rpms/wpa_supplicant
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Fix PEAP connections to Windows Server 2008 authenticators (rh #465022)

Browse Source 
- Stop supplicant on uninstall (rh #447843)
- Suppress scan results message in logs (rh #466601)
This commit is contained in:
Daniel Williams 2009-01-30 17:45:46 +00:00
parent e9bd286f5c
commit e7c2862af3
9 changed files with 24 additions and 367 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -7,3 +7,4 @@ wpa_supplicant-0.4.9.tar.gz
wpa_supplicant-0.5.7.tar.gz
wpa_supplicant-0.6.3.tar.gz
wpa_supplicant-0.6.4.tar.gz
wpa_supplicant-0.6.7.tar.gz

2
sources
View File

@ -1 +1 @@
eb06a9a05d3916addf9451297a558aa2 wpa_supplicant-0.6.4.tar.gz
b61f6e94b63f92173f4286b5e6a84140 wpa_supplicant-0.6.7.tar.gz

85
wpa_supplicant-0.6.4-handle-invalid-ies.patch
View File

@ -1,85 +0,0 @@
commit fd630bc183fb79d0a14b5f3a346544f3d277bd05
Author: Jouni Malinen <jouni.malinen@atheros.com>
Date: Wed Aug 27 09:52:16 2008 +0300
Fixed WEXT scan result parser to not crash on invalid IEs (zero len buffer)
If IWEVGENIE or custom event wpa_ie/rsn_ie is received in scan with empty
buffer, the previous version ended up calling realloc(NULL, 0) which seems
to return a non-NULL value in some cases. When this return value is passed
again into realloc with realloc(ptr, 0), the returned value could be NULL.
If the ptr is then freed (os_free(data.ie) in SIOCGIWAP handling), glibc
may crash due to invalid pointer being freed (or double-freed?). The
non-NULL realloc(NULL, 0) return value from glibc looks a bit odd behavior,
but anyway, better avoid this case completely and just skip the IE events
that have an empty buffer.
This issue should not show up with drivers that produce proper scan results
since the IEs will always include the two-octet header. However, it seems
to be possible to see this when using 64-bit kernel and 32-bit userspace
with incorrect compat-ioctl processing.
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 45e3e1f..98dddd6 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -1618,6 +1618,9 @@ static void wext_get_scan_iwevgenie(struct iw_event *iwe,
char *genie, *gpos, *gend;
u8 *tmp;
+ if (iwe->u.data.length == 0)
+ return;
+
gpos = genie = custom;
gend = genie + iwe->u.data.length;
if (gend > end) {
@@ -1650,7 +1653,7 @@ static void wext_get_scan_custom(struct iw_event *iwe,
int bytes;
spos = custom + 7;
bytes = custom + clen - spos;
- if (bytes & 1)
+ if (bytes & 1 || bytes == 0)
return;
bytes /= 2;
tmp = os_realloc(res->ie, res->ie_len + bytes);
@@ -1664,7 +1667,7 @@ static void wext_get_scan_custom(struct iw_event *iwe,
int bytes;
spos = custom + 7;
bytes = custom + clen - spos;
- if (bytes & 1)
+ if (bytes & 1 || bytes == 0)
return;
bytes /= 2;
tmp = os_realloc(res->ie, res->ie_len + bytes);
diff --git a/src/drivers/driver_wext.c b/src/drivers/driver_wext.c
index 6aac427..a3c4733 100644
--- a/src/drivers/driver_wext.c
+++ b/src/drivers/driver_wext.c
@@ -1447,6 +1447,9 @@ static void wext_get_scan_iwevgenie(struct iw_event *iwe,
char *genie, *gpos, *gend;
u8 *tmp;
+ if (iwe->u.data.length == 0)
+ return;
+
gpos = genie = custom;
gend = genie + iwe->u.data.length;
if (gend > end) {
@@ -1479,7 +1482,7 @@ static void wext_get_scan_custom(struct iw_event *iwe,
int bytes;
spos = custom + 7;
bytes = custom + clen - spos;
- if (bytes & 1)
+ if (bytes & 1 || bytes == 0)
return;
bytes /= 2;
tmp = os_realloc(res->ie, res->ie_len + bytes);
@@ -1493,7 +1496,7 @@ static void wext_get_scan_custom(struct iw_event *iwe,
int bytes;
spos = custom + 7;
bytes = custom + clen - spos;
- if (bytes & 1)
+ if (bytes & 1 || bytes == 0)
return;
bytes /= 2;
tmp = os_realloc(res->ie, res->ie_len + bytes);

23
wpa_supplicant-0.6.4-scan-fixes-1.patch
View File

@ -1,23 +0,0 @@
commit 2064c2f98515016c376f3b69bfe161c85639e764
Author: Dan Nicholson <dbn.lists@gmail.com>
Date: Wed Sep 24 12:48:33 2008 +0300
Restore scan request settings if initial association failed
The scan path to initiate another scan if the initial association failed
was broken due to wpa_s->scan_req being zeroed earlier in
wpa_supplicant_scan(). This caused the second scan to bail out early
since it thought this was not a requested scan.
diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index c2549e2..8767109 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -137,6 +137,7 @@ static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
if (wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1 &&
!wpa_s->use_client_mlme) {
wpa_s->scan_res_tried++;
+ wpa_s->scan_req = scan_req;
wpa_printf(MSG_DEBUG, "Trying to get current scan results "
"first without requesting a new scan to speed up "
"initial association");

37
wpa_supplicant-0.6.4-scan-fixes-2.patch
View File

@ -1,37 +0,0 @@
commit 23e072374ea500002b8beec5d0e87f9fc6a7609c
Author: Dan Nicholson <dbn.lists@gmail.com>
Date: Wed Sep 24 12:51:08 2008 +0300
Don't post scan results when initial scan is emtpy
When the initial scan is made, just the cached results from the driver
are used. If this is empty, it's useless to post the results since
another scan is being scheduled immediately. This just causes extra
processing from listeners for no gain.
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 0f9b338..04e3152 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -551,9 +551,18 @@ static void wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s)
goto req_scan;
}
- wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
-
- wpa_supplicant_dbus_notify_scan_results(wpa_s);
+ /*
+ * Don't post the results if this was the initial cached
+ * and there were no results.
+ */
+ if (wpa_s->scan_res_tried == 1 && wpa_s->conf->ap_scan == 1 &&
+ wpa_s->scan_res->num == 0) {
+ wpa_msg(wpa_s, MSG_DEBUG, "Cached scan results are "
+ "empty - not posting");
+ } else {
+ wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
+ wpa_supplicant_dbus_notify_scan_results(wpa_s);
+ }
if (wpa_s->conf->ap_scan == 2 || wpa_s->disconnected)
return;

144
wpa_supplicant-0.6.4-set-mode-handler.patch
View File

@ -1,144 +0,0 @@
commit ec5f180a24cd31ba9d3d7f2abc9dc557fd16602f
Author: Dan Williams <dcbw@redhat.com>
Date: Mon Sep 29 16:45:49 2008 +0300
Add an optional set_mode() driver_ops handler for setting mode before keys
A bug just got reported as a result of this for mac80211 drivers.
https://bugzilla.redhat.com/show_bug.cgi?id=459399
The basic problem is that since taking the device down clears the keys
from the driver on many mac80211-based cards, and since the mode gets
set _after_ the keys have been set in the driver, the keys get cleared
on a mode switch and the resulting association is wrong. The report is
about ad-hoc mode specifically, but this could happen when switching
from adhoc back to managed mode.
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 70dc075..77a2ceb 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -929,6 +929,20 @@ struct wpa_driver_ops {
* Returns: 0 on success, -1 on failure
*/
int (*set_probe_req_ie)(void *, const u8 *ies, size_t ies_len);
+
+ /**
+ * set_mode - Request driver to set the operating mode
+ * @priv: private driver interface data
+ * @mode: Operation mode (infra/ibss) IEEE80211_MODE_*
+ *
+ * This handler will be called before any key configuration and call to
+ * associate() handler in order to allow the operation mode to be
+ * configured as early as possible. This information is also available
+ * in associate() params and as such, some driver wrappers may not need
+ * to implement set_mode() handler.
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*set_mode)(void *priv, int mode);
};
/**
diff --git a/src/drivers/driver_ndis.c b/src/drivers/driver_ndis.c
index da4f90f..f55bd2e 100644
--- a/src/drivers/driver_ndis.c
+++ b/src/drivers/driver_ndis.c
@@ -2829,5 +2829,7 @@ const struct wpa_driver_ops wpa_driver_ndis_ops = {
NULL /* mlme_remove_sta */,
NULL /* update_ft_ies */,
NULL /* send_ft_action */,
- wpa_driver_ndis_get_scan_results
+ wpa_driver_ndis_get_scan_results,
+ NULL /* set_probe_req_ie */,
+ NULL /* set_mode */
};
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 98dddd6..a207363 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -2226,8 +2226,6 @@ static int wpa_driver_nl80211_associate(
wpa_driver_nl80211_set_bssid(drv, NULL) < 0)
ret = -1;
- if (wpa_driver_nl80211_set_mode(drv, params->mode) < 0)
- ret = -1;
/* TODO: should consider getting wpa version and cipher/key_mgmt suites
* from configuration, not from here, where only the selected suite is
* available */
@@ -2859,6 +2857,7 @@ const struct wpa_driver_ops wpa_driver_nl80211_ops = {
.get_scan_results2 = wpa_driver_nl80211_get_scan_results,
.deauthenticate = wpa_driver_nl80211_deauthenticate,
.disassociate = wpa_driver_nl80211_disassociate,
+ .set_mode = wpa_driver_nl80211_set_mode,
.associate = wpa_driver_nl80211_associate,
.set_auth_alg = wpa_driver_nl80211_set_auth_alg,
.init = wpa_driver_nl80211_init,
diff --git a/src/drivers/driver_test.c b/src/drivers/driver_test.c
index 5c6e6f1..7f7f129 100644
--- a/src/drivers/driver_test.c
+++ b/src/drivers/driver_test.c
@@ -982,5 +982,6 @@ const struct wpa_driver_ops wpa_driver_test_ops = {
NULL /* update_ft_ies */,
NULL /* send_ft_action */,
wpa_driver_test_get_scan_results2,
- NULL /* set_probe_req_ie */
+ NULL /* set_probe_req_ie */,
+ NULL /* set_mode */
};
diff --git a/src/drivers/driver_wext.c b/src/drivers/driver_wext.c
index 6b7f1a7..a618a74 100644
--- a/src/drivers/driver_wext.c
+++ b/src/drivers/driver_wext.c
@@ -2206,8 +2206,6 @@ int wpa_driver_wext_associate(void *priv,
wpa_driver_wext_set_bssid(drv, NULL) < 0)
ret = -1;
- if (wpa_driver_wext_set_mode(drv, params->mode) < 0)
- ret = -1;
/* TODO: should consider getting wpa version and cipher/key_mgmt suites
* from configuration, not from here, where only the selected suite is
* available */
@@ -2782,6 +2780,7 @@ const struct wpa_driver_ops wpa_driver_wext_ops = {
.get_scan_results2 = wpa_driver_wext_get_scan_results,
.deauthenticate = wpa_driver_wext_deauthenticate,
.disassociate = wpa_driver_wext_disassociate,
+ .set_mode = wpa_driver_wext_set_mode,
.associate = wpa_driver_wext_associate,
.set_auth_alg = wpa_driver_wext_set_auth_alg,
.init = wpa_driver_wext_init,
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 4c9482f..a36c65b 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -937,6 +937,11 @@ void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
* previous association. */
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
+ if (wpa_drv_set_mode(wpa_s, ssid->mode)) {
+ wpa_printf(MSG_WARNING, "Failed to set operating mode");
+ assoc_failed = 1;
+ }
+
#ifdef IEEE8021X_EAPOL
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
if (ssid->leap) {
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index a2e3dd5..9afae2a 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -448,6 +448,14 @@ static inline int wpa_drv_set_wpa(struct wpa_supplicant *wpa_s, int enabled)
return 0;
}
+static inline int wpa_drv_set_mode(struct wpa_supplicant *wpa_s, int mode)
+{
+ if (wpa_s->driver->set_mode) {
+ return wpa_s->driver->set_mode(wpa_s->drv_priv, mode);
+ }
+ return 0;
+}
+
static inline int wpa_drv_associate(struct wpa_supplicant *wpa_s,
struct wpa_driver_associate_params *params)
{

65
wpa_supplicant-0.6.4-validate-wext-event.patch
View File

@ -1,65 +0,0 @@
commit 36b5e559f1387d4e02059753ecfb04461d62f381
Author: Jouni Malinen <jouni.malinen@atheros.com>
Date: Sat Sep 27 10:49:56 2008 +0300
Validate WEXT event iwe->u.data.length before using the event data
This is needed to avoid crashing wpa_supplicant with invalid event messages
that may be received when using 64-bit kernel with 32-bit userspace.
diff --git a/src/drivers/driver_wext.c b/src/drivers/driver_wext.c
index a3c4733..6b7f1a7 100644
--- a/src/drivers/driver_wext.c
+++ b/src/drivers/driver_wext.c
@@ -652,12 +652,20 @@ static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
}
break;
case IWEVMICHAELMICFAILURE:
+ if (custom + iwe->u.data.length > end) {
+ wpa_printf(MSG_DEBUG, "WEXT: Invalid "
+ "IWEVMICHAELMICFAILURE length");
+ return;
+ }
wpa_driver_wext_event_wireless_michaelmicfailure(
ctx, custom, iwe->u.data.length);
break;
case IWEVCUSTOM:
- if (custom + iwe->u.data.length > end)
+ if (custom + iwe->u.data.length > end) {
+ wpa_printf(MSG_DEBUG, "WEXT: Invalid "
+ "IWEVCUSTOM length");
return;
+ }
buf = os_malloc(iwe->u.data.length + 1);
if (buf == NULL)
return;
@@ -673,14 +681,29 @@ static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL);
break;
case IWEVASSOCREQIE:
+ if (custom + iwe->u.data.length > end) {
+ wpa_printf(MSG_DEBUG, "WEXT: Invalid "
+ "IWEVASSOCREQIE length");
+ return;
+ }
wpa_driver_wext_event_wireless_assocreqie(
drv, custom, iwe->u.data.length);
break;
case IWEVASSOCRESPIE:
+ if (custom + iwe->u.data.length > end) {
+ wpa_printf(MSG_DEBUG, "WEXT: Invalid "
+ "IWEVASSOCRESPIE length");
+ return;
+ }
wpa_driver_wext_event_wireless_assocrespie(
drv, custom, iwe->u.data.length);
break;
case IWEVPMKIDCAND:
+ if (custom + iwe->u.data.length > end) {
+ wpa_printf(MSG_DEBUG, "WEXT: Invalid "
+ "IWEVPMKIDCAND length");
+ return;
+ }
wpa_driver_wext_event_wireless_pmkidcand(
drv, custom, iwe->u.data.length);
break;

12
wpa_supplicant-0.6.7-quiet-scan-results-message.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up wpa_supplicant-0.6.7/wpa_supplicant/events.c.scan-results-msg wpa_supplicant-0.6.7/wpa_supplicant/events.c
--- wpa_supplicant-0.6.7/wpa_supplicant/events.c.scan-results-msg 2009-01-30 12:08:34.000000000 -0500
+++ wpa_supplicant-0.6.7/wpa_supplicant/events.c 2009-01-30 12:08:37.000000000 -0500
@@ -624,7 +624,7 @@ static void wpa_supplicant_event_scan_re
wpa_msg(wpa_s, MSG_DEBUG, "Cached scan results are "
"empty - not posting");
} else {
- wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
+ wpa_msg(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS);
wpa_supplicant_dbus_notify_scan_results(wpa_s);
wpas_wps_notify_scan_results(wpa_s);
}

22
wpa_supplicant.spec
View File

@ -1,8 +1,8 @@
Summary: WPA/WPA2/IEEE 802.1X Supplicant
Name: wpa_supplicant
Epoch: 1
Version: 0.6.4
Release: 3%{?dist}
Version: 0.6.7
Release: 1%{?dist}
License: BSD
Group: System Environment/Base
Source0: http://hostap.epitest.fi/releases/%{name}-%{version}.tar.gz
@ -17,11 +17,7 @@ Patch1: wpa_supplicant-0.5.7-qmake-location.patch
Patch2: wpa_supplicant-0.5.7-flush-debug-output.patch
Patch3: wpa_supplicant-0.5.7-use-IW_ENCODE_TEMP.patch
Patch4: wpa_supplicant-0.5.10-dbus-service-file.patch
Patch5: wpa_supplicant-0.6.4-handle-invalid-ies.patch
Patch6: wpa_supplicant-0.6.4-scan-fixes-1.patch
Patch7: wpa_supplicant-0.6.4-scan-fixes-2.patch
Patch8: wpa_supplicant-0.6.4-validate-wext-event.patch
Patch9: wpa_supplicant-0.6.4-set-mode-handler.patch
Patch5: wpa_supplicant-0.6.7-quiet-scan-results-message.patch
URL: http://w1.fi/wpa_supplicant/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -54,11 +50,7 @@ Graphical User Interface for wpa_supplicant written using QT3
%patch2 -p1 -b .flush-debug-output
%patch3 -p1 -b .use-IW_ENCODE_TEMP
%patch4 -p1 -b .dbus-service-file
%patch5 -p1 -b .handle-invalid-ies
%patch6 -p1 -b .scan-fixes-1
%patch7 -p1 -b .scan-fixes-2
%patch8 -p1 -b .validate-wext-event
%patch9 -p1 -b .set-mode-handler
%patch5 -p1 -b .quiet-scan-results-msg
%build
pushd wpa_supplicant
@ -122,6 +114,7 @@ fi
%preun
if [ $1 = 0 ]; then
service %{name} stop > /dev/null 2>&1
killall -TERM wpa_supplicant >/dev/null 2>&1
/sbin/chkconfig --del %{name}
fi
@ -148,6 +141,11 @@ fi
%{_bindir}/wpa_gui
%changelog
* Fri Jan 30 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.7-1
- Fix PEAP connections to Windows Server 2008 authenticators (rh #465022)
- Stop supplicant on uninstall (rh #447843)
- Suppress scan results message in logs (rh #466601)
* Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 1:0.6.4-3
- rebuild with new openssl