diff options
author | Linux Build Service Account <lnxbuild@localhost> | 2016-06-24 23:52:38 -0600 |
---|---|---|
committer | Linux Build Service Account <lnxbuild@localhost> | 2016-06-24 23:52:38 -0600 |
commit | 3383d9ecf3f632be58f3e91862d590387797ffbc (patch) | |
tree | 93beababf536c52e955aeb1700d25e989420a277 | |
parent | d660a0127fc500e2a9db4177e362ae9f4386e3c4 (diff) | |
parent | d82caa8696c54df8e422f9b79dda7c004b9a7282 (diff) | |
download | android_external_wpa_supplicant_8-3383d9ecf3f632be58f3e91862d590387797ffbc.tar.gz android_external_wpa_supplicant_8-3383d9ecf3f632be58f3e91862d590387797ffbc.tar.bz2 android_external_wpa_supplicant_8-3383d9ecf3f632be58f3e91862d590387797ffbc.zip |
Promotion of wlan-service.lnx.1.0-00058.
CRs Change ID Subject
--------------------------------------------------------------------------------------------------------------
1007548 I35e8483bdda5c391b95da42c2f577d5e9217f2e2 Remove newlines from wpa_supplicant config network outpu
1007548 Ibb1eeb6b727c27ecc4a2efce57f5394e98051061 Reject SET commands with newline characters in the strin
1007548 Ifa826eb7de2cba5458e8bb31dca3259cb37b4005 Reject psk parameter set with invalid passphrase charact
1007548 I2b439a72af08a744ce5bf74a05b2cac817fe5b05 WPS: Reject a Credential with invalid passphrase
1031991 I2934fbf676c803059e62ba2436c1181efb05a294 hostapd: Skip hostapd ACL check for drivers supporting A
1032710 Ibd9e3dc79cb1a7650b3adc55afdc95818a2e011b eap_proxy: postpone qmi init until demonize
1007548 Ib8222446297317f4e57bdb49597fdf6d19554886 Reject SET_CRED commands with newline characters in the
Change-Id: I7955e55240d97be6022ffad8c2229b5896d9a33a
CRs-Fixed: 1031991, 1007548, 1032710
-rw-r--r-- | src/ap/drv_callbacks.c | 11 | ||||
-rw-r--r-- | src/eap_peer/eap_proxy_qmi.c | 22 | ||||
-rw-r--r-- | src/utils/common.c | 23 | ||||
-rw-r--r-- | src/utils/common.h | 2 | ||||
-rw-r--r-- | src/wps/wps_attr_process.c | 10 | ||||
-rw-r--r-- | wpa_supplicant/config.c | 36 |
6 files changed, 92 insertions, 12 deletions
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index fbbfe12c..cc664d78 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -115,8 +115,15 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, } sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); - res = hostapd_check_acl(hapd, addr, NULL); - if (res != HOSTAPD_ACL_ACCEPT) { + /* + * ACL configurations to the drivers (implementing AP SME and ACL + * offload) without hostapd's knowledge, can result in a disconnection + * though the driver accepts the connection. Skip the hostapd check for + * ACL if the driver supports ACL offload to avoid potentially + * conflicting ACL rules. + */ + if (hapd->iface->drv_max_acl_mac_addrs == 0 && + hostapd_check_acl(hapd, addr, NULL) != HOSTAPD_ACL_ACCEPT) { wpa_printf(MSG_INFO, "STA " MACSTR " not allowed to connect", MAC2STR(addr)); reason = WLAN_REASON_UNSPECIFIED; diff --git a/src/eap_peer/eap_proxy_qmi.c b/src/eap_peer/eap_proxy_qmi.c index 49ecc4df..6198baa0 100644 --- a/src/eap_peer/eap_proxy_qmi.c +++ b/src/eap_peer/eap_proxy_qmi.c @@ -716,6 +716,20 @@ int eap_auth_end_eap_session(qmi_client_type qmi_auth_svc_client_ptr) return 0; } +static void eap_proxy_schedule_thread(void *eloop_ctx, void *timeout_ctx) +{ + struct eap_proxy_sm *eap_proxy = eloop_ctx; + pthread_attr_t attr; + int ret = -1; + + pthread_attr_init(&attr); + pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); + ret = pthread_create(&eap_proxy->thread_id, &attr, eap_proxy_post_init, eap_proxy); + if(ret < 0) + wpa_printf(MSG_ERROR, "eap_proxy: starting thread is failed %d\n", ret); +} + + struct eap_proxy_sm * eap_proxy_init(void *eapol_ctx, struct eapol_callbacks *eapol_cb, void *msg_ctx) @@ -724,8 +738,6 @@ eap_proxy_init(void *eapol_ctx, struct eapol_callbacks *eapol_cb, int qmiRetCode; struct eap_proxy_sm *eap_proxy; qmi_idl_service_object_type qmi_client_service_obj; - pthread_attr_t attr; - int ret = -1; eap_proxy = os_malloc(sizeof(struct eap_proxy_sm)); if (NULL == eap_proxy) { @@ -751,11 +763,7 @@ eap_proxy_init(void *eapol_ctx, struct eapol_callbacks *eapol_cb, * parent process that created the qmi client context. */ - pthread_attr_init(&attr); - pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); - ret = pthread_create(&eap_proxy->thread_id, &attr, eap_proxy_post_init, eap_proxy); - if(ret < 0) - wpa_printf(MSG_ERROR, "eap_proxy: starting thread is failed %d\n", ret); + eloop_register_timeout(0, 0, eap_proxy_schedule_thread, eap_proxy, NULL); return eap_proxy; } diff --git a/src/utils/common.c b/src/utils/common.c index 5cf0d571..e77b7db5 100644 --- a/src/utils/common.c +++ b/src/utils/common.c @@ -697,6 +697,29 @@ int is_hex(const u8 *data, size_t len) } +int has_ctrl_char(const u8 *data, size_t len) +{ + size_t i; + + for (i = 0; i < len; i++) { + if (data[i] < 32 || data[i] == 127) + return 1; + } + return 0; +} + + +int has_newline(const char *str) +{ + while (*str) { + if (*str == '\n' || *str == '\r') + return 1; + str++; + } + return 0; +} + + size_t merge_byte_arrays(u8 *res, size_t res_len, const u8 *src1, size_t src1_len, const u8 *src2, size_t src2_len) diff --git a/src/utils/common.h b/src/utils/common.h index fb9b5b9a..7dbb24a6 100644 --- a/src/utils/common.h +++ b/src/utils/common.h @@ -503,6 +503,8 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len); char * wpa_config_parse_string(const char *value, size_t *len); int is_hex(const u8 *data, size_t len); +int has_ctrl_char(const u8 *data, size_t len); +int has_newline(const char *str); size_t merge_byte_arrays(u8 *res, size_t res_len, const u8 *src1, size_t src1_len, const u8 *src2, size_t src2_len); diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c index eadb22fe..e8c45793 100644 --- a/src/wps/wps_attr_process.c +++ b/src/wps/wps_attr_process.c @@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struct wps_credential *cred) cred->key_len--; #endif /* CONFIG_WPS_STRICT */ } + + + if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) && + (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) { + wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase"); + wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key", + cred->key, cred->key_len); + return -1; + } + return 0; } diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index b736394a..3455fc0e 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -456,6 +456,12 @@ static int wpa_config_parse_psk(const struct parse_data *data, } wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)", (u8 *) value, len); + if (has_ctrl_char((u8 *) value, len)) { + wpa_printf(MSG_ERROR, + "Line %d: Invalid passphrase character", + line); + return -1; + } if (ssid->passphrase && os_strlen(ssid->passphrase) == len && os_memcmp(ssid->passphrase, value, len) == 0) return 0; @@ -2607,8 +2613,19 @@ char * wpa_config_get(struct wpa_ssid *ssid, const char *var) for (i = 0; i < NUM_SSID_FIELDS; i++) { const struct parse_data *field = &ssid_fields[i]; - if (os_strcmp(var, field->name) == 0) - return field->writer(field, ssid); + if (os_strcmp(var, field->name) == 0) { + char *ret = field->writer(field, ssid); + + if (ret && has_newline(ret)) { + wpa_printf(MSG_ERROR, + "Found newline in value for %s; not returning it", + var); + os_free(ret); + ret = NULL; + } + + return ret; + } } return NULL; @@ -2793,6 +2810,8 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var, if (os_strcmp(var, "password") == 0 && os_strncmp(value, "ext:", 4) == 0) { + if (has_newline(value)) + return -1; str_clear_free(cred->password); cred->password = os_strdup(value); cred->ext_password = 1; @@ -2843,9 +2862,14 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var, } val = wpa_config_parse_string(value, &len); - if (val == NULL) { + if (val == NULL || + (os_strcmp(var, "excluded_ssid") != 0 && + os_strcmp(var, "roaming_consortium") != 0 && + os_strcmp(var, "required_roaming_consortium") != 0 && + has_newline(val))) { wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string " "value '%s'.", line, var, value); + os_free(val); return -1; } @@ -3646,6 +3670,12 @@ static int wpa_global_config_parse_str(const struct global_parse_data *data, return -1; } + if (has_newline(pos)) { + wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline", + line, data->name); + return -1; + } + tmp = os_strdup(pos); if (tmp == NULL) return -1; |