Confirm-before-commit validation step allowed execution to continue on
error case. This could result in segfault in sae_check_confirm() if the
temporary SAE data was not available (as it would not be, e.g., in case
of an extra SAE confirm message being received after successful
exchange). Fix this by stopping SAE processing immediately after
detecting unexpected state for confirm message. In addition, make the
public sae.c functions verify sae->tmp before dereferencing it to make
this type of bugs less likely to result in critical issues.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible to FAIL return for a P2P_FIND command that was issued
while an already started P2P_FIND operation was in the scan phase. This
can be confusing for upper layer software, so hide the failure report
from the ctrl_iface response. The previously started scan will continue
the find operation after this.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, unconfigured state was forcing the best supported
authentication and encryption state to be shown in WPS messages,
including AP Settings in M7 in case the AP acts as an Enrollee. This is
not really correct for the AP Settings case, so change that one to
indicate the currently configured state.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The mechanism of using Status attribute in GO Negotiation Request was
used in some early specification drafts, but it is not compliant with
the current P2P specification where GO Negotiation Request is used only
for the purpose of initiating a new GO Negotiation. However, some
deployed devices use it to indicate rejection of GO Negotiation in a
case where they have sent out GO Negotiation Response with status 1. The
P2P specification explicitly disallows this.
To avoid unnecessary interoperability issues and extra frames, mark the
pending negotiation as failed and do not reply to this GO Negotiation
Request frame. Previously, GO Negotiation Response frame with status=4
was sent back as an indication of the GO Negotiation Request frame being
invalid. This response is not sent anymore and the status code for the
P2P-GO-NEG-FAILURE event is changed from 4 (invalid parameters) to 11
(rejected by user) for this specific workaround case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for the driver to report Beacon RX prior to hostapd
having completed AP mode setup, e.g., when changing country code. Beacon
frame processing for OLBC was not prepared for this and could trigger
segfault due to NULL pointer dereference. Fix this by ignoring the
Beacon frames received prior to completing interface setup when
determining OLBC updates.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit b1f625e0d8 extended
ap_scan_as_station to be able to distinguish between AP and P2P GO
iftypes. However, it did this in a way that completely lost the original
mode because drv->nlmode had already been replaced with the station
mode. Fix this by storing the correct old mode.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If the peer device has already acknowledge receipt of the Invitation
Request frame, it is better not to re-start invitation by sending
another Invitation Request. This should not be needed since the peer
already has received the Invitation Request frame and sending the second
round in this type of sequence can cause issues with nl80211 offloaded
offchannel TX operations since driver_nl80211.c will lose the cookie
value for the first pending Action frame and may not be able to cancel
offchannel wait for it properly. this has been seen to trigger a failure
in the p2p_go_invite_auth test case with the scan failing due to GO
sending out Probe Response frame on incorrect channel (the channel used
in that not-cancelled Action TX).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit bd3a373767 added a mechanism to use
AP Channel attribute from within a Credential attribute to optimize
scans. However, this design is not actually used with the WPS NFC use
cases. With configuration token, the AP Channel attribute is in the same
container with the Credential attribute (and that was also handled in
the previous implementation). With connection handover, AP Channel
information is outside the Credential attribute as well.
Simplify implementation by removing the AP Channel within Credential
case. This allows wpas_wps_use_cred() to get the AP Channel from the
container instead of having to find this during credential iteration.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This is not really used in practice and there is no need to maintain
unsed code that would only print debug log entries.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 795baf773f ('hostapd: Filter
channel list updated events after country code change') uses the
EVENT_CHANNEL_LIST_CHANGED data pointer, but it updated only one of the
callers to provide that data. NL80211_CMD_REG_BEACON_HINT event was
still sending the event without the initiator data and resulted in NULL
pointer dereference, e.g., if a scan was run while hostapd was running
and the driver was in world roaming state and enabled a channel for
active scans.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The hostapd compilation displays a below warning On NetBSD 6.1.2.
../src/drivers/driver_bsd.c:72:1: warning: 'get80211opmode' defined but not used
This patch solves it and moves other functions to appropriate position to
reduce #ifdef.
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
Before this patch, 1 second timeout was used for regulatory updates. In
some cases, specially when we reload driver modules on some slower
platforms this could take more than 1 second (about 2 seconds). This is
important specially for DFS case, where we have to have correct DFS
region before we will start CAC. In other case (unknown DFS region), CAC
will fail. 5 seconds should be enough for all cases.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
The original RSSI filter semantics for scheduled scan were
really confusing - a separate matchset was created, but it
wasn't actually treated as a separate matchset in the kernel
but rather used as the global RSSI value. The RSSI matchset
thus behaved like an RSSI filter outside of the matchsets,
being ANDed rather than ORed (as normal between matchsets.)
To make this less confusing, I changed the kernel API a bit
to actually treat the RSSI inside each matchset properly,
but keeping it compatible with the old approach by using a
matchset with only an RSSI value as the default for all the
other matchsets, and adding it as a separate matchset only
if it's the only one.
The proper way for wpa_supplicant to do this then would be
to add the RSSI to each SSID matchset, and only add another
matchset without SSID if there's none with.
However, to keep compatibility with older kernels, always
keep the non-SSID matchset and only add the RSSI to all the
other matchsets. This gets close to the desired behaviour,
the only difference would be that we shouldn't add the RSSI
matchset if there are others, but stays compatible with old
and new kernels, as new ones ignore the RSSI-only matchset
if there are others and those others have an RSSI.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
1. In wpa_config_process_bgscan() fix memory leak after
calling wpa_config_parse_string()
2. In hostapd_config_defaults(), on failure to allocate bss->radius,
conf->bss was not freed.
3. In p2p_deauth_nofif(), memory allocated in p2p_parse_ies() was not
freed in case of NULL minor_reason_code.
4. In p2p_disassoc_nofif(), memory allocated in p2p_parse_ies() was
not freed in case of NULL minor_reason_code.
5. In p2p_process_go_neg_conf(), memory allocated was not freed in
case that the P2P Device interface was not waiting for a
GO Negotiation Confirm.
6. In wpa_set_pkcs11_engine_and_module_path(), the wrong pointer was
checked.
Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
It is possible for channel switch notification to be missing channel
type attribute. This is true at least for VHT80. This led to
iface->conf->secondary_channel being set to 0. This in turn made
subsequent DFS-triggered CSA to fail due to invalid frequency
parameters.
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
This checks if the NL80211_ATTR_IFINDEX attribute is present before
trying to get the value of interface index.
Signed-hostap: Shital Jaju <shitalj@broadcom.com>
If CONFIG_WPS_TESTING=y is enabled in build configuration, the new
wps_corrupt_pkhash parameter (similar to wps_testing_dummy_cred) can be
used to request public key hash to be corrupted in all generated OOB
Device Password attributes. This can be used for testing purposes to
validate public key hash validation steps.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This adds a new P2P Invitation mechanism to invite a P2P Device with an
NFC Tag to an already operating group when the GO with NFC Device reads
the NFC Tag. The P2P Device with the NFC Tag will then accept invitation
and connect to the group automatically using its OOB Device Password.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When "P2P_SET nfc_tag 1" is used to enable the own NFC Tag for P2P, also
enable it for any running GO interface.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
P2P Group ID can optionally be included in the connection handover
messages when acting as a P2P Client in a group. Add this information
and show it in the P2P-NFC-PEER-CLIENT event message.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When the NFC connection handover message received from a peer indicates
that the peer is operating as a GO on a specific channel, use that
information to avoid having to go through full scan. In addition, skip
the separate join-a-group scan since we already know the operating
channel, GO P2P Device Address, and SSID.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This was already done for Registrar, but the Enrollee case did not
set config error properly if Registrar public key did not match the
hash received during NFC connection handover.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Instead of automatically triggering a connection, provide an indication
of one of the devices being a P2P client to upper layers to allow user
to determine what to do next.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Send a P2P-NFC-BOTH-GO event to upper layers to determine what to
do in case both devices going through NFC connection handover are
already operating as a GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This new mechanism allows P2P Client to request an IPv4 address from the
GO as part of the 4-way handshake to avoid use of DHCP exchange after
4-way handshake. If the new mechanism is used, the assigned IP address
is shown in the P2P-GROUP-STARTED event on the client side with
following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP
address is included in the AP-STA-CONNECTED event on the GO side as a
new ip_addr parameter. The IP address is valid for the duration of the
association.
The IP address pool for this new mechanism is configured as global
wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask,
ip_addr_star, ip_addr_end. For example:
ip_addr_go=192.168.42.1
ip_addr_mask=255.255.255.0
ip_addr_start=192.168.42.2
ip_addr_end=192.168.42.100
DHCP mechanism is expected to be enabled at the same time to support P2P
Devices that do not use the new mechanism. The easiest way of managing
the IP addresses is by splitting the IP address range into two parts and
assign a separate range for wpa_supplicant and DHCP server.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When NFC connection handover is used to trigger GO Negotiation, the
channel used for the GO Negotiation frames is already known. As such,
there is no need to use the Listen operations to find the peer.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The device with the NFC Tag can be configured to enable NFC to be used
with "P2P_SET nfc_tag 1" and "P2P_LISTEN" commands to allow static
handover to be used.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
"NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to
report completed NFC negotiated connection handover in which the P2P
alternative carrier was selected.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
"NFC_GET_HANDOVER_{REQ,SEL} NDEF P2P-CR" can now be used to build P2P
alternative carrier record for NFC connection handover request/select
messages.
Static connection handover case can be enabled by configuring the DH
parameters (either with wps_nfc_* configuration parameters or with
WPS_NFC_TOKEN command at run time. The NFC Tag contents can be generated
with "NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG" after having configured
Listen channel (p2p_listen_reg_class/p2p_listen_channel).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
GO Negotiation needs to know which OOB Device Password ID is assigned
for the peer when NFC is used as the trigger.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
These functions can be used to build the WPS attributes for P2P NFC
connection handover messages.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new WPS connection handover select includes Registrar public key
hash instead of credential. Use the new information to start
abbreviated WPS handshake instead of configuring a new network directly
from the old Credential-from-NFC design.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The contents of the WPS connection handover select message was modified
to include the Registrar public key hash instead of the credential.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new NFC connection handover design requires the AP/Registrar to
process the connection handover request message received from the
Enrollee. Add control interface commands for handling this.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is more useful to be able to build a single NFC carrier record
instead of the full connection handover request message to allow
external components to decide whether to negotiate which alternative
carrier is used. This updates the carrier record contents to the new
design to include Enrollee public key hash and provides this as a
carrier record instead of full message. An external program is expected
to be used to build the full NFC connection handover message with
potentially other alternative carrier records included.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>