Commit message (Collapse)AuthorAgeFilesLines
* EAP-TLS server: Fix TLS Message Length validationHEADmasterJouni Malinen2012-10-071-0/+8
| | | | | | | | | | | | | | | | | | | | | EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS Message Length value properly and could end up trying to store more information into the message buffer than the allocated size if the first fragment is longer than the indicated size. This could result in hostapd process terminating in wpabuf length validation. Fix this by rejecting messages that have invalid TLS Message Length value. This would affect cases that use the internal EAP authentication server in hostapd either directly with IEEE 802.1X or when using hostapd as a RADIUS authentication server and when receiving an incorrectly constructed EAP-TLS message. Cases where hostapd uses an external authentication are not affected. Thanks to Timo Warns for finding and reporting this issue. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1 (cherry picked from commit 586c446e0ff42ae00315b014924ec669023bd8de)
* nl80211: Avoid infinite loop when searching a BSSJouni Malinen2012-06-301-8/+11
| | | | | | | When hostapd is removing a virtual BSS interface, the loop here was incorrectly not updating the iterator during list traversal and ended up in an infinite loop in some cases. (cherry picked from commit 8546ea19301f31e5faf58a0f154773c3123e6474)
* dbus: Emit property changed events when adding/removing BSSesDan Williams2010-12-172-0/+7
| | | | | | | | The supplicant was not emitting property changed events when the BSSs property changed. Signed-off-by: Dan Williams <dcbw@redhat.com> (cherry picked from commit 1e6288df6b07a353a9246b77e0de2a840b5f2c72)
* nl80211: Set cipher suites when using user space SMEJouni Malinen2010-12-132-0/+46
| | | | | | | | | | | Previously, pairwise and group cipher suites were configured only when kernel SME (nl80211 connect API) was used. However, mac80211 needs this information even in the user space SME case for one thing: to disable HT when TKIP/WEP is used. Add NL80211_ATTR_CIPHER_SUITES_PAIRWISE to fix this special case with user space SME. This allows mac80211 to disable HT properly when the AP is configured with configuration that is not allowed. (cherry picked from commit aca016054885c17d58c41888698761f2e1ce2b39)
* AP: Verify that HT40 secondary channel is supportedJouni Malinen2010-11-121-0/+26
| | | | | | Refuse to enable HT40 mode AP unless both the primary and secondary channels are enabled for AP use. (cherry picked from commit 8ea3dd21d2e8b760612af0c7b6a3bb5b89ba7304)
* Preparations for 0.7.3 releasehostap_0_7_3Jouni Malinen2010-09-073-1/+36
* WPS: Fix hostapd build without CONFIG_WPS_UPNPJouni Malinen2010-09-071-0/+6
| | | | | | | Commit 5a1cc30f1a04eb19d315680928927651024e172e added code that was assuming CONFIG_WPS_UPNP is enabled whenever CONFIG_WPS is. Fix this by making the UPnP calls conditional on CONFIG_WPS_UPNP define. (cherry picked from commit 0caf077bc16a1061fb78cede8d0916eb24b3bd8a)
* Indicate Barker Preamble Mode in ERP IE also based on local configurationJouni Malinen2010-09-051-1/+2
| | | | | | | | | While this is not strictly speaking required based on dynamic configuration (i.e., dot11ShortPreambleOptionImplemented is static value based on implementation, not runtime configuration), it is better to follow local configuration parameter for short preamble in addition to the associated station capabilities. (cherry picked from commit a0fad21014923a9b7b36ebeebb623f3cbb44e076)
* atheros: Fix driver deinit function to be runJouni Malinen2010-09-051-1/+1
| | | | | hostapd uses hapd_deinit(), not deinit() wpa_driver_ops. (cherry picked from commit 702934a163ce726c6d7309d0a5ad39009b0b4d1e)
* atheros: Deinit l2_packet sock_xmit on error pathJouni Malinen2010-09-051-0/+2
| | | | (cherry picked from commit 4a46e82fb47499f7c89fae855d0670c713c8330c)
* Fix segfault in hostapd_eid_ht_capabilities() with some driversJouni Malinen2010-09-051-1/+1
| | | | | | | | This function is not really needed in case of drivers that build the HT IEs internally. However, since this can get called if ieee80211n=1 is set in hostapd.conf, we better not segfault even if the driver does not provide hw info (hapd->iface->current_mode == NULL). (cherry picked from commit 8421e95c712e10fca768ee8bfe3d334cba6a9d12)
* Fix hostapd build with CONFIG_IEEE80211N but without NEED_AP_MLMEJouni Malinen2010-09-051-2/+2
| | | | (cherry picked from commit b070460b1a1848159e68f3714ffb56dc6d67eef9)
* dbus: Verify WPA/RSN IE parser result before returning dataJouni Malinen2010-09-051-4/+10
| | | | (cherry picked from commit af3e1b0ec2f450024e8db2b710b1348b70312916)
* wpa_supplicant AP: Make sure deauth/disassoc event is validJouni Malinen2010-09-051-2/+2
| | | | | | | | Verify that the driver wrapper is using a valid deauth/disassoc event before dereferencing the addr pointer. The address is required to be set in AP mode, but it is safer to verify this here than to trust on all driver wrappers doing the correct thing. (cherry picked from commit 7f5420691e45cf1f1facd3baafa58c324819a868)
* WPS: Use more defensive design to avoid theoretical NULL derefJouni Malinen2010-09-051-2/+3
| | | | | | | | Prior to commit 6195adda9b4306cda2b06b930c59c95832d026a9 the sm->user dereference did not exist here. While this is in practice non-NULL, better use more defensive construction here to avoid NULL pointer dereference should this ever change. (cherry picked from commit cce1f698e58843d67f598b6a7161756d546e5b66)
* wpa_gui-qt4: Update copyright years to include 2010Jouni Malinen2010-09-051-2/+2
| | | | (cherry picked from commit a745b7a775d449222f17bd338bab4802e05435c0)
* Update WinPcap to the latest stable version 4.1.2Jouni Malinen2010-09-051-3/+3
| | | | (cherry picked from commit 17f9f44ed88be1fdccc2fa0af0ba63bc428d9aff)
* Add libgcc_s_dw2-1.dll to the Windows installation packageJouni Malinen2010-09-051-0/+2
| | | | | This seems to be needed for wpa_gui.exe with the new Qt version. (cherry picked from commit 687179edb59c3fac156c9ef0bd43226866f92f19)
* l2_packet_ndis: Fix overlapped write not to corrupt stackJouni Malinen2010-09-051-5/+11
| | | | | | | | | | When using overlapped write, we must have the provided memory areas available during the operation and cannot just use stack unless we wait for the completion within the function. In the case of TX here, we can easily wait for the completion since it is likely to happen immediately. In addition, this provides more reliable success/failure return value for l2_packet_send(). [Bug 328] (cherry picked from commit f4e5fd948a43f1889774aa3a6920ded90bb678ea)
* winreg: Get rid of compiler warningJouni Malinen2010-09-051-1/+1
| | | | (cherry picked from commit de1267d4eb69084b342dd8fdf392434d19cf6464)
* hostapd: enable STBC only for STBC capable STAsHelmut Schaa2010-09-051-2/+10
| | | | | | | | | | | | | | hostapd simply used its own STBC configuration in the STA's HT caps. This resulted in TX STBC being used for STAs not supporting RX STBC, which in turn resulted in the STA not receiving anything. Fix this by handling the STBC flags in the same way mac80211 does. Mask out RX STBC if we don't support TX STBC and vice versa. Tested only with the nl80211 driver and a STBC incapable STA. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> (cherry picked from commit 36af1c7d31bdc5ba4dacacbf32d3c7585665ae2b)
* bgscan simple: Skip immediate scan on initial signal eventJouni Malinen2010-09-051-14/+25
| | | | | | | | The driver is likely to indicate an immediate signal event when the threshold value is configured. Since we do this immediately after association, there is not much point in requesting a new scan to be started based on this event. (cherry picked from commit 1e6ef6455cd4c4213c269fa843ab53d9b392baf4)
* trace: Fix void pointer arithmeticMasashi Honma2010-09-051-2/+2
| | | | | | | The arithmetic on void pointer exists in trace routine. On GNU C, it works because void pointer size is 1, but not all compilers behave like this. So this patch specifies the size of the pointer. (cherry picked from commit 9c77ad1889664f85f03ea13b629f3107189fe0cc)
* Cancel authentication timeout on local deauth/disassoc requestJouni Malinen2010-09-051-0/+2
| | | | | | | Without this, the timeout may be left behind even when we are not connected and may result in unwanted operation when the timeout triggers. (cherry picked from commit eb0a3c7f96a36ce9c7e4d9b8be049149e1f88423)
* WPS: Optimize M2 processing in AP Setup Locked caseJouni Malinen2010-09-051-4/+8
| | | | | | | There is no need to process the public key and generate keys if the AP is going to reject this M2 anyway. This limits effect of potential CPU DoS attacks in cases where AP PIN is disabled. (cherry picked from commit ef546700e2da4ca3c518a879310f4a816480ee3c)
* WPS: Add support for dynamic AP PIN managementJouni Malinen2010-09-059-5/+210
| | | | | | | | | | A new hostapd_cli command, wps_ap_pin, can now be used to manage AP PIN at runtime. This can be used to generate a random AP PIN and to only enable the AP PIN for short period (e.g., based on user action on the AP device). Use of random AP PIN that is only enabled for short duration is highly recommended to avoid security issues with a static AP PIN. (cherry picked from commit 5a1cc30f1a04eb19d315680928927651024e172e)
* Remove unused ieee802_11_send_deauth()Jouni Malinen2010-09-052-29/+0
| | | | (cherry picked from commit 31fa4c6d98bf7a5da304117c77a075fb4bf19626)
* WPS: Do not disable AP PIN permanently, only slow down attacksJouni Malinen2010-09-053-19/+37
| | | | | | | | | | | | | As a compromise between usability and security, do not disable AP PIN permanently based on failed PIN validations. Instead, go to AP Setup Locked state for increasing amount of time between each failure to slow down brute force attacks against the AP PIN. This avoids problems with some external Registrars that may try to use the same PIN multiple times without user input. Now, the user will still be able to fix the PIN and try again later while a real attack is delayed enough to make it impractical. (cherry picked from commit 944814106ec9c9f502ce4329783dd47c6f3d5fbd)
* WPS: Use WSC_NACK if no device password is known on M2 RXJouni Malinen2010-09-051-1/+2
| | | | | | | | This can happen on the AP if the AP PIN is not configured and the client tries to go through the protocol instead of just using Registrar mode to receive M1 from the AP. It is cleaner to send out the WSC_NACK instead of just stopping the protocol. (cherry picked from commit 035cc69d980d2e4bdd6e1d1260648f1033194655)
* WPS: Fix unused variable warningMasashi Honma2010-09-051-1/+1
| | | | | | | | | | | The wpa_supplicant compilation without CONFIG_WPS option results in messages below. scan.c: In function 'wpa_supplicant_scan': scan.c:246: warning: unused variable 'wps' This trivial patch erases this warning. (cherry picked from commit 509a39727f533a5592a5a899b0096f268e7e502a)
* EAP-FAST server: Add I-ID into PAC-InfoJouni Malinen2010-09-051-0/+5
| | | | | | | This indicates that the peer identity is associated with the credential and will be required to match with the identity used during authentication when the PAC is used (RFC 5422, 4.2.4). (cherry picked from commit 8cbd92ee2911defeed72f1c12e29124b5afa5cbb)
* dbus: Deauthenticate instead of disassociate on disconnect commandJouni Malinen2010-09-052-4/+7
| | | | | | | | | This clears up authentication state in the driver and in case of cfg80211, unlocks the BSS entry for the previously used AP. The previous commit cf4783e35fb4861181c275a3dbd607b58c7d4067 changed only the ctrl_iface DISCONNECT command behavior; this new commit does the same for D-Bus commands. (cherry picked from commit f9cd8587fb91f7f948f148ef10a8154714654d9d)
* sme: Check for prev_bssid from sme_event_disassocSamuel Ortiz2010-09-051-2/+2
| | | | | | | | | | wpa_s->bssid is already cleared by mark_disassoc() when we're getting the disassociation event for the case where wpa_supplicant requested disassociation. wpa_s->sme.prev_bssid holds the BSSID we need to check for, so use that instead. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> (cherry picked from commit 7e26053a2cffe400275dc57faf8681eea236809c)
* Fix memory leak in AP WEP key configurationJouni Malinen2010-09-051-0/+1
| | | | (cherry picked from commit 43dd46b3bcb9442d4ffc3ed2d241f8e4bb617f9e)
* sme: Try all authentication algorithms when the first one failsSamuel Ortiz2010-09-052-5/+27
| | | | | | | | | | | When passing several authentication algorithms through auth_alg, we should try all of them when the first one fails. The wext driver goes through the connect nl80211 command and the retries are then handled by the kernel. The nl80211 doesn't and we have to handle that from userspace. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> (cherry picked from commit cb1583f64b5a50ebc542719e41c569926a62f718)
* nl80211: Ignore "DEAUTH" messages from APs we are not associated toPaul Stewart2010-09-051-3/+19
| | | | | | | | | | | | | | | | DEAUTH messages can come from a number of different sources. The one that's hurting us currently is DEAUTH netlink messages coming to us from compat-wireless in response to local_state_change DEAUTH messages we sent as a part of cleaning up state in driver_nl80211's clear_state_mismatch() function. However, DEAUTH messages can come from a variety of unwanted sources, including directed denial-of-service attacks (although MAC verification doesn't place that high a barrier), so this validation is actually generically useful, I think. The downside to this method is that without a kernel based approach "iw dev wlan0 link" no longer works correctly after clear_state_mismatch() is done. This will be pursued with the kernel folks. (cherry picked from commit cb30b297bd79ac82d9cbb192dc90b783974750cd)
* Fix RSN preauth candidate list clearing to avoid segfaultsDaniel Gryniewicz2010-09-051-1/+4
| | | | | | | | | | | Commit c5b26e33c1829c62c3b5872865ca202f6c42436e broke the processing of the candidate list entries when an old entry was either removed or reused. The entry needs to be removed from the list to avoid leaving pointers to freed memory. http://bugs.gentoo.org/show_bug.cgi?id=330085 http://w1.fi/bugz/show_bug.cgi?id=372 (cherry picked from commit 6c78ae1443f8bf80f290d9672e0510d4b248aa57)
* nl80211: Remove unused pending_send_actionJohannes Berg2010-09-051-2/+0
| | | | | | | | This variable is assigned only once and never tested, so basically unused. Signed-off-by: Johannes Berg <johannes.berg@intel.com> (cherry picked from commit f48ffe4364e1b03044b7b3d5a59f0c8f0506ba9d)
* WPS: Allow AP to start in Enrollee mode without AP PIN for probingJouni Malinen2010-09-054-8/+16
| | | | | | | | | In theory, this should not really be needed, but Windows 7 uses Registrar mode to probe AP's WPS capabilities before trying to use Enrollee and fails if the AP does not allow that probing to happen. This allows the AP to start as an Enrollee and send M1, but refuse to continue beyond that (M3 will not be sent if AP PIN is not known). (cherry picked from commit 6195adda9b4306cda2b06b930c59c95832d026a9)
* FT: Send RRB data directly when managed by same hostapd processJouni Malinen2010-09-052-0/+62
| | | | | | | This makes it easier (and a bit faster) to handle multiple local radios with FT. There is no need to depend on l2_packet in that case since the frame can be delivered as a direct function call. (cherry picked from commit 67ccef7e6c1a28a074b7d217965cde58c841c598)
* Remove get-first-scan-results-before-request optimizationJouni Malinen2010-09-053-39/+4
| | | | | | This has already been disabled in most use cases and can result in problems with some drivers, so better just remove it completely. (cherry picked from commit 24f7694062f64dc9c549fbe8c348b0262bdb90e6)
* WPS: Move from WLAN_STA_MAYBE_WPS to WLAN_STA_WPS based on EAP messagesJouni Malinen2010-09-051-0/+25
| | | | | | | | If the station does not include WSC IE in Association Request, it is marked with WLAN_STA_MAYBE_WPS flag. We can update that to WLAN_STA_WPS if the station uses either of the WPS identity strings. This enables some workarounds for WPS stations. (cherry picked from commit 4e22adb4d1e6e300e76a107246e2047c0195aad3)
* WPS: Reduce client timeout with EAP-WSC to avoid long waitJouni Malinen2010-09-051-1/+12
| | | | | | | | This works around issues with EAP-Failure getting lost for some reason. Instead of waiting up to 60 seconds on a timeout, 30 second timeout is now used and whenever the provisioning step has been completed (either successfully or unsuccessfully), this timeout is reduced to 2 seconds. (cherry picked from commit 9301f6515e971a24cb99fc21a272147f3ee1bc9e)
* WPS: Force disconnection after provisioning stepJouni Malinen2010-09-051-0/+19
| | | | | | This works around some problems where the station is unable to disconnect for some reason (e.g., if EAP-Failure gets dropped). (cherry picked from commit 32397063032b28a255daca42f8902a3e7e202dd9)
* WPS: Limit WPS ER event_id < 2^31 bits to avoid issues with atoi()Jouni Malinen2010-07-211-0/+2
| | | | | | Previously, large event_id values (> 2^31) resulted in integer overflow that would make ER drop all events from the AP. (cherry picked from commit 08b19cb4049655f7a0703bbfb994ddf4c64f7276)
* Ignore scan results in wpa_supplicant AP modeJouni Malinen2010-07-181-1/+13
| | | | | | | This is needed to avoid trying to reassociate based on new scan results when using wpa_supplicant to control AP mode. This could happen if something external triggered the driver to run a scan. (cherry picked from commit 5bc0cdb7212cb53b82f0ac705bdef6088e24a71f)
* SME: Do not skip initial scan requestJouni Malinen2010-07-181-0/+1
| | | | | | | | | | When SME is in wpa_supplicant (mac80211), we need to make sure that the kernel code has valid BSS entry for the AP. In some cases it seemed to be possible to end up not having current information in cfg80211 or mac80211 which can result to association failures. Avoid this by always running through the scan request before initial connection attempt. (cherry picked from commit 4436274bef6d73227979c7ca5c87c25e323298b7)
* SME: Retry scan after authentication failureJouni Malinen2010-07-181-0/+1
| | | | | | This is needed to avoid getting stuck if driver fails authentication request for some reason. (cherry picked from commit 6e3f7173f1a560058c470d3dd6673d5461ce8f5b)
* Verify that l2_packet is initialized before notification callJouni Malinen2010-07-181-1/+2
| | | | | | | | It is possible that l2_packet is not used with wpa_supplicant in some cases, so better make sure we do not end up notifying l2_packet code about authentications unless it was actually initialized in the first place. (cherry picked from commit 3f967fe055cecf1f94c9ce43768b186b24ef4841)
* Fix wpa_supplicant AP mode to ignore EAPOL Supplicant port callbackJouni Malinen2010-07-181-0/+8
| | | | | | This is needed to avoid setting EAPOL PAE port status incorrectly when using wpa_supplicant to control AP mode operations. (cherry picked from commit 69a6b47aa0a4716ce8f3ceb253e5e1276cd4e85f)