path: root/src/wps/httpread.c
Commit message (Collapse)AuthorAgeFilesLines
* WPS: Remove duplicated isgraph() loop in HTTP header parsingJouni Malinen2015-08-281-2/+0
| | | | | | | The hbp pointer is moved to the next space already earlier in this code path, so the while loop here did not really do anything. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Fix HTTP body length checkJouni Malinen2015-08-241-3/+6
| | | | | | | | | | | | | | Commit 7da4f4b4991c85f1122a4591d8a4b7dd3bd12b4e ('WPS: Check maximum HTTP body length earlier in the process') added too strict check for body length allocation. The comparison of new_alloc_nbytes against h->max_bytes did not take into account that HTTPREAD_BODYBUF_DELTA was added to previous allocation even if that ended up going beyond h->max_bytes. This ended up rejecting some valid HTTP operations, e.g., when checking AP response to WPS ER setting selected registrar. Fix this by taking HTTPREAD_BODYBUF_DELTA into account. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Add more debug prints to httpreadJouni Malinen2015-05-031-5/+27
| | | | | | These can be helpful when debugging HTTP error cases. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Replace the httpread_debug design with standard debug printsJouni Malinen2015-05-031-43/+18
| | | | | | | | | The debug information from httpread can be helpful in figuring out error cases in general and as such, should be enabled by default. Get rid of the hardcoded httpread_debug value that would require source code changes to enable. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Check maximum HTTP body length earlier in the processJouni Malinen2015-05-031-0/+13
| | | | | | | There is no need to continue processing a HTTP body when it becomes clear that the end result would be over the maximum length. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Extra validation step for HTTP readerJouni Malinen2015-05-031-0/+5
| | | | | | | | Verify that ncopy parameter to memcpy is not negative. While this is not supposed to be needed, it is a good additional protection against unknown implementation issues. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Fix HTTP chunked transfer encoding parserJouni Malinen2015-05-031-0/+7
| | | | | | | | | | | | | | | | | | | | | | strtoul() return value may end up overflowing the int h->chunk_size and resulting in a negative value to be stored as the chunk_size. This could result in the following memcpy operation using a very large length argument which would result in a buffer overflow and segmentation fault. This could have been used to cause a denial service by any device that has been authorized for network access (either wireless or wired). This would affect both the WPS UPnP functionality in a WPS AP (hostapd with upnp_iface parameter set in the configuration) and WPS ER (wpa_supplicant with WPS_ER_START control interface command used). Validate the parsed chunk length value to avoid this. In addition to rejecting negative values, we can also reject chunk size that would be larger than the maximum configured body length. Thanks to Kostya Kortchinsky of Google security team for discovering and reporting this issue. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Clean up indentation level (CID 68109)Jouni Malinen2014-06-121-2/+2
| | | | | | | | The implementation here was doing what it was supposed to, but the code was indented in a way that made it quite confusing in the context of a single line if statement body. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS HTTP: Remove unused assignmentJouni Malinen2014-04-291-1/+0
| | | | | | bbp is not used in the code path that skips trailers. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove unnecessary extra tracking of eloop registrationJouni Malinen2013-12-291-24/+9
| | | | | | | | It is fine to try to cancel a registration that does not exist, so there is no need to have the duplicated checks for eloop timeout and socket registration. Signed-hostap: Jouni Malinen <j@w1.fi>
* Replace unnecessary hex_value() with hex2byte()Jouni Malinen2013-12-291-15/+1
| | | | | | | There is no need to maintain two functions for doing the same type of hex-to-binary conversion. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove the GPL notification from files contributed by AtherosJouni Malinen2012-02-111-8/+2
| | | | | | | Remove the GPL notification text from files that were initially contributed by Atheros Communications or Qualcomm Atheros. Signed-hostap: Jouni Malinen <j@w1.fi>
* Fix doxygen file level commentsJouni Malinen2009-11-281-1/+1
* Fix small HTTP processing issuesJouni Malinen2009-04-151-2/+5
| | | | | Parse "Transfer-Encoding: chunked" properly. Get more data if read buffer is empty when starting to process the body.
* WPS: Add support for external Registrars using UPnP transportJouni Malinen2009-01-291-0/+858
This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.