aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinux Build Service Account <lnxbuild@localhost>2016-06-24 23:52:38 -0600
committerLinux Build Service Account <lnxbuild@localhost>2016-06-24 23:52:38 -0600
commit3383d9ecf3f632be58f3e91862d590387797ffbc (patch)
tree93beababf536c52e955aeb1700d25e989420a277
parentd660a0127fc500e2a9db4177e362ae9f4386e3c4 (diff)
parentd82caa8696c54df8e422f9b79dda7c004b9a7282 (diff)
downloadandroid_external_wpa_supplicant_8-3383d9ecf3f632be58f3e91862d590387797ffbc.tar.gz
android_external_wpa_supplicant_8-3383d9ecf3f632be58f3e91862d590387797ffbc.tar.bz2
android_external_wpa_supplicant_8-3383d9ecf3f632be58f3e91862d590387797ffbc.zip
Promotion of wlan-service.lnx.1.0-00058.
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 1007548 I35e8483bdda5c391b95da42c2f577d5e9217f2e2 Remove newlines from wpa_supplicant config network outpu 1007548 Ibb1eeb6b727c27ecc4a2efce57f5394e98051061 Reject SET commands with newline characters in the strin 1007548 Ifa826eb7de2cba5458e8bb31dca3259cb37b4005 Reject psk parameter set with invalid passphrase charact 1007548 I2b439a72af08a744ce5bf74a05b2cac817fe5b05 WPS: Reject a Credential with invalid passphrase 1031991 I2934fbf676c803059e62ba2436c1181efb05a294 hostapd: Skip hostapd ACL check for drivers supporting A 1032710 Ibd9e3dc79cb1a7650b3adc55afdc95818a2e011b eap_proxy: postpone qmi init until demonize 1007548 Ib8222446297317f4e57bdb49597fdf6d19554886 Reject SET_CRED commands with newline characters in the Change-Id: I7955e55240d97be6022ffad8c2229b5896d9a33a CRs-Fixed: 1031991, 1007548, 1032710
-rw-r--r--src/ap/drv_callbacks.c11
-rw-r--r--src/eap_peer/eap_proxy_qmi.c22
-rw-r--r--src/utils/common.c23
-rw-r--r--src/utils/common.h2
-rw-r--r--src/wps/wps_attr_process.c10
-rw-r--r--wpa_supplicant/config.c36
6 files changed, 92 insertions, 12 deletions
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index fbbfe12c..cc664d78 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -115,8 +115,15 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
}
sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
- res = hostapd_check_acl(hapd, addr, NULL);
- if (res != HOSTAPD_ACL_ACCEPT) {
+ /*
+ * ACL configurations to the drivers (implementing AP SME and ACL
+ * offload) without hostapd's knowledge, can result in a disconnection
+ * though the driver accepts the connection. Skip the hostapd check for
+ * ACL if the driver supports ACL offload to avoid potentially
+ * conflicting ACL rules.
+ */
+ if (hapd->iface->drv_max_acl_mac_addrs == 0 &&
+ hostapd_check_acl(hapd, addr, NULL) != HOSTAPD_ACL_ACCEPT) {
wpa_printf(MSG_INFO, "STA " MACSTR " not allowed to connect",
MAC2STR(addr));
reason = WLAN_REASON_UNSPECIFIED;
diff --git a/src/eap_peer/eap_proxy_qmi.c b/src/eap_peer/eap_proxy_qmi.c
index 49ecc4df..6198baa0 100644
--- a/src/eap_peer/eap_proxy_qmi.c
+++ b/src/eap_peer/eap_proxy_qmi.c
@@ -716,6 +716,20 @@ int eap_auth_end_eap_session(qmi_client_type qmi_auth_svc_client_ptr)
return 0;
}
+static void eap_proxy_schedule_thread(void *eloop_ctx, void *timeout_ctx)
+{
+ struct eap_proxy_sm *eap_proxy = eloop_ctx;
+ pthread_attr_t attr;
+ int ret = -1;
+
+ pthread_attr_init(&attr);
+ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
+ ret = pthread_create(&eap_proxy->thread_id, &attr, eap_proxy_post_init, eap_proxy);
+ if(ret < 0)
+ wpa_printf(MSG_ERROR, "eap_proxy: starting thread is failed %d\n", ret);
+}
+
+
struct eap_proxy_sm *
eap_proxy_init(void *eapol_ctx, struct eapol_callbacks *eapol_cb,
void *msg_ctx)
@@ -724,8 +738,6 @@ eap_proxy_init(void *eapol_ctx, struct eapol_callbacks *eapol_cb,
int qmiRetCode;
struct eap_proxy_sm *eap_proxy;
qmi_idl_service_object_type qmi_client_service_obj;
- pthread_attr_t attr;
- int ret = -1;
eap_proxy = os_malloc(sizeof(struct eap_proxy_sm));
if (NULL == eap_proxy) {
@@ -751,11 +763,7 @@ eap_proxy_init(void *eapol_ctx, struct eapol_callbacks *eapol_cb,
* parent process that created the qmi client context.
*/
- pthread_attr_init(&attr);
- pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
- ret = pthread_create(&eap_proxy->thread_id, &attr, eap_proxy_post_init, eap_proxy);
- if(ret < 0)
- wpa_printf(MSG_ERROR, "eap_proxy: starting thread is failed %d\n", ret);
+ eloop_register_timeout(0, 0, eap_proxy_schedule_thread, eap_proxy, NULL);
return eap_proxy;
}
diff --git a/src/utils/common.c b/src/utils/common.c
index 5cf0d571..e77b7db5 100644
--- a/src/utils/common.c
+++ b/src/utils/common.c
@@ -697,6 +697,29 @@ int is_hex(const u8 *data, size_t len)
}
+int has_ctrl_char(const u8 *data, size_t len)
+{
+ size_t i;
+
+ for (i = 0; i < len; i++) {
+ if (data[i] < 32 || data[i] == 127)
+ return 1;
+ }
+ return 0;
+}
+
+
+int has_newline(const char *str)
+{
+ while (*str) {
+ if (*str == '\n' || *str == '\r')
+ return 1;
+ str++;
+ }
+ return 0;
+}
+
+
size_t merge_byte_arrays(u8 *res, size_t res_len,
const u8 *src1, size_t src1_len,
const u8 *src2, size_t src2_len)
diff --git a/src/utils/common.h b/src/utils/common.h
index fb9b5b9a..7dbb24a6 100644
--- a/src/utils/common.h
+++ b/src/utils/common.h
@@ -503,6 +503,8 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
char * wpa_config_parse_string(const char *value, size_t *len);
int is_hex(const u8 *data, size_t len);
+int has_ctrl_char(const u8 *data, size_t len);
+int has_newline(const char *str);
size_t merge_byte_arrays(u8 *res, size_t res_len,
const u8 *src1, size_t src1_len,
const u8 *src2, size_t src2_len);
diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
index eadb22fe..e8c45793 100644
--- a/src/wps/wps_attr_process.c
+++ b/src/wps/wps_attr_process.c
@@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struct wps_credential *cred)
cred->key_len--;
#endif /* CONFIG_WPS_STRICT */
}
+
+
+ if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
+ (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) {
+ wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase");
+ wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
+ cred->key, cred->key_len);
+ return -1;
+ }
+
return 0;
}
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index b736394a..3455fc0e 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -456,6 +456,12 @@ static int wpa_config_parse_psk(const struct parse_data *data,
}
wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)",
(u8 *) value, len);
+ if (has_ctrl_char((u8 *) value, len)) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid passphrase character",
+ line);
+ return -1;
+ }
if (ssid->passphrase && os_strlen(ssid->passphrase) == len &&
os_memcmp(ssid->passphrase, value, len) == 0)
return 0;
@@ -2607,8 +2613,19 @@ char * wpa_config_get(struct wpa_ssid *ssid, const char *var)
for (i = 0; i < NUM_SSID_FIELDS; i++) {
const struct parse_data *field = &ssid_fields[i];
- if (os_strcmp(var, field->name) == 0)
- return field->writer(field, ssid);
+ if (os_strcmp(var, field->name) == 0) {
+ char *ret = field->writer(field, ssid);
+
+ if (ret && has_newline(ret)) {
+ wpa_printf(MSG_ERROR,
+ "Found newline in value for %s; not returning it",
+ var);
+ os_free(ret);
+ ret = NULL;
+ }
+
+ return ret;
+ }
}
return NULL;
@@ -2793,6 +2810,8 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
if (os_strcmp(var, "password") == 0 &&
os_strncmp(value, "ext:", 4) == 0) {
+ if (has_newline(value))
+ return -1;
str_clear_free(cred->password);
cred->password = os_strdup(value);
cred->ext_password = 1;
@@ -2843,9 +2862,14 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
}
val = wpa_config_parse_string(value, &len);
- if (val == NULL) {
+ if (val == NULL ||
+ (os_strcmp(var, "excluded_ssid") != 0 &&
+ os_strcmp(var, "roaming_consortium") != 0 &&
+ os_strcmp(var, "required_roaming_consortium") != 0 &&
+ has_newline(val))) {
wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string "
"value '%s'.", line, var, value);
+ os_free(val);
return -1;
}
@@ -3646,6 +3670,12 @@ static int wpa_global_config_parse_str(const struct global_parse_data *data,
return -1;
}
+ if (has_newline(pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline",
+ line, data->name);
+ return -1;
+ }
+
tmp = os_strdup(pos);
if (tmp == NULL)
return -1;