Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-17 18:34:03 -05:00
Code Issues Projects Releases Wiki Activity

Do not re-open Android control sockets

Browse Source 
On Android, the control socket being used may be the socket that is
created when wpa_supplicant is started as a /init.*.rc service. Such a
socket is maintained as a key-value pair in Android's environment.
Closing this control socket would leave wpa_supplicant in a bad state.
When wpa_supplicant re-opens the ctrl_iface socket, it will query the
Android's environment, and will be returned with the same socket
descriptor that has already been closed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Neelansh Mittal 2014-11-25 15:41:28 +05:30 committed by Jouni Malinen
parent 378dec5af9
commit 3a7414b6a6
1 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
wpa_supplicant/ctrl_iface_unix.c
View File

@ -47,6 +47,7 @@ struct ctrl_iface_priv {
struct wpa_supplicant *wpa_s; struct wpa_supplicant *wpa_s;
int sock; int sock;
struct dl_list ctrl_dst; struct dl_list ctrl_dst;
int android_control_socket;
}; };
@ -54,6 +55,7 @@ struct ctrl_iface_global_priv {
struct wpa_global *global; struct wpa_global *global;
int sock; int sock;
struct dl_list ctrl_dst; struct dl_list ctrl_dst;
int android_control_socket;
}; };
@ -340,8 +342,10 @@ static int wpas_ctrl_iface_open_sock(struct wpa_supplicant *wpa_s,
os_snprintf(addr.sun_path, sizeof(addr.sun_path), "wpa_%s", os_snprintf(addr.sun_path, sizeof(addr.sun_path), "wpa_%s",
wpa_s->conf->ctrl_interface); wpa_s->conf->ctrl_interface);
priv->sock = android_get_control_socket(addr.sun_path); priv->sock = android_get_control_socket(addr.sun_path);
if (priv->sock >= 0) if (priv->sock >= 0) {
priv->android_control_socket = 1;
goto havesock; goto havesock;
}
#endif /* ANDROID */ #endif /* ANDROID */
if (os_strncmp(buf, "DIR=", 4) == 0) { if (os_strncmp(buf, "DIR=", 4) == 0) {
dir = buf + 4; dir = buf + 4;
@ -556,6 +560,16 @@ static int wpas_ctrl_iface_reinit(struct wpa_supplicant *wpa_s,
if (priv->sock <= 0) if (priv->sock <= 0)
return -1; return -1;
/*
* On Android, the control socket being used may be the socket
* that is created when wpa_supplicant is started as a /init.*.rc
* service. Such a socket is maintained as a key-value pair in
* Android's environment. Closing this control socket would leave us
* in a bad state with an invalid socket descriptor.
*/
if (priv->android_control_socket)
return priv->sock;
eloop_unregister_read_sock(priv->sock); eloop_unregister_read_sock(priv->sock);
close(priv->sock); close(priv->sock);
priv->sock = -1; priv->sock = -1;
@ -870,6 +884,7 @@ static int wpas_global_ctrl_iface_open_sock(struct wpa_global *global,
} }
wpa_printf(MSG_DEBUG, "Using Android control socket '%s'", wpa_printf(MSG_DEBUG, "Using Android control socket '%s'",
ctrl + 9); ctrl + 9);
priv->android_control_socket = 1;
goto havesock; goto havesock;
} }
@ -884,6 +899,7 @@ static int wpas_global_ctrl_iface_open_sock(struct wpa_global *global,
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"Using Android control socket '%s'", "Using Android control socket '%s'",
ctrl); ctrl);
priv->android_control_socket = 1;
goto havesock; goto havesock;
} }
} }
@ -1064,6 +1080,16 @@ static int wpas_ctrl_iface_global_reinit(struct wpa_global *global,
if (priv->sock <= 0) if (priv->sock <= 0)
return -1; return -1;
/*
* On Android, the control socket being used may be the socket
* that is created when wpa_supplicant is started as a /init.*.rc
* service. Such a socket is maintained as a key-value pair in
* Android's environment. Closing this control socket would leave us
* in a bad state with an invalid socket descriptor.
*/
if (priv->android_control_socket)
return priv->sock;
eloop_unregister_read_sock(priv->sock); eloop_unregister_read_sock(priv->sock);
close(priv->sock); close(priv->sock);
priv->sock = -1; priv->sock = -1;