Merge branch 'LA.BF64.1.2.1' of git://codeaurora.org/platform/external/wpa_supplicant_8 into cm-12.1

7 files changed, 95 insertions, 27 deletions

diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index ac0db995..bc4ddc57 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -835,6 +835,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
 				   "fragments!");
 			return NULL;
 		}
+		data->in_frag_pos = 0;
 		pos += sizeof(u16);
 		len -= sizeof(u16);
 	}
diff --git a/src/wps/httpread.c b/src/wps/httpread.c
index d2855e32..454519ca 100644
--- a/src/wps/httpread.c
+++ b/src/wps/httpread.c
@@ -177,6 +177,12 @@ static int httpread_hdr_option_analyze(
 		if (!isdigit(*hbp))
 			return -1;
 		h->content_length = atol(hbp);
+		if (h->content_length < 0 || h->content_length > h->max_bytes) {
+			wpa_printf(MSG_DEBUG,
+				   "httpread: Unacceptable Content-Length %d",
+				   h->content_length);
+			return -1;
+		}
 		h->got_content_length = 1;
 		return 0;
 	}
@@ -509,6 +515,13 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx)
 			if (h->got_content_length &&
 			    new_alloc_nbytes < (h->content_length + 1))
 				new_alloc_nbytes = h->content_length + 1;
+			if (new_alloc_nbytes < h->body_alloc_nbytes ||
+			    new_alloc_nbytes > h->max_bytes) {
+				wpa_printf(MSG_DEBUG,
+					   "httpread: Unacceptable body length %d",
+					   new_alloc_nbytes);
+				goto bad;
+			}
 			if ((new_body = os_realloc(h->body, new_alloc_nbytes))
 			    == NULL)
 				goto bad;
@@ -608,6 +621,11 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx)
 				ncopy = nread;
 			}
 			/* Note: should never be 0 */
+			if (ncopy < 0) {
+				wpa_printf(MSG_DEBUG,
+					   "httpread: Invalid ncopy=%d", ncopy);
+				goto bad;
+			}
 			if (ncopy > nread)
 				ncopy = nread;
 			os_memcpy(bbp, rbp, ncopy);
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index c0190ca0..9726be97 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -675,8 +675,23 @@ static int wpa_supplicant_ctrl_iface_wps_pbc(struct wpa_supplicant *wpa_s,
 #ifdef CONFIG_AP
 	u8 *_p2p_dev_addr = NULL;
 #endif /* CONFIG_AP */
+	char *prio = NULL;
+	int priority = 0;
+
+	if (cmd) {
+		prio = os_strstr(cmd, "prio=");
+		if (prio) {
+			priority = atoi(prio + 5);
+			wpa_printf(MSG_INFO, "WPS: priority is %d", priority);
+		}
+	}
 
-	if (cmd == NULL || os_strcmp(cmd, "any") == 0) {
+	/*
+	 * Command is NULL or starts with either "any" or "prio=",
+	 * hence no bssid specified
+	 */
+	if (cmd == NULL || os_strcmp(cmd, "any")
+	   || os_strncmp(cmd, "prio=", 5) == 0) {
 		_bssid = NULL;
 #ifdef CONFIG_P2P
 	} else if (os_strncmp(cmd, "p2p_dev_addr=", 13) == 0) {
@@ -699,7 +714,7 @@ static int wpa_supplicant_ctrl_iface_wps_pbc(struct wpa_supplicant *wpa_s,
 		return wpa_supplicant_ap_wps_pbc(wpa_s, _bssid, _p2p_dev_addr);
 #endif /* CONFIG_AP */
 
-	return wpas_wps_start_pbc(wpa_s, _bssid, 0);
+	return wpas_wps_start_pbc(wpa_s, _bssid, 0, priority);
 }
 
 
@@ -708,8 +723,16 @@ static int wpa_supplicant_ctrl_iface_wps_pin(struct wpa_supplicant *wpa_s,
 					     size_t buflen)
 {
 	u8 bssid[ETH_ALEN], *_bssid = bssid;
-	char *pin;
-	int ret;
+	char *pin, *prio;
+	int ret, priority = 0;
+
+	prio = strstr(cmd, " prio=");
+	if (prio) {
+		*prio = '\0';
+		prio += 6;
+		priority = atoi(prio);
+		wpa_printf(MSG_INFO, "WPS: priority is %d", priority);
+	}
 
 	pin = os_strchr(cmd, ' ');
 	if (pin)
@@ -746,7 +769,7 @@ static int wpa_supplicant_ctrl_iface_wps_pin(struct wpa_supplicant *wpa_s,
 
 	if (pin) {
 		ret = wpas_wps_start_pin(wpa_s, _bssid, pin, 0,
-					 DEV_PW_DEFAULT);
+					 DEV_PW_DEFAULT, priority);
 		if (ret < 0)
 			return -1;
 		ret = os_snprintf(buf, buflen, "%s", pin);
@@ -755,7 +778,8 @@ static int wpa_supplicant_ctrl_iface_wps_pin(struct wpa_supplicant *wpa_s,
 		return ret;
 	}
 
-	ret = wpas_wps_start_pin(wpa_s, _bssid, NULL, 0, DEV_PW_DEFAULT);
+	ret = wpas_wps_start_pin(wpa_s, _bssid, NULL, 0, DEV_PW_DEFAULT,
+				 priority);
 	if (ret < 0)
 		return -1;
 
@@ -820,13 +844,28 @@ static int wpa_supplicant_ctrl_iface_wps_nfc(struct wpa_supplicant *wpa_s,
 {
 	u8 bssid[ETH_ALEN], *_bssid = bssid;
 
-	if (cmd == NULL || cmd[0] == '\0')
+	char *prio = NULL;
+	int priority = 0;
+
+	if (cmd) {
+		prio = os_strstr(cmd, "prio=");
+		if (prio) {
+			priority = atoi(prio + 5);
+			wpa_printf(MSG_INFO, "WPS: priority is %d", priority);
+		}
+	}
+
+	/*
+	 * Command is NULL or starts with either "any" or "prio=",
+	 * hence no bssid specified
+	 */
+	if (cmd == NULL || cmd[0] == '\0' || os_strncmp(cmd, "prio=", 5) == 0)
 		_bssid = NULL;
 	else if (hwaddr_aton(cmd, bssid))
 		return -1;
 
 	return wpas_wps_start_nfc(wpa_s, NULL, _bssid, NULL, 0, 0, NULL, NULL,
-				  0, 0);
+				  0, 0, priority);
 }
 
 
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 46d27678..9b233210 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -3459,7 +3459,7 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
 		break;
 	case EVENT_WPS_BUTTON_PUSHED:
 #ifdef CONFIG_WPS
-		wpas_wps_start_pbc(wpa_s, NULL, 0);
+		wpas_wps_start_pbc(wpa_s, NULL, 0, 0);
 #endif /* CONFIG_WPS */
 		break;
 	case EVENT_AVOID_FREQUENCIES:
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index 872d588e..77c31a27 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -1185,7 +1185,7 @@ static void wpas_start_wps_enrollee(struct wpa_supplicant *wpa_s,
 	wpa_supplicant_ap_deinit(wpa_s);
 	wpas_copy_go_neg_results(wpa_s, res);
 	if (res->wps_method == WPS_PBC) {
-		wpas_wps_start_pbc(wpa_s, res->peer_interface_addr, 1);
+		wpas_wps_start_pbc(wpa_s, res->peer_interface_addr, 1, 0);
 #ifdef CONFIG_WPS_NFC
 	} else if (res->wps_method == WPS_NFC) {
 		wpas_wps_start_nfc(wpa_s, res->peer_device_addr,
@@ -1196,14 +1196,14 @@ static void wpas_start_wps_enrollee(struct wpa_supplicant *wpa_s,
 				   DEV_PW_NFC_CONNECTION_HANDOVER ?
 				   wpa_s->parent->p2p_peer_oob_pubkey_hash :
 				   NULL,
-				   NULL, 0, 0);
+				   NULL, 0, 0, 0);
 #endif /* CONFIG_WPS_NFC */
 	} else {
 		u16 dev_pw_id = DEV_PW_DEFAULT;
 		if (wpa_s->p2p_wps_method == WPS_PIN_KEYPAD)
 			dev_pw_id = DEV_PW_REGISTRAR_SPECIFIED;
 		wpas_wps_start_pin(wpa_s, res->peer_interface_addr,
-				   wpa_s->p2p_pin, 1, dev_pw_id);
+				   wpa_s->p2p_pin, 1, dev_pw_id, 0);
 	}
 }
 
@@ -6015,7 +6015,10 @@ int wpas_p2p_assoc_req_ie(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
 
 	if (wpa_s->global->p2p_disabled)
 		return -1;
-	if (wpa_s->conf->p2p_disabled)
+	/* Advertize mandatory cross connection capability in response the
+	 * query to a WLAN AP.
+	 */
+	if (wpa_s->conf->p2p_disabled && p2p_group == 1)
 		return -1;
 	if (wpa_s->global->p2p == NULL)
 		return -1;
diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index e1671856..679128ec 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -913,6 +913,7 @@ static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
 			if (ssid == wpa_s->current_ssid) {
 				wpa_supplicant_deauthenticate(
 					wpa_s, WLAN_REASON_DEAUTH_LEAVING);
+				ssid->priority = 0;
 			}
 			id = ssid->id;
 			remove_ssid = ssid;
@@ -945,7 +946,7 @@ static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx)
 
 static struct wpa_ssid * wpas_wps_add_network(struct wpa_supplicant *wpa_s,
 					      int registrar, const u8 *dev_addr,
-					      const u8 *bssid)
+					      const u8 *bssid, const int priority)
 {
 	struct wpa_ssid *ssid;
 
@@ -955,6 +956,7 @@ static struct wpa_ssid * wpas_wps_add_network(struct wpa_supplicant *wpa_s,
 	wpas_notify_network_added(wpa_s, ssid);
 	wpa_config_set_network_defaults(ssid);
 	ssid->temporary = 1;
+	ssid->priority = priority;
 	if (wpa_config_set(ssid, "key_mgmt", "WPS", 0) < 0 ||
 	    wpa_config_set(ssid, "eap", "WSC", 0) < 0 ||
 	    wpa_config_set(ssid, "identity", registrar ?
@@ -1086,11 +1088,11 @@ static void wpas_wps_reassoc(struct wpa_supplicant *wpa_s,
 
 
 int wpas_wps_start_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		       int p2p_group)
+		       int p2p_group, const int priority)
 {
 	struct wpa_ssid *ssid;
 	wpas_clear_wps(wpa_s);
-	ssid = wpas_wps_add_network(wpa_s, 0, NULL, bssid);
+	ssid = wpas_wps_add_network(wpa_s, 0, NULL, bssid, priority);
 	if (ssid == NULL)
 		return -1;
 	ssid->temporary = 1;
@@ -1122,7 +1124,8 @@ static int wpas_wps_start_dev_pw(struct wpa_supplicant *wpa_s,
 				 const u8 *dev_addr, const u8 *bssid,
 				 const char *pin, int p2p_group, u16 dev_pw_id,
 				 const u8 *peer_pubkey_hash,
-				 const u8 *ssid_val, size_t ssid_len, int freq)
+				 const u8 *ssid_val, size_t ssid_len, int freq,
+				 const int priority)
 {
 	struct wpa_ssid *ssid;
 	char val[128 + 2 * WPS_OOB_PUBKEY_HASH_LEN];
@@ -1132,7 +1135,7 @@ static int wpas_wps_start_dev_pw(struct wpa_supplicant *wpa_s,
 	wpas_clear_wps(wpa_s);
 	if (bssid && is_zero_ether_addr(bssid))
 		bssid = NULL;
-	ssid = wpas_wps_add_network(wpa_s, 0, dev_addr, bssid);
+	ssid = wpas_wps_add_network(wpa_s, 0, dev_addr, bssid, priority);
 	if (ssid == NULL) {
 		wpa_printf(MSG_DEBUG, "WPS: Could not add network");
 		return -1;
@@ -1192,10 +1195,11 @@ static int wpas_wps_start_dev_pw(struct wpa_supplicant *wpa_s,
 
 
 int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		       const char *pin, int p2p_group, u16 dev_pw_id)
+		       const char *pin, int p2p_group, u16 dev_pw_id,
+		       const int priority)
 {
 	return wpas_wps_start_dev_pw(wpa_s, NULL, bssid, pin, p2p_group,
-				     dev_pw_id, NULL, NULL, 0, 0);
+				     dev_pw_id, NULL, NULL, 0, 0, priority);
 }
 
 
@@ -1245,7 +1249,7 @@ int wpas_wps_start_reg(struct wpa_supplicant *wpa_s, const u8 *bssid,
 	if (!pin)
 		return -1;
 	wpas_clear_wps(wpa_s);
-	ssid = wpas_wps_add_network(wpa_s, 1, NULL, bssid);
+	ssid = wpas_wps_add_network(wpa_s, 1, NULL, bssid, 0);
 	if (ssid == NULL)
 		return -1;
 	ssid->temporary = 1;
@@ -2176,7 +2180,8 @@ int wpas_wps_start_nfc(struct wpa_supplicant *wpa_s, const u8 *go_dev_addr,
 		       const u8 *bssid,
 		       const struct wpabuf *dev_pw, u16 dev_pw_id,
 		       int p2p_group, const u8 *peer_pubkey_hash,
-		       const u8 *ssid, size_t ssid_len, int freq)
+		       const u8 *ssid, size_t ssid_len, int freq,
+		       const int priority)
 {
 	struct wps_context *wps = wpa_s->wps;
 	char pw[32 * 2 + 1];
@@ -2231,7 +2236,7 @@ int wpas_wps_start_nfc(struct wpa_supplicant *wpa_s, const u8 *go_dev_addr,
 	return wpas_wps_start_dev_pw(wpa_s, go_dev_addr, bssid,
 				     dev_pw ? pw : NULL,
 				     p2p_group, dev_pw_id, peer_pubkey_hash,
-				     ssid, ssid_len, freq);
+				     ssid, ssid_len, freq, priority);
 }
 
 
@@ -2569,7 +2574,7 @@ static int wpas_wps_nfc_rx_handover_sel(struct wpa_supplicant *wpa_s,
 
 	ret = wpas_wps_start_nfc(wpa_s, NULL, bssid, NULL, dev_pw_id, 0,
 				 attr.oob_dev_password,
-				 attr.ssid, attr.ssid_len, freq);
+				 attr.ssid, attr.ssid_len, freq, 0);
 
 out:
 	wpabuf_free(wps);
diff --git a/wpa_supplicant/wps_supplicant.h b/wpa_supplicant/wps_supplicant.h
index 2263512c..778b9157 100644
--- a/wpa_supplicant/wps_supplicant.h
+++ b/wpa_supplicant/wps_supplicant.h
@@ -30,9 +30,10 @@ void wpas_wps_deinit(struct wpa_supplicant *wpa_s);
 int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s);
 enum wps_request_type wpas_wps_get_req_type(struct wpa_ssid *ssid);
 int wpas_wps_start_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		       int p2p_group);
+		       int p2p_group, const int priority);
 int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid,
-		       const char *pin, int p2p_group, u16 dev_pw_id);
+		       const char *pin, int p2p_group, u16 dev_pw_id,
+		       const int priority);
 int wpas_wps_cancel(struct wpa_supplicant *wpa_s);
 int wpas_wps_start_reg(struct wpa_supplicant *wpa_s, const u8 *bssid,
 		       const char *pin, struct wps_new_ap_settings *settings);
@@ -68,7 +69,8 @@ int wpas_wps_start_nfc(struct wpa_supplicant *wpa_s, const u8 *dev_addr,
 		       const u8 *bssid,
 		       const struct wpabuf *dev_pw, u16 dev_pw_id,
 		       int p2p_group, const u8 *peer_pubkey_hash,
-		       const u8 *ssid, size_t ssid_len, int freq);
+		       const u8 *ssid, size_t ssid_len, int freq,
+		       const int priority);
 int wpas_wps_nfc_tag_read(struct wpa_supplicant *wpa_s,
 			  const struct wpabuf *data, int forced_freq);
 struct wpabuf * wpas_wps_nfc_handover_req(struct wpa_supplicant *wpa_s,