rpms/wpa_supplicant
7
0
Fork 0
Code Issues Pull Requests Releases Activity

nl80211: Fix race condition in detecting MAC change (rh #1451834)

Browse Source
This commit is contained in:
Beniamino Galvani 2017-05-17 17:27:19 +02:00
parent e688ea7718
commit 68b720b838
2 changed files with 106 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch Normal file
View File

@ -0,0 +1,99 @@
From 290834df69556b903b49f2a45671cc62b44f13bb Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Fri, 28 Apr 2017 17:59:30 +0200
Subject: [PATCH] nl80211: Fix race condition in detecting MAC change
Commit 3e0272ca00ce1df35b45e7d739dd7e935f13fd84 ('nl80211: Re-read MAC
address on RTM_NEWLINK') added the detection of external changes to MAC
address when the interface is brought up.
If the interface state is changed quickly enough, wpa_supplicant may
receive the netlink message for the !IFF_UP event when the interface
has already been brought up and would ignore the next netlink IFF_UP
message, missing the MAC change.
Fix this by also reloading the MAC address when a !IFF_UP event is
received with the interface up, because this implies that the
interface went down and up again, possibly changing the address.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
---
src/drivers/driver_nl80211.c | 47 +++++++++++++++++++++++++-------------------
1 file changed, 27 insertions(+), 20 deletions(-)
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index af1cb84..24fad29 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -933,6 +933,30 @@ nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len)
}
+static void nl80211_refresh_mac(struct wpa_driver_nl80211_data *drv,
+ int ifindex)
+{
+ struct i802_bss *bss;
+ u8 addr[ETH_ALEN];
+
+ bss = get_bss_ifindex(drv, ifindex);
+ if (bss &&
+ linux_get_ifhwaddr(drv->global->ioctl_sock,
+ bss->ifname, addr) < 0) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: %s: failed to re-read MAC address",
+ bss->ifname);
+ } else if (bss && os_memcmp(addr, bss->addr, ETH_ALEN) != 0) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Own MAC address on ifindex %d (%s) changed from "
+ MACSTR " to " MACSTR,
+ ifindex, bss->ifname,
+ MAC2STR(bss->addr), MAC2STR(addr));
+ os_memcpy(bss->addr, addr, ETH_ALEN);
+ }
+}
+
+
static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
struct ifinfomsg *ifi,
u8 *buf, size_t len)
@@ -997,6 +1021,8 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
namebuf[0] = '\0';
if (if_indextoname(ifi->ifi_index, namebuf) &&
linux_iface_up(drv->global->ioctl_sock, namebuf) > 0) {
+ /* Re-read MAC address as it may have changed */
+ nl80211_refresh_mac(drv, ifi->ifi_index);
wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
"event since interface %s is up", namebuf);
drv->ignore_if_down_event = 0;
@@ -1044,27 +1070,8 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
"event since interface %s is marked "
"removed", drv->first_bss->ifname);
} else {
- struct i802_bss *bss;
- u8 addr[ETH_ALEN];
-
/* Re-read MAC address as it may have changed */
- bss = get_bss_ifindex(drv, ifi->ifi_index);
- if (bss &&
- linux_get_ifhwaddr(drv->global->ioctl_sock,
- bss->ifname, addr) < 0) {
- wpa_printf(MSG_DEBUG,
- "nl80211: %s: failed to re-read MAC address",
- bss->ifname);
- } else if (bss &&
- os_memcmp(addr, bss->addr, ETH_ALEN) != 0) {
- wpa_printf(MSG_DEBUG,
- "nl80211: Own MAC address on ifindex %d (%s) changed from "
- MACSTR " to " MACSTR,
- ifi->ifi_index, bss->ifname,
- MAC2STR(bss->addr),
- MAC2STR(addr));
- os_memcpy(bss->addr, addr, ETH_ALEN);
- }
+ nl80211_refresh_mac(drv, ifi->ifi_index);
wpa_printf(MSG_DEBUG, "nl80211: Interface up");
drv->if_disabled = 0;
--
2.9.3

8
wpa_supplicant.spec
View File

@ -7,7 +7,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant
Name: wpa_supplicant Name: wpa_supplicant
Epoch: 1 Epoch: 1
Version: 2.6 Version: 2.6
Release: 6%{?dist} Release: 7%{?dist}
License: BSD License: BSD
Group: System Environment/Base Group: System Environment/Base
Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz
@ -75,6 +75,8 @@ Patch44: macsec-0036-mka-Fix-the-order-of-operations-in-secure-channel-de.patch
Patch45: macsec-0037-mka-Fix-use-after-free-when-receive-secure-channels-.patch Patch45: macsec-0037-mka-Fix-use-after-free-when-receive-secure-channels-.patch
Patch46: macsec-0038-mka-Fix-use-after-free-when-transmit-secure-channels.patch Patch46: macsec-0038-mka-Fix-use-after-free-when-transmit-secure-channels.patch
Patch47: macsec-0039-macsec_linux-Fix-NULL-pointer-dereference-on-error-c.patch Patch47: macsec-0039-macsec_linux-Fix-NULL-pointer-dereference-on-error-c.patch
# upstream patch not in 2.6
Patch48: rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch
URL: http://w1.fi/wpa_supplicant/ URL: http://w1.fi/wpa_supplicant/
@ -164,6 +166,7 @@ Graphical User Interface for wpa_supplicant written using QT
%patch45 -p1 -b .macsec-0037 %patch45 -p1 -b .macsec-0037
%patch46 -p1 -b .macsec-0038 %patch46 -p1 -b .macsec-0038
%patch47 -p1 -b .macsec-0039 %patch47 -p1 -b .macsec-0039
%patch48 -p1 -b .rh1447073-detect-mac-change
%build %build
pushd wpa_supplicant pushd wpa_supplicant
@ -264,6 +267,9 @@ chmod -R 0644 %{name}/examples/*.py
%endif %endif
%changelog %changelog
* Wed May 17 2017 Beniamino Galvani <bgalvani@redhat.com> - 1:2.6-7
- nl80211: Fix race condition in detecting MAC change (rh #1451834)
* Wed Apr 11 2017 Davide Caratti <dcaratti@redhat.com> - 1:2.6-6 * Wed Apr 11 2017 Davide Caratti <dcaratti@redhat.com> - 1:2.6-6
- Fix use-after-free when macsec secure channels are deleted - Fix use-after-free when macsec secure channels are deleted
- Fix segmentation fault in case macsec module is not loaded (rh#1428937) - Fix segmentation fault in case macsec module is not loaded (rh#1428937)