mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
Do not re-open Android control sockets
On Android, the control socket being used may be the socket that is created when wpa_supplicant is started as a /init.*.rc service. Such a socket is maintained as a key-value pair in Android's environment. Closing this control socket would leave wpa_supplicant in a bad state. When wpa_supplicant re-opens the ctrl_iface socket, it will query the Android's environment, and will be returned with the same socket descriptor that has already been closed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
378dec5af9
commit
3a7414b6a6
@ -47,6 +47,7 @@ struct ctrl_iface_priv {
|
||||
struct wpa_supplicant *wpa_s;
|
||||
int sock;
|
||||
struct dl_list ctrl_dst;
|
||||
int android_control_socket;
|
||||
};
|
||||
|
||||
|
||||
@ -54,6 +55,7 @@ struct ctrl_iface_global_priv {
|
||||
struct wpa_global *global;
|
||||
int sock;
|
||||
struct dl_list ctrl_dst;
|
||||
int android_control_socket;
|
||||
};
|
||||
|
||||
|
||||
@ -340,8 +342,10 @@ static int wpas_ctrl_iface_open_sock(struct wpa_supplicant *wpa_s,
|
||||
os_snprintf(addr.sun_path, sizeof(addr.sun_path), "wpa_%s",
|
||||
wpa_s->conf->ctrl_interface);
|
||||
priv->sock = android_get_control_socket(addr.sun_path);
|
||||
if (priv->sock >= 0)
|
||||
if (priv->sock >= 0) {
|
||||
priv->android_control_socket = 1;
|
||||
goto havesock;
|
||||
}
|
||||
#endif /* ANDROID */
|
||||
if (os_strncmp(buf, "DIR=", 4) == 0) {
|
||||
dir = buf + 4;
|
||||
@ -556,6 +560,16 @@ static int wpas_ctrl_iface_reinit(struct wpa_supplicant *wpa_s,
|
||||
if (priv->sock <= 0)
|
||||
return -1;
|
||||
|
||||
/*
|
||||
* On Android, the control socket being used may be the socket
|
||||
* that is created when wpa_supplicant is started as a /init.*.rc
|
||||
* service. Such a socket is maintained as a key-value pair in
|
||||
* Android's environment. Closing this control socket would leave us
|
||||
* in a bad state with an invalid socket descriptor.
|
||||
*/
|
||||
if (priv->android_control_socket)
|
||||
return priv->sock;
|
||||
|
||||
eloop_unregister_read_sock(priv->sock);
|
||||
close(priv->sock);
|
||||
priv->sock = -1;
|
||||
@ -870,6 +884,7 @@ static int wpas_global_ctrl_iface_open_sock(struct wpa_global *global,
|
||||
}
|
||||
wpa_printf(MSG_DEBUG, "Using Android control socket '%s'",
|
||||
ctrl + 9);
|
||||
priv->android_control_socket = 1;
|
||||
goto havesock;
|
||||
}
|
||||
|
||||
@ -884,6 +899,7 @@ static int wpas_global_ctrl_iface_open_sock(struct wpa_global *global,
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"Using Android control socket '%s'",
|
||||
ctrl);
|
||||
priv->android_control_socket = 1;
|
||||
goto havesock;
|
||||
}
|
||||
}
|
||||
@ -1064,6 +1080,16 @@ static int wpas_ctrl_iface_global_reinit(struct wpa_global *global,
|
||||
if (priv->sock <= 0)
|
||||
return -1;
|
||||
|
||||
/*
|
||||
* On Android, the control socket being used may be the socket
|
||||
* that is created when wpa_supplicant is started as a /init.*.rc
|
||||
* service. Such a socket is maintained as a key-value pair in
|
||||
* Android's environment. Closing this control socket would leave us
|
||||
* in a bad state with an invalid socket descriptor.
|
||||
*/
|
||||
if (priv->android_control_socket)
|
||||
return priv->sock;
|
||||
|
||||
eloop_unregister_read_sock(priv->sock);
|
||||
close(priv->sock);
|
||||
priv->sock = -1;
|
||||
|
Loading…
Reference in New Issue
Block a user