpa_s->max_remain_on_chan) {
|
||||
- wpa_s->p2p_long_listen = timeout * 1000;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = timeout * 1000;
|
||||
eloop_register_timeout(timeout, 0,
|
||||
wpas_p2p_long_listen_timeout,
|
||||
wpa_s, NULL);
|
||||
@@ -7171,7 +7172,7 @@ static void wpas_p2p_group_deinit(struct wpa_supplicant *wpa_s)
|
||||
|
||||
int wpas_p2p_reject(struct wpa_supplicant *wpa_s, const u8 *addr)
|
||||
{
|
||||
- wpa_s->p2p_long_listen = 0;
|
||||
+ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
|
||||
|
||||
if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
|
||||
return -1;
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,50 +0,0 @@
|
||||
From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <jouni@codeaurora.org>
|
||||
Date: Tue, 8 Dec 2020 23:52:50 +0200
|
||||
Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request
|
||||
|
||||
p2p_add_device() may remove the oldest entry if there is no room in the
|
||||
peer table for a new peer. This would result in any pointer to that
|
||||
removed entry becoming stale. A corner case with an invalid PD Request
|
||||
frame could result in such a case ending up using (read+write) freed
|
||||
memory. This could only by triggered when the peer table has reached its
|
||||
maximum size and the PD Request frame is received from the P2P Device
|
||||
Address of the oldest remaining entry and the frame has incorrect P2P
|
||||
Device Address in the payload.
|
||||
|
||||
Fix this by fetching the dev pointer again after having called
|
||||
p2p_add_device() so that the stale pointer cannot be used.
|
||||
|
||||
Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
|
||||
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
||||
---
|
||||
src/p2p/p2p_pd.c | 12 +++++-------
|
||||
1 file changed, 5 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
|
||||
index 3994ec03f86b..05fd593494ef 100644
|
||||
--- a/src/p2p/p2p_pd.c
|
||||
+++ b/src/p2p/p2p_pd.c
|
||||
@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa,
|
||||
goto out;
|
||||
}
|
||||
|
||||
+ dev = p2p_get_device(p2p, sa);
|
||||
if (!dev) {
|
||||
- dev = p2p_get_device(p2p, sa);
|
||||
- if (!dev) {
|
||||
- p2p_dbg(p2p,
|
||||
- "Provision Discovery device not found "
|
||||
- MACSTR, MAC2STR(sa));
|
||||
- goto out;
|
||||
- }
|
||||
+ p2p_dbg(p2p,
|
||||
+ "Provision Discovery device not found "
|
||||
+ MACSTR, MAC2STR(sa));
|
||||
+ goto out;
|
||||
}
|
||||
} else if (msg.wfd_subelems) {
|
||||
wpabuf_free(dev->info.wfd_subelems);
|
||||
--
|
||||
2.25.1
|
||||
|
@ -1,39 +0,0 @@
|
||||
From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <947272febe24a8f0ea828b5b2f35f13c3821901e.1612435525.git.davide.caratti@gmail.com>
|
||||
From: Jouni Malinen <jouni@codeaurora.org>
|
||||
Date: Mon, 9 Nov 2020 11:43:12 +0200
|
||||
Subject: [PATCH] P2P: Fix copying of secondary device types for P2P group
|
||||
client
|
||||
|
||||
Parsing and copying of WPS secondary device types list was verifying
|
||||
that the contents is not too long for the internal maximum in the case
|
||||
of WPS messages, but similar validation was missing from the case of P2P
|
||||
group information which encodes this information in a different
|
||||
attribute. This could result in writing beyond the memory area assigned
|
||||
for these entries and corrupting memory within an instance of struct
|
||||
p2p_device. This could result in invalid operations and unexpected
|
||||
behavior when trying to free pointers from that corrupted memory.
|
||||
|
||||
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269
|
||||
Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers")
|
||||
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
||||
---
|
||||
src/p2p/p2p.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
|
||||
index 74b7b52ae..5cbfc217f 100644
|
||||
--- a/src/p2p/p2p.c
|
||||
+++ b/src/p2p/p2p.c
|
||||
@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev,
|
||||
dev->info.config_methods = cli->config_methods;
|
||||
os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8);
|
||||
dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types;
|
||||
+ if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN)
|
||||
+ dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN;
|
||||
os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types,
|
||||
dev->info.wps_sec_dev_type_list_len);
|
||||
}
|
||||
--
|
||||
2.29.2
|
||||
|
@ -1,62 +0,0 @@
|
||||
From 7800725afb27397f7d6033d4969e2aeb61af4737 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <7800725afb27397f7d6033d4969e2aeb61af4737.1602780273.git.davide.caratti@gmail.com>
|
||||
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||
Date: Sun, 13 Oct 2019 15:18:54 +0200
|
||||
Subject: [PATCH] dbus: Export OWE capability and OWE BSS key_mgmt
|
||||
|
||||
Export a new 'owe' capability to indicate that wpa_supplicant was
|
||||
built with OWE support and accepts 'key_mgmt=OWE'. Also, support 'owe'
|
||||
in the array of BSS' available key managements.
|
||||
|
||||
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
|
||||
---
|
||||
wpa_supplicant/dbus/dbus_new_handlers.c | 12 +++++++++---
|
||||
1 file changed, 9 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
index d2c84e5c5..1206c3cde 100644
|
||||
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
@@ -984,8 +984,7 @@ dbus_bool_t wpas_dbus_getter_global_capabilities(
|
||||
const struct wpa_dbus_property_desc *property_desc,
|
||||
DBusMessageIter *iter, DBusError *error, void *user_data)
|
||||
{
|
||||
- const char *capabilities[10] = { NULL, NULL, NULL, NULL, NULL, NULL,
|
||||
- NULL, NULL, NULL, NULL };
|
||||
+ const char *capabilities[11];
|
||||
size_t num_items = 0;
|
||||
#ifdef CONFIG_FILS
|
||||
struct wpa_global *global = user_data;
|
||||
@@ -1028,6 +1027,9 @@ dbus_bool_t wpas_dbus_getter_global_capabilities(
|
||||
#ifdef CONFIG_SHA384
|
||||
capabilities[num_items++] = "sha384";
|
||||
#endif /* CONFIG_SHA384 */
|
||||
+#ifdef CONFIG_OWE
|
||||
+ capabilities[num_items++] = "owe";
|
||||
+#endif /* CONFIG_OWE */
|
||||
|
||||
return wpas_dbus_simple_array_property_getter(iter,
|
||||
DBUS_TYPE_STRING,
|
||||
@@ -4491,7 +4493,7 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop(
|
||||
DBusMessageIter iter_dict, variant_iter;
|
||||
const char *group;
|
||||
const char *pairwise[5]; /* max 5 pairwise ciphers is supported */
|
||||
- const char *key_mgmt[15]; /* max 15 key managements may be supported */
|
||||
+ const char *key_mgmt[16]; /* max 16 key managements may be supported */
|
||||
int n;
|
||||
|
||||
if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
|
||||
@@ -4544,6 +4546,10 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop(
|
||||
if (ie_data->key_mgmt & WPA_KEY_MGMT_FT_SAE)
|
||||
key_mgmt[n++] = "ft-sae";
|
||||
#endif /* CONFIG_SAE */
|
||||
+#ifdef CONFIG_OWE
|
||||
+ if (ie_data->key_mgmt & WPA_KEY_MGMT_OWE)
|
||||
+ key_mgmt[n++] = "owe";
|
||||
+#endif /* CONFIG_OWE */
|
||||
if (ie_data->key_mgmt & WPA_KEY_MGMT_NONE)
|
||||
key_mgmt[n++] = "wpa-none";
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,49 +1,35 @@
|
||||
--- wpa_supplicant-0.6.3/src/utils/wpa_debug.c.flush-debug 2007-07-30 23:15:34.000000000 -0400
|
||||
+++ wpa_supplicant-0.6.3/src/utils/wpa_debug.c 2007-07-30 23:17:06.000000000 -0400
|
||||
@@ -157,6 +157,7 @@ void wpa_debug_print_timestamp(void)
|
||||
if (out_file) {
|
||||
--- a/src/utils/wpa_debug.c
|
||||
+++ b/src/utils/wpa_debug.c
|
||||
@@ -79,6 +79,7 @@ void wpa_debug_print_timestamp(void)
|
||||
if (out_file)
|
||||
fprintf(out_file, "%ld.%06u: ", (long) tv.sec,
|
||||
(unsigned int) tv.usec);
|
||||
+ fflush(out_file);
|
||||
} else
|
||||
+ fflush(out_file);
|
||||
#endif /* CONFIG_DEBUG_FILE */
|
||||
printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec);
|
||||
@@ -185,6 +186,7 @@ void wpa_printf(int level, char *fmt, ..
|
||||
if (out_file) {
|
||||
if (!out_file && !wpa_debug_syslog)
|
||||
printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec);
|
||||
@@ -230,6 +231,7 @@ void wpa_printf(int level, const char *f
|
||||
va_start(ap, fmt);
|
||||
vfprintf(out_file, fmt, ap);
|
||||
fprintf(out_file, "\n");
|
||||
+ fflush(out_file);
|
||||
} else {
|
||||
va_end(ap);
|
||||
}
|
||||
#endif /* CONFIG_DEBUG_FILE */
|
||||
vprintf(fmt, ap);
|
||||
@@ -217,6 +219,7 @@ static void _wpa_hexdump(int level, cons
|
||||
@@ -365,6 +367,7 @@ static void _wpa_hexdump(int level, cons
|
||||
fprintf(out_file, " [REMOVED]");
|
||||
}
|
||||
fprintf(out_file, "\n");
|
||||
+ fflush(out_file);
|
||||
} else {
|
||||
}
|
||||
#endif /* CONFIG_DEBUG_FILE */
|
||||
printf("%s - hexdump(len=%lu):", title, (unsigned long) len);
|
||||
@@ -262,12 +265,14 @@ static void _wpa_hexdump_ascii(int level
|
||||
fprintf(out_file,
|
||||
"%s - hexdump_ascii(len=%lu): [REMOVED]\n",
|
||||
title, (unsigned long) len);
|
||||
+ fflush(out_file);
|
||||
return;
|
||||
}
|
||||
if (buf == NULL) {
|
||||
fprintf(out_file,
|
||||
"%s - hexdump_ascii(len=%lu): [NULL]\n",
|
||||
title, (unsigned long) len);
|
||||
+ fflush(out_file);
|
||||
return;
|
||||
}
|
||||
fprintf(out_file, "%s - hexdump_ascii(len=%lu):\n",
|
||||
@@ -292,6 +297,7 @@ static void _wpa_hexdump_ascii(int level
|
||||
pos += llen;
|
||||
len -= llen;
|
||||
if (!wpa_debug_syslog && !out_file) {
|
||||
@@ -468,6 +471,8 @@ static void _wpa_hexdump_ascii(int level
|
||||
}
|
||||
}
|
||||
file_done:
|
||||
+ if (out_file)
|
||||
+ fflush(out_file);
|
||||
} else {
|
||||
#endif /* CONFIG_DEBUG_FILE */
|
||||
if (!show) {
|
||||
if (!wpa_debug_syslog && !out_file) {
|
||||
if (!show) {
|
||||
|
@ -9,12 +9,10 @@ different locations.
|
||||
wpa_supplicant/Makefile | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
|
||||
index ad9ead9..b19676d 100644
|
||||
--- a/wpa_supplicant/Makefile
|
||||
+++ b/wpa_supplicant/Makefile
|
||||
@@ -11,6 +11,9 @@ export INCDIR ?= /usr/local/include/
|
||||
export BINDIR ?= /usr/local/sbin/
|
||||
@@ -35,6 +35,9 @@ export INCDIR ?= /usr/local/include
|
||||
export BINDIR ?= /usr/local/sbin
|
||||
PKG_CONFIG ?= pkg-config
|
||||
|
||||
+QMAKE ?= qmake
|
||||
@ -23,7 +21,7 @@ index ad9ead9..b19676d 100644
|
||||
CFLAGS += $(EXTRA_CFLAGS)
|
||||
CFLAGS += -I$(abspath ../src)
|
||||
CFLAGS += -I$(abspath ../src/utils)
|
||||
@@ -1787,10 +1790,10 @@ wpa_gui:
|
||||
@@ -2039,10 +2042,10 @@ wpa_gui:
|
||||
@echo "wpa_gui has been removed - see wpa_gui-qt4 for replacement"
|
||||
|
||||
wpa_gui-qt4/Makefile:
|
||||
@ -36,6 +34,3 @@ index ad9ead9..b19676d 100644
|
||||
|
||||
wpa_gui-qt4: wpa_gui-qt4/Makefile wpa_gui-qt4/lang/wpa_gui_de.qm
|
||||
$(MAKE) -C wpa_gui-qt4
|
||||
--
|
||||
2.6.2
|
||||
|
||||
|
@ -1,210 +0,0 @@
|
||||
From b2ad4e6b24ed0271ca76cb27856def0a701fb778 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <b2ad4e6b24ed0271ca76cb27856def0a701fb778.1572271835.git.davide.caratti@gmail.com>
|
||||
From: Davide Caratti <davide.caratti@gmail.com>
|
||||
Date: Wed, 2 Oct 2019 14:08:41 +0200
|
||||
Subject: [PATCH] D-Bus: Fix P2P NULL dereference after interface removal
|
||||
|
||||
When the P2P management interface is deleted, P2P is then disabled and
|
||||
global->p2p_init_wpa_s is set to NULL. After that, other interfaces can
|
||||
still trigger P2P functions (like wpas_p2p_find()) using D-Bus. This
|
||||
makes wpa_supplicant terminate with SIGSEGV, because it dereferences a
|
||||
NULL pointer. Fix this by adding proper checks, like it's done with
|
||||
wpa_cli.
|
||||
|
||||
CC: Beniamino Galvani <bgalvani@redhat.com>
|
||||
CC: Benjamin Berg <benjamin@sipsolutions.net>
|
||||
Reported-by: Vladimir Benes <vbenes@redhat.com>
|
||||
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
|
||||
---
|
||||
wpa_supplicant/dbus/dbus_new_handlers_p2p.c | 69 ++++++++++++++++++++-
|
||||
1 file changed, 67 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
|
||||
index 8cdd88564..19715eb4c 100644
|
||||
--- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
|
||||
+++ b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
|
||||
@@ -40,6 +40,14 @@ static int wpas_dbus_validate_dbus_ipaddr(struct wpa_dbus_dict_entry entry)
|
||||
}
|
||||
|
||||
|
||||
+static dbus_bool_t no_p2p_mgmt_interface(DBusError *error)
|
||||
+{
|
||||
+ dbus_set_error_const(error, WPAS_DBUS_ERROR_IFACE_UNKNOWN,
|
||||
+ "Could not find P2P mgmt interface");
|
||||
+ return FALSE;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/**
|
||||
* Parses out the mac address from the peer object path.
|
||||
* @peer_path - object path of the form
|
||||
@@ -78,6 +86,22 @@ wpas_dbus_error_persistent_group_unknown(DBusMessage *message)
|
||||
}
|
||||
|
||||
|
||||
+/**
|
||||
+ * wpas_dbus_error_no_p2p_mgmt_iface - Return a new InterfaceUnknown error
|
||||
+ * message
|
||||
+ * @message: Pointer to incoming dbus message this error refers to
|
||||
+ * Returns: a dbus error message
|
||||
+ *
|
||||
+ * Convenience function to create and return an unknown interface error.
|
||||
+ */
|
||||
+static DBusMessage * wpas_dbus_error_no_p2p_mgmt_iface(DBusMessage *message)
|
||||
+{
|
||||
+ wpa_printf(MSG_DEBUG, "dbus: Could not find P2P mgmt interface");
|
||||
+ return dbus_message_new_error(message, WPAS_DBUS_ERROR_IFACE_UNKNOWN,
|
||||
+ "Could not find P2P mgmt interface");
|
||||
+}
|
||||
+
|
||||
+
|
||||
DBusMessage * wpas_dbus_handler_p2p_find(DBusMessage *message,
|
||||
struct wpa_supplicant *wpa_s)
|
||||
{
|
||||
@@ -145,6 +169,10 @@ DBusMessage * wpas_dbus_handler_p2p_find(DBusMessage *message,
|
||||
}
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s) {
|
||||
+ reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
+ goto error_nop2p;
|
||||
+ }
|
||||
|
||||
if (wpas_p2p_find(wpa_s, timeout, type, num_req_dev_types,
|
||||
req_dev_types, NULL, 0, 0, NULL, freq))
|
||||
@@ -157,8 +185,9 @@ DBusMessage * wpas_dbus_handler_p2p_find(DBusMessage *message,
|
||||
error_clear:
|
||||
wpa_dbus_dict_entry_clear(&entry);
|
||||
error:
|
||||
- os_free(req_dev_types);
|
||||
reply = wpas_dbus_error_invalid_args(message, entry.key);
|
||||
+error_nop2p:
|
||||
+ os_free(req_dev_types);
|
||||
return reply;
|
||||
}
|
||||
|
||||
@@ -166,7 +195,9 @@ error:
|
||||
DBusMessage * wpas_dbus_handler_p2p_stop_find(DBusMessage *message,
|
||||
struct wpa_supplicant *wpa_s)
|
||||
{
|
||||
- wpas_p2p_stop_find(wpa_s->global->p2p_init_wpa_s);
|
||||
+ wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (wpa_s)
|
||||
+ wpas_p2p_stop_find(wpa_s);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -185,6 +216,8 @@ DBusMessage * wpas_dbus_handler_p2p_rejectpeer(DBusMessage *message,
|
||||
return wpas_dbus_error_invalid_args(message, NULL);
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
|
||||
if (wpas_p2p_reject(wpa_s, peer_addr) < 0)
|
||||
return wpas_dbus_error_unknown_error(message,
|
||||
@@ -204,6 +237,8 @@ DBusMessage * wpas_dbus_handler_p2p_listen(DBusMessage *message,
|
||||
return wpas_dbus_error_no_memory(message);
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
|
||||
if (wpas_p2p_listen(wpa_s, (unsigned int) timeout)) {
|
||||
return dbus_message_new_error(message,
|
||||
@@ -245,6 +280,8 @@ DBusMessage * wpas_dbus_handler_p2p_extendedlisten(
|
||||
}
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
|
||||
if (wpas_p2p_ext_listen(wpa_s, period, interval))
|
||||
return wpas_dbus_error_unknown_error(
|
||||
@@ -350,6 +387,10 @@ DBusMessage * wpas_dbus_handler_p2p_group_add(DBusMessage *message,
|
||||
}
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s) {
|
||||
+ reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
if (pg_object_path != NULL) {
|
||||
char *net_id_str;
|
||||
@@ -433,6 +474,12 @@ static dbus_bool_t wpa_dbus_p2p_check_enabled(struct wpa_supplicant *wpa_s,
|
||||
"P2P is not available for this interface");
|
||||
return FALSE;
|
||||
}
|
||||
+ if (!wpa_s->global->p2p_init_wpa_s) {
|
||||
+ if (out_reply)
|
||||
+ *out_reply = wpas_dbus_error_no_p2p_mgmt_iface(
|
||||
+ message);
|
||||
+ return no_p2p_mgmt_interface(error);
|
||||
+ }
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@@ -822,6 +869,8 @@ DBusMessage * wpas_dbus_handler_p2p_prov_disc_req(DBusMessage *message,
|
||||
return wpas_dbus_error_invalid_args(message, NULL);
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
|
||||
if (wpas_p2p_prov_disc(wpa_s, peer_addr, config_method,
|
||||
WPAS_P2P_PD_FOR_GO_NEG, NULL) < 0)
|
||||
@@ -1882,6 +1931,8 @@ dbus_bool_t wpas_dbus_getter_p2p_peer_groups(
|
||||
|
||||
wpa_s = peer_args->wpa_s;
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return no_p2p_mgmt_interface(error);
|
||||
|
||||
wpa_s_go = wpas_get_p2p_client_iface(wpa_s, info->p2p_device_addr);
|
||||
if (wpa_s_go) {
|
||||
@@ -1963,6 +2014,9 @@ dbus_bool_t wpas_dbus_getter_persistent_groups(
|
||||
dbus_bool_t success = FALSE;
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return no_p2p_mgmt_interface(error);
|
||||
+
|
||||
if (!wpa_s->parent->dbus_new_path)
|
||||
return FALSE;
|
||||
|
||||
@@ -2077,6 +2131,11 @@ DBusMessage * wpas_dbus_handler_add_persistent_group(
|
||||
dbus_message_iter_init(message, &iter);
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s) {
|
||||
+ reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
if (wpa_s->parent->dbus_new_path)
|
||||
ssid = wpa_config_add_network(wpa_s->conf);
|
||||
if (ssid == NULL) {
|
||||
@@ -2159,6 +2218,10 @@ DBusMessage * wpas_dbus_handler_remove_persistent_group(
|
||||
DBUS_TYPE_INVALID);
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s) {
|
||||
+ reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Extract the network ID and ensure the network is actually a child of
|
||||
@@ -2235,6 +2298,8 @@ DBusMessage * wpas_dbus_handler_remove_all_persistent_groups(
|
||||
struct wpa_config *config;
|
||||
|
||||
wpa_s = wpa_s->global->p2p_init_wpa_s;
|
||||
+ if (!wpa_s)
|
||||
+ return wpas_dbus_error_no_p2p_mgmt_iface(message);
|
||||
|
||||
config = wpa_s->conf;
|
||||
ssid = config->ssid;
|
||||
--
|
||||
2.21.0
|
||||
|
@ -6,8 +6,8 @@
|
||||
Summary: WPA/WPA2/IEEE 802.1X Supplicant
|
||||
Name: wpa_supplicant
|
||||
Epoch: 1
|
||||
Version: 2.9
|
||||
Release: 5%{?dist}
|
||||
Version: 2.10
|
||||
Release: 1%{?dist}
|
||||
License: BSD
|
||||
Group: System Environment/Base
|
||||
Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz
|
||||
@ -31,20 +31,6 @@ Patch3: wpa_supplicant-quiet-scan-results-message.patch
|
||||
Patch5: rh1542234-remove-wpa_gui.patch
|
||||
Patch6: wpa_supplicant-gui-qt4.patch
|
||||
|
||||
Patch7: wpa_supplicant-p2p-segfault-on-iface-removal.patch
|
||||
# fix for CVE-2019-16275
|
||||
Patch8: 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
|
||||
# fix for bz1693684
|
||||
Patch9: wpa_supplicant-P2P-Always-use-global-p2p_long_listen.patch
|
||||
# fix for bz1888050
|
||||
Patch10: wpa_supplicant-D-Bus-Allow-changing-an-interface-bridge-via-D-Bus.patch
|
||||
# fix for bz1888718
|
||||
Patch11: wpa_supplicant-dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch
|
||||
# fix for CVE-2021-0326
|
||||
Patch12: wpa_supplicant-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
|
||||
# fix for CVE-2021-27803
|
||||
Patch13: wpa_supplicant-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
|
||||
|
||||
URL: http://w1.fi/wpa_supplicant/
|
||||
|
||||
%if %{build_gui}
|
||||
@ -87,7 +73,7 @@ Graphical User Interface for wpa_supplicant written using QT
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -n %{name}-%{version}%{rcver}
|
||||
%autosetup -p1 -n %{name}-%{version}%{rcver}%{snapshot}
|
||||
|
||||
%build
|
||||
pushd wpa_supplicant
|
||||
@ -187,7 +173,17 @@ chmod -R 0644 %{name}/examples/*.py
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Mar 1 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-5
|
||||
* Thu Jan 20 2022 Davide Caratti <dcaratti@redhat.com> - 1:2.10-1
|
||||
- Update to version 2.10 (rh #2042104)
|
||||
|
||||
* Thu Dec 9 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-6.20211112gitc8b94bc7b347
|
||||
- restore WEP functionality (rh #2028839)
|
||||
|
||||
* Fri Nov 12 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-5.20211112gitc8b94bc7b347
|
||||
- Update to latest upstream tree to include support for H2E
|
||||
Resolves: rhbz#2007333
|
||||
|
||||
* Fri Mar 5 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-5
|
||||
- P2P: Fix a corner case in peer addition based on PD Request (CVE-2021-27803)
|
||||
- Fix buffer overflow when processing P2P group information (CVE-2021-0326)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user