| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
P2P device discovery can add peer entries based on a message directly
from a peer and from a Probe Response frame from a GO for all the P2P
Clients in the group. The former case for filtering out control
characters from the device name while the latter was not. Make this
consistent and filter both cases in the same way to avoid confusing
external programs using the device name of a P2P peer.
CRs-fixed: 930000
Git-commit: 5d1d69a10f60eec624689408ec85fbe93657156d
Git-repo : git://w1.fi/srv/git/hostap.git
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Change-Id: I5a22c6bbcc060c5e9b30b977a04915836b04f36f
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit f05cee9714ae87d315d893699a536b60a5aa73a9 ('P2P: Clear
p2p_in_invitation on cancel') added a wpas_p2p_cancel() case to call
wpas_p2p_group_formation_failed() if wpa_s->p2p_in_invitation is set.
This is done in a loop going through wpa_s->next pointers. However, the
call here can result in removing the interface and freeing wpa_s. The
following attempt to read wpa_s->next is from freed memory and that can
result in process termination when using a separate P2P group interface
and issuing P2P_CANCEL on a group that was started through re-invocation
of a persistent group.
The recent commit 328f49acfe961a212e89e750516d2e2cc320765f ('P2P:
Complete group formation on client data connection') "fixed" this by
accident since wpa_s->p2p_in_invitation gets cleared in the sequence
that could hit this issue and this results in P2P_CANCEL getting
rejected. However, the real bug here is in the loop that continues after
possible wpa_s instance deletion. Fix that by breaking out of the loop
Git-commit: 63502c64e13d35dad591c315c8606866d9e07bce
Git-repo : git://w1.fi/srv/git/hostap.git
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
CRs-Fixed: 950786
Change-Id: I91c75254ed1371edb5ef398167d156824bf06239
|
|\
| |
| |
| | |
wlan-service.lnx.1.0-dev.1.0
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These needs to be cancelled so that the kernel driver does not get left
with all old entries blocking other offchannel operations
Git-commit: 759a8a3a99845af1c5c10685ec7cb9cf4daa4593
Git-repo : git://w1.fi/srv/git/hostap.git
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
CRs-Fixed: 950786
Change-Id: Ia9a964c407c72384b606dbb1f033e110b8091b5c
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was already working for the case where a separate group interface
is used due to the recent commit
328f49acfe961a212e89e750516d2e2cc320765f ('P2P: Complete group formation
on client data connection'). However, the case of no separate group
interface was used did not clear the interface state properly on data
connection. Fix this by setting the group formation information in
wpas_start_p2p_client()
Git-commit: bf3214b59321f67375df1ee85722b2beb74e1f7a
Git-repo : git://w1.fi/srv/git/hostap.git
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
CRs-Fixed: 950786
Change-Id: Ib21f12a35c8772851982f07e7bc55b6734622fd2
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* quic/wlan-service.lnx.1.0-rel.1.0:
FST: Improve parsing of Multiband IEs
FST: Make FST peer connection check more permissive in hostapd
FST: Fix STA MB IEs creation
hostapd: Process MAC ACLs on a station association event (SME in driver)
RSN: Stop connection attempt on apparent PMK mismatch
Throttle control interface event message bursts
Add wpa_supplicant EVENT_TEST control interface command
hostapd: Global control interface notifications
Add debug prints for wpa_supplicant ctrl_iface socket send operations
Update AP WPA/RSN IE on all associations if driver can select BSS
Update AP WPA/RSN IE on all associations if driver can select BSS
Add QCA vendor command support to set band to driver
nl80211: Use beacon TSF if it is newer than Probe Response TSF
Change-Id: I16af74774396a8dd0c73036c1c2b1d7da2b42fb5
|
| |\
| | |
| | |
| | | |
Change-Id: I449d779ba8ad9357af6942b1ea7f45b9bff8f813
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Android 6.0.1 release 3
* tag 'android-6.0.1_r3':
RSN: Stop connection attempt on apparent PMK mismatch
Throttle control interface event message bursts
Add wpa_supplicant EVENT_TEST control interface command
hostapd: Global control interface notifications
Add debug prints for wpa_supplicant ctrl_iface socket send operations
Update AP WPA/RSN IE on all associations if driver can select BSS
Conflicts:
wpa_supplicant/ctrl_iface_unix.c
Change-Id: I8c5a51afff761112ba36ae21b94fd21f07d4c18a
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If WPA2-Enterprise connection with full EAP authentication (i.e., no
PMKSA caching used) results in a PMKID that does not match the one the
AP/Authenticator indicates in EAPOL-Key msg 1/4, there is not much point
in trying to trigger full EAP authentication by sending EAPOL-Start
since this sequence was immediately after such full authentication
attempt.
There are known examples of authentication servers with incorrect MSK
derivation when TLS v1.2 is used (e.g., FreeRADIUS 2.2.6 or 3.0.7 when
built with OpenSSL 1.0.2). Write a clear debug log entry and also send
it to control interface monitors when it looks likely that this case has
been hit. After doing that, stop the connection attempt by
disassociating instead of trying to send out EAPOL-Start to trigger new
EAP authentication round (such another try can be tried with a new
association).
b/24253154
From upstream commit bddc51e8e422463dc96c263666b6fc4c26375cb6
Change-Id: I1e72c9d0232492103a10c0f4125170c000754ac5
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some operations like a new scan result processing can result in large
number of wpa_supplicant control interface messages being generated.
Especially with multiple control interface monitors, this could result
in hitting the output queue length maximum and event messages getting
dropped. In worst case, that could even result in hitting ten
consecutive sendto() errors which could result in an attached monitor
socket getting detached.
Avoid this type of issues by throttling monitor event transmission based
on the output queue length. If more than half of the maximum send buffer
is used, postpone sending of following event messages until the pending
output queue has dropped below the limit.
Bug: 24270573
Change-Id: I3905f3ec925ee3bdc67f7fb93991e620a2a6ee57
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This testing command makes it easier to debug bursts of event message.
Bug: 24270573
Change-Id: I2fca154a6a290f23d947bb36515a4d26c4e46ba2
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit implements hostapd global control interface notifications
infrastructure. hostapd global control interface clients issue
ATTACH/DETACH commands to register and deregister with hostapd
correspondingly - the same way as for any other hostapd/wpa_supplicant
control interface.
Bug: 24270573
Change-Id: I46da39e8262a446e7779a1adfbcb08b5bfa382d7
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This makes it easier to track the output queue state on a control
interface socket and determine what could be causing issues with running
out of space in the buffer.
Bug: 24270573
Change-Id: Iad7b6b7c96dca45edd6734594a11c97376942bd9
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It is possible for driver-based BSS selection to end up reassociating
back to the current AP. If wpa_supplicant preferred another BSS, it
would have updated the internal knowledge of the AP's WPA/RSN IE when
requesting a new connection. In the special case of existing association
and new association being with the same BSS that is different from the
wpa_supplicant preference, association event processing skipped the
WPA/RSN IE update. This could result in the following 4-way handshake
getting rejected due to incorrectly detected mismatch with AP's RSN/WPA
IE between Beacon/Probe Response frame and EAPOL-Key msg 3/4.
Fix this by updating the AP WPA/RSN IE on all association events when
driver-based BSS selection is used regardless of whether the BSSID
changes. This could also cover a theoretical case of the AP changing its
RSN/WPA IE at the very moment we try to reassociate back to the same
BSS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Change-Id: If37977900badf39603fad6c8ffadfe7d16e826ae
Bug: 24110113
|
| | |\ \ |
|
| | | |\ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Android 6.0.0 release 26
* tag 'android-6.0.0_r26':
Update AP WPA/RSN IE on all associations if driver can select BSS
Add QCA vendor command support to set band to driver
nl80211: Use beacon TSF if it is newer than Probe Response TSF
Conflicts:
src/common/qca-vendor.h
Change-Id: Ibab1bc3eda788f001e2a7a0a866c3a9af2a47dce
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
It is possible for driver-based BSS selection to end up reassociating
back to the current AP. If wpa_supplicant preferred another BSS, it
would have updated the internal knowledge of the AP's WPA/RSN IE when
requesting a new connection. In the special case of existing association
and new association being with the same BSS that is different from the
wpa_supplicant preference, association event processing skipped the
WPA/RSN IE update. This could result in the following 4-way handshake
getting rejected due to incorrectly detected mismatch with AP's RSN/WPA
IE between Beacon/Probe Response frame and EAPOL-Key msg 3/4.
Fix this by updating the AP WPA/RSN IE on all association events when
driver-based BSS selection is used regardless of whether the BSSID
changes. This could also cover a theoretical case of the AP changing its
RSN/WPA IE at the very moment we try to reassociate back to the same
BSS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Change-Id: If37977900badf39603fad6c8ffadfe7d16e826ae
Bug: 24110113
|
| | | | |\ \
| | | | | |/
| | | | |/| |
|
| | | | | |\ |
|
| | | | | |/|
| | | | |/|/ |
|
| | | | | |\ |
|
| | | | | | |\ |
|
| | | | | | | |\ |
|
| | | | | | | | |\ |
|
| | | | | | | | | |\ |
|
| | | | |/ / / / / /
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Add vendor command to pass SET setband command to the driver and read
the updated channel list from driver when this notification succeeds.
This allows the driver to update its internal channel lists based on
setband configuration.
For merge compatibility it has 3 patches:
844dfeb Add QCA vendor command support to set band to driver
6b0ceee Add QCA vendor definitions for multi-port concurrency
d71bdfb Add QCA vendor command for updating gateway parameters
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Bug: 23261230
Change-Id: I4ce6307c54b27d3d2f54d435fc0cae5480bdf23c
|
| | | | |\ \ \ \ \ \
| | | | | |/ / / / /
| | | | |/| | | | |
| | | | | | | | | |
| | | | | | | | | | |
* commit '447c7ff83da0d89ffa70c378be2a4a58f9b14d3b':
Make sure configuration is saved to storage device
|
| | | | | |/ / / /
| | | | |/| | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
cfg80211 sends TSF information with the attribute NL80211_BSS_BEACON_TSF
if the scan results include information from Beacon frame. Probe
Response frame information is included in NL80211_BSS_TSF. If the device
receives only Beacon frames, NL80211_BSS_TSF might not carry updated
TSF, which results an older TSF being used in wpa_supplicant. Fetch both
possible TSF values (if available) and choose the latest TSF for the BSS
entry.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Bug: 22412559
Change-Id: I21a28265d5a9a2efec7a0deb51b353df368c4706
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Previously, MB IEs were parsed only from association event. Try to get
MB IEs from other management frames like Probe Response frames. The MB
IEs from the association event may not be up-to-date and in some cases
may actually be missing and updating the information based on other
frames can improve robustness of FST exchanges.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Git-commit: ea7081185e405de99a4dfa935785f0d9e96c51a1
Git-repo : git://w1.fi/srv/git/hostap.git
CRs-Fixed: 945518
Change-Id: I6afe520cf43adaa7a843c2a30ae89b2d06803241
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Modify the FST peer connection check so it won't skip peers without MB
IEs making it more permissive for peers that didn't provide MB IEs
during association request. This can be helpful, e.g., in cases where a
STA's interface connected before it was added to the FST group. This
allows the AP to receive FST Action frames and initiate session with a
STA via STA's interface that doesn't expose MB IEs.
The adjusted FST protocol is still safe, as it protects itself in many
other ways (checking band info and it's accordance to the interfaces,
Setup IDs, connection states of the interfaces involved, etc.)
effectively avoiding all types of invalid situations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Git-commit: b47d05aa458ed7c7dfbfe09fc2a2af1f2fee7fc7
Git-repo : git://w1.fi/srv/git/hostap.git
CRs-Fixed: 945518
Change-Id: Ie1a94890d55dcd7027947cedd4313eddebe3d487
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
FST STA should always expose its MB IEs regardless of its connection
state and whether the connected AP is currently FST-enabled or not.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Git-commit: f231b3d816aa9818432b06b65e71114613b68a91
Git-repo : git://w1.fi/srv/git/hostap.git
CRs-Fixed: 945518
Change-Id: Ie505405ed91b34fca17a1a6fe56b2a20357d3d64
|
| | |/ / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
now hostapd will use station MAC-based permissions according to the
macaddr_acl policy also for drivers which use AP SME offload, but do not
support NL80211_CMD_SET_MAC_ACL for offloading MAC ACL processing. It
should be noted that in this type of case the association goes through
and the station gets disconnected immediately after that.
Change-Id: I88044e351c27dc5af0fc44a6e26c33c550fb84b0
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Git-commit: 0603bcb7fe8babf183362518238c142afe8e2036
Git-repo: git://w1.fi/srv/git/hostap.git
CRs-Fixed: 934469
|
| |\ \ \ \ \ \ \
| |/ / / / / / /
|/| | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
CRs Change ID Subject
--------------------------------------------------------------------------------------------------------------
943967 I33e7bab30ba3e7576eb00f2cc183c5fe914c669b Skip SELECT_NETWORK steps only if already connected or c
Change-Id: I0be363ca5ba08eee425b4a20eb3de95881168d55
CRs-Fixed: 943967
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Commit 2a6f78fbbefc34fec6685d08f46797c4ef4b2a6e ('Do not re-associate on
SELECT_NETWORK to current network') started skipping all SELECT_NETWORK
connection steps if the selected network had already been selected
previously. This happened regardless of whether the connection was
already established. This is not necessarily desirable for all cases
where there is no immediate action to even try to connect (e.g., long
wait for the next scan).
Speed this up by allowing the SELECT_NETWORK operation to get started if
there is no connection or ongoing connection attempt with the selected
network.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Git-commit: d38c7be0f013703639568a690af0394ceece1fca
Git-repo : git://w1.fi/srv/git/hostap.git
Change-Id: I33e7bab30ba3e7576eb00f2cc183c5fe914c669b
CRs-fixed: 943967
|
| |\ \ \ \ \ \ \
| |/ / / / / / /
|/| / / / / / /
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
CRs Change ID Subject
--------------------------------------------------------------------------------------------------------------
945518 Ie505405ed91b34fca17a1a6fe56b2a20357d3d64 FST: Fix STA MB IEs creation
931315 I599c8d8e0f5595e4a26ecbe6486fcb571e9043c1 WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode ha
931315 I00743c63041d3327492a2193fb5f561b17cdd75d WNM: Ignore Key Data in WNM Sleep Mode Response frame if
945518 Ie1a94890d55dcd7027947cedd4313eddebe3d487 FST: Make FST peer connection check more permissive in h
937525 I134a6ac3240d63fe43e5041fb462fa7288b1e4b6 EAP-pwd peer: Fix error path for unexpected Confirm mess
937515 I565a55bd5a672be60af5b11dac4e78aa421d4772 EAP-pwd peer: Fix last fragment length validation
937515 Ia283ce184fc880e2fcf7e60e40952cbfc2961709 EAP-pwd server: Fix last fragment length validation
934469 I88044e351c27dc5af0fc44a6e26c33c550fb84b0 hostapd: Process MAC ACLs on a station association event
945518 I6afe520cf43adaa7a843c2a30ae89b2d06803241 FST: Improve parsing of Multiband IEs
Change-Id: I811eda8178ac1fb6f04f9ce6c00a9a627b3acafa
CRs-Fixed: 945518, 931315, 931315, 945518, 937525, 937515, 937515, 934469, 945518
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Previously, MB IEs were parsed only from association event. Try to get
MB IEs from other management frames like Probe Response frames. The MB
IEs from the association event may not be up-to-date and in some cases
may actually be missing and updating the information based on other
frames can improve robustness of FST exchanges
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Git-commit: ea7081185e405de99a4dfa935785f0d9e96c51a1
Git-repo : git://w1.fi/srv/git/hostap.git
CRs-Fixed: 945518
Change-Id: I6afe520cf43adaa7a843c2a30ae89b2d06803241
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Modify the FST peer connection check so it won't skip peers without MB
IEs making it more permissive for peers that didn't provide MB IEs
during association request. This can be helpful, e.g., in cases where a
STA's interface connected before it was added to the FST group. This
allows the AP to receive FST Action frames and initiate session with a
STA via STA's interface that doesn't expose MB IEs
The adjusted FST protocol is still safe, as it protects itself in many
other ways (checking band info and it's accordance to the interfaces,
Setup IDs, connection states of the interfaces involved, etc.)
effectively avoiding all types of invalid situations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Git-commit: b47d05aa458ed7c7dfbfe09fc2a2af1f2fee7fc7
Git-repo : git://w1.fi/srv/git/hostap.git
CRs-Fixed: 945518
Change-Id: Ie1a94890d55dcd7027947cedd4313eddebe3d487
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
FST STA should always expose its MB IEs regardless of its connection
state and whether the connected AP is currently FST-enabled or not.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Git-commit: f231b3d816aa9818432b06b65e71114613b68a91
Git-repo : git://w1.fi/srv/git/hostap.git
CRs-Fixed: 945518
Change-Id: Ie505405ed91b34fca17a1a6fe56b2a20357d3d64
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
now hostapd will use station MAC-based permissions according to the
macaddr_acl policy also for drivers which use AP SME offload, but do not
support NL80211_CMD_SET_MAC_ACL for offloading MAC ACL processing. It
should be noted that in this type of case the association goes through
and the station gets disconnected immediately after that.
Change-Id: I88044e351c27dc5af0fc44a6e26c33c550fb84b0
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Git-commit: 0603bcb7fe8babf183362518238c142afe8e2036
Git-repo: git://w1.fi/srv/git/hostap.git
CRs-Fixed: 934469
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
All but the last fragment had their length checked against the remaining
room in the reassembly buffer. This allowed a suitably constructed last
fragment frame to try to add extra data that would go beyond the buffer.
The length validation code in wpabuf_put_data() prevents an actual
buffer write overflow from occurring, but this results in process
termination. (CVE-2015-5314)
Signed-off-by: Jouni Malinen <j@w1.fi>
Git-commit: bef802ece03f9ae9d52a21f0cf4f1bc2c5a1f8aa
Git-repo: git://w1.fi/srv/git/hostap.git
Change-Id: Ia283ce184fc880e2fcf7e60e40952cbfc2961709
CRs-Fixed: 937515
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The AP is not expected to send out a WNM-Sleep Mode Response frame
without the STA trying to use WNM-Sleep Mode. Drop such unexpected
responses to reduce unnecessary processing of the frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
Git-commit: 03ed0a52393710be6bdae657d1b36efa146520e5
Git-repo: git://w1.fi/srv/git/hostap.git
Change-Id: I599c8d8e0f5595e4a26ecbe6486fcb571e9043c1
CRs-Fixed: 931315
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
WNM Sleep Mode Response frame is used to update GTK/IGTK only if PMF is
enabled. Verify that PMF is in use before using this field on station
side to avoid accepting unauthenticated key updates. (CVE-2015-5310)
Signed-off-by: Jouni Malinen <j@w1.fi>
Git-commit: 2cb28a4c75bd2b5d6a56f43e13bff52a2d12bc13
Git-repo: git://w1.fi/srv/git/hostap.git
Change-Id: I00743c63041d3327492a2193fb5f561b17cdd75d
CRs-Fixed: 931315
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
All but the last fragment had their length checked against the remaining
room in the reassembly buffer. This allowed a suitably constructed last
fragment frame to try to add extra data that would go beyond the buffer.
The length validation code in wpabuf_put_data() prevents an actual
buffer write overflow from occurring, but this results in process
termination. (CVE-2015-5315)
Signed-off-by: Jouni Malinen <j@w1.fi>
Git-commit: 8057821706784608b828e769ccefbced95591e50
Git-repo: git://w1.fi/srv/git/hostap.git
Change-Id: I565a55bd5a672be60af5b11dac4e78aa421d4772
CRs-Fixed: 937515
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If the Confirm message is received from the server before the Identity
exchange has been completed, the group has not yet been determined and
data->grp is NULL. The error path in eap_pwd_perform_confirm_exchange()
did not take this corner case into account and could end up
dereferencing a NULL pointer and terminating the process if invalid
message sequence is received. (CVE-2015-5316)
Signed-off-by: Jouni Malinen <j@w1.fi>
Git-commit: 95577884ca4fa76be91344ff7a8d5d1e6dc3da61
Git-repo: git://w1.fi/srv/git/hostap.git
Change-Id: I134a6ac3240d63fe43e5041fb462fa7288b1e4b6
CRs-Fixed: 937525
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If "STA_AUTOCONNECT 0" has been used to disable automatic connection on
disconnection event and the driver indicates a failure for the data
connection after successful WPS handshake, it is possible to hit a case
where wpa_s->disconnected is set to 1 and further attempts to connect
shall stop.
While "STA_AUTOCONNECT 0" is used to disable automatic reconnection
attempts in general, this specific WPS case can benefit from trying
again even with that configuration for a short period of time. Extend
the wpa_supplicant re-enable-networks-after-WPS 10 second timeout to
apply for ignoring disabled STA_AUTOCONNECT immediately after a WPS
provisioning step.
CRs-Fixed: 936960
Git-commit: 5e238cc682b6544ebb1f216e965a298ffef3683b
Git-repo : git://w1.fi/srv/git/hostap.git
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Change-Id: I5addb9b0bd7b487325e5a084f5e129a51202efed
|
|\ \ \ \ \ \ |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
There is no point in sending TPK M3 (TDLS Setup Confirm) with a failure
status if the first transmission attempt fails. Instead, just return a
failure by disabling the link rather than retransmitting the TPK M3
frame with an error status.
CRs-Fixed: 930704
Change-Id: Id592ee93b2264cb10e934a6ebb477f8d580284cb
Git-commit: f67d1a009963e9d7c3071950e77237a9d290e4eb
Git-repo : git://w1.fi/srv/git/hostap.git
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
|\ \ \ \ \ \ \ |
|
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Commit 7d711541dced759b34313477d5d163e65c5b0131 ('Clear TK part of PTK
after driver key configuration') started clearing TK from memory
immediately after having configured it to the driver when processing
EAPOL-Key message 3/4. While this covered the most common case, it did
not take into account the possibility of the authenticator having to
retry EAPOL-Key message 3/4 in case the first EAPOL-Key message 4/4
response is lost. That case ended up trying to reinstall the same TK to
the driver, but the key was not available anymore.
Fix the EAPOL-Key message 3/4 retry case by configuring TK to the driver
only once. There was no need to try to set the same key after each
EAPOL-Key message 3/4 since TK could not change. If actual PTK rekeying
is used, the new TK will be configured once when processing the new
EAPOL-Key message 3/4 for the first time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Git-commit: ad00d64e7d8827b3cebd665a0ceb08adabf15e1e
Git-repo: git://w1.fi/srv/git/hostap.git
Change-Id: Iab4ecf5ab94e6ee4c3059723af4a3613f3468715
CRs-Fixed: 932655
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
cmd cannot be NULL here, so there is no need to check it before calling
os_strlen()
CRs-Fixed: 891515
Git-repo: git://w1.fi/srv/git/hostap.git
Git-commit: 137b293963c2782e86154ad4c689a686ab0c13c3
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Change-Id: I4246e0e7f037363c9059d1d3e1dbfabfbba4c347
|