PERFORCE change 78499 for review
Peter Wemm
peter at FreeBSD.org
Mon Jun 13 22:09:48 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=78499
Change 78499 by peter at peter_overcee on 2005/06/13 22:09:36
IFC @78498
Affected files ...
.. //depot/projects/hammer/contrib/hostapd/ChangeLog#2 integrate
.. //depot/projects/hammer/contrib/hostapd/Makefile#2 integrate
.. //depot/projects/hammer/contrib/hostapd/common.h#2 integrate
.. //depot/projects/hammer/contrib/hostapd/config.c#2 integrate
.. //depot/projects/hammer/contrib/hostapd/ctrl_iface.c#2 integrate
.. //depot/projects/hammer/contrib/hostapd/eapol_sm.c#2 integrate
.. //depot/projects/hammer/contrib/hostapd/eapol_sm.h#2 integrate
.. //depot/projects/hammer/contrib/hostapd/ieee802_1x.c#2 integrate
.. //depot/projects/hammer/contrib/hostapd/ms_funcs.c#2 integrate
.. //depot/projects/hammer/contrib/hostapd/radius_client.c#2 integrate
.. //depot/projects/hammer/contrib/hostapd/radius_server.c#2 integrate
.. //depot/projects/hammer/contrib/hostapd/tls_openssl.c#2 integrate
.. //depot/projects/hammer/contrib/hostapd/version.h#2 integrate
.. //depot/projects/hammer/contrib/hostapd/wpa.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/ChangeLog#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/README#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/config.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/ctrl_iface.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/eap.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/eap_mschapv2.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/eap_peap.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/eap_tls_common.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/eap_ttls.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/eapol_sm.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/ms_funcs.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/radius.c#1 branch
.. //depot/projects/hammer/contrib/wpa_supplicant/radius.h#1 branch
.. //depot/projects/hammer/contrib/wpa_supplicant/tls_openssl.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/version.h#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/wpa.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/wpa_ctrl.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/wpa_supplicant.c#2 integrate
.. //depot/projects/hammer/contrib/wpa_supplicant/wpa_supplicant_i.h#2 integrate
.. //depot/projects/hammer/lib/libpam/modules/pam_radius/pam_radius.c#10 integrate
.. //depot/projects/hammer/sys/net/if_stf.c#20 integrate
.. //depot/projects/hammer/sys/net80211/ieee80211_input.c#19 integrate
Differences ...
==== //depot/projects/hammer/contrib/hostapd/ChangeLog#2 (text+ko) ====
@@ -1,5 +1,19 @@
ChangeLog for hostapd
+2005-06-10 - v0.3.9
+ * fixed a bug which caused some RSN pre-authentication cases to use
+ freed memory and potentially crash hostapd
+ * fixed private key loading for cases where passphrase is not set
+ * fixed WPA2 to add PMKSA cache entry when using integrated EAP
+ authenticator
+ * driver_madwifi: fixed pairwise key removal to allow WPA reauth
+ without disassociation
+ * fixed RADIUS attribute Class processing to only use Access-Accept
+ packets to update Class; previously, other RADIUS authentication
+ packets could have cleared Class attribute
+ * fixed PMKSA caching (EAP authentication was not skipped correctly
+ with the new state machine changes from IEEE 802.1X draft)
+
2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases)
2005-01-23 - v0.3.5
==== //depot/projects/hammer/contrib/hostapd/Makefile#2 (text+ko) ====
@@ -228,6 +228,6 @@
$(CC) -o hostapd_cli hostapd_cli.o hostapd_ctrl.o
clean:
- rm -f core *~ *.o hostapd *.d driver_conf.c
+ rm -f core *~ *.o hostapd hostapd_cli *.d driver_conf.c
-include $(OBJS:%.o=%.d)
==== //depot/projects/hammer/contrib/hostapd/common.h#2 (text+ko) ====
@@ -8,8 +8,12 @@
#ifdef __FreeBSD__
#include <sys/types.h>
#include <sys/endian.h>
+#define __BYTE_ORDER _BYTE_ORDER
+#define __LITTLE_ENDIAN _LITTLE_ENDIAN
+#define __BIG_ENDIAN _BIG_ENDIAN
#define bswap_16 bswap16
#define bswap_32 bswap32
+#define bswap_64 bswap64
#endif
#ifdef CONFIG_NATIVE_WINDOWS
==== //depot/projects/hammer/contrib/hostapd/config.c#2 (text+ko) ====
@@ -597,7 +597,8 @@
}
if (conf->wpa && (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
- conf->wpa_psk == NULL && conf->wpa_passphrase == NULL) {
+ conf->wpa_psk == NULL && conf->wpa_passphrase == NULL &&
+ conf->wpa_psk_file == NULL) {
printf("WPA-PSK enabled, but PSK or passphrase is not "
"configured.\n");
return -1;
==== //depot/projects/hammer/contrib/hostapd/ctrl_iface.c#2 (text+ko) ====
@@ -20,6 +20,7 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <sys/uio.h>
#include <sys/stat.h>
#include <errno.h>
#include <netinet/in.h>
@@ -383,7 +384,8 @@
unlink(fname);
free(fname);
- if (rmdir(hapd->conf->ctrl_interface) < 0) {
+ if (hapd->conf->ctrl_interface &&
+ rmdir(hapd->conf->ctrl_interface) < 0) {
if (errno == ENOTEMPTY) {
wpa_printf(MSG_DEBUG, "Control interface "
"directory not empty - leaving it "
==== //depot/projects/hammer/contrib/hostapd/eapol_sm.c#2 (text+ko) ====
@@ -12,7 +12,7 @@
*
* See README and COPYING for more details.
*
- * $FreeBSD: src/contrib/hostapd/eapol_sm.c,v 1.2 2005/06/05 22:41:14 sam Exp $
+ * $FreeBSD: src/contrib/hostapd/eapol_sm.c,v 1.3 2005/06/13 17:07:31 sam Exp $
*/
#include <stdlib.h>
@@ -767,22 +767,22 @@
prev_ctrl_dir = sm->ctrl_dir.state;
SM_STEP_RUN(AUTH_PAE);
- if (!eapol_sm_sta_entry_alive(hapd, addr))
+ if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
break;
SM_STEP_RUN(BE_AUTH);
- if (!eapol_sm_sta_entry_alive(hapd, addr))
+ if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
break;
SM_STEP_RUN(REAUTH_TIMER);
- if (!eapol_sm_sta_entry_alive(hapd, addr))
+ if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
break;
SM_STEP_RUN(AUTH_KEY_TX);
- if (!eapol_sm_sta_entry_alive(hapd, addr))
+ if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
break;
SM_STEP_RUN(KEY_RX);
- if (!eapol_sm_sta_entry_alive(hapd, addr))
+ if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
break;
SM_STEP_RUN(CTRL_DIR);
- if (!eapol_sm_sta_entry_alive(hapd, addr))
+ if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))
break;
} while (prev_auth_pae != sm->auth_pae.state ||
prev_be_auth != sm->be_auth.state ||
@@ -803,12 +803,14 @@
void eapol_sm_initialize(struct eapol_state_machine *sm)
{
+ sm->initializing = TRUE;
/* Initialize the state machines by asserting initialize and then
* deasserting it after one step */
sm->initialize = TRUE;
eapol_sm_step(sm);
sm->initialize = FALSE;
eapol_sm_step(sm);
+ sm->initializing = FALSE;
/* Start one second tick for port timers state machine */
eloop_cancel_timeout(eapol_port_timers_tick, sm->hapd, sm);
==== //depot/projects/hammer/contrib/hostapd/eapol_sm.h#2 (text+ko) ====
@@ -195,6 +195,8 @@
*/
u8 currentId;
+ Boolean initializing; /* in process of initializing state machines */
+
/* Somewhat nasty pointers to global hostapd and STA data to avoid
* passing these to every function */
struct hostapd_data *hapd;
==== //depot/projects/hammer/contrib/hostapd/ieee802_1x.c#2 (text+ko) ====
@@ -12,7 +12,7 @@
*
* See README and COPYING for more details.
*
- * $FreeBSD: src/contrib/hostapd/ieee802_1x.c,v 1.2 2005/06/05 22:41:14 sam Exp $
+ * $FreeBSD: src/contrib/hostapd/ieee802_1x.c,v 1.3 2005/06/13 17:07:31 sam Exp $
*/
#include <stdlib.h>
@@ -1157,6 +1157,7 @@
session_timeout_set ?
session_timeout : -1);
}
+ ieee802_1x_store_radius_class(hapd, sta, msg);
break;
case RADIUS_CODE_ACCESS_REJECT:
sm->eapFail = TRUE;
@@ -1180,7 +1181,6 @@
break;
}
- ieee802_1x_store_radius_class(hapd, sta, msg);
ieee802_1x_decapsulate_radius(hapd, sta);
if (override_eapReq)
sm->be_auth.eapReq = FALSE;
@@ -1669,6 +1669,7 @@
return len;
}
+
void ieee802_1x_finished(struct hostapd_data *hapd, struct sta_info *sta,
int success)
{
@@ -1682,4 +1683,3 @@
pmksa_cache_add(hapd, sta, key, dot11RSNAConfigPMKLifetime);
}
}
-
==== //depot/projects/hammer/contrib/hostapd/ms_funcs.c#2 (text+ko) ====
@@ -158,12 +158,14 @@
};
const unsigned char *addr[3];
const size_t len[3] = { 16, 24, sizeof(magic1) };
+ u8 hash[SHA1_MAC_LEN];
addr[0] = password_hash_hash;
addr[1] = nt_response;
addr[2] = magic1;
- sha1_vector(3, addr, len, master_key);
+ sha1_vector(3, addr, len, hash);
+ memcpy(master_key, hash, 16);
}
==== //depot/projects/hammer/contrib/hostapd/radius_client.c#2 (text+ko) ====
@@ -506,7 +506,7 @@
rconf = hapd->conf->auth_server;
}
- len = recv(sock, buf, sizeof(buf), 0);
+ len = recv(sock, buf, sizeof(buf), MSG_DONTWAIT);
if (len < 0) {
perror("recv[RADIUS]");
return;
==== //depot/projects/hammer/contrib/hostapd/radius_server.c#2 (text+ko) ====
@@ -325,6 +325,7 @@
{
struct radius_msg *msg;
int ret = 0;
+ struct eap_hdr eapfail;
RADIUS_DEBUG("Reject invalid request from %s:%d",
inet_ntoa(from->sin_addr), ntohs(from->sin_port));
@@ -335,6 +336,16 @@
return -1;
}
+ memset(&eapfail, 0, sizeof(eapfail));
+ eapfail.code = EAP_CODE_FAILURE;
+ eapfail.identifier = 0;
+ eapfail.length = htons(sizeof(eapfail));
+
+ if (!radius_msg_add_eap(msg, (u8 *) &eapfail, sizeof(eapfail))) {
+ RADIUS_DEBUG("Failed to add EAP-Message attribute");
+ }
+
+
if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
client->shared_secret_len,
request->hdr->authenticator) < 0) {
@@ -395,6 +406,7 @@
sess = radius_server_get_new_session(data, client, msg);
if (sess == NULL) {
RADIUS_DEBUG("Could not create a new session");
+ radius_server_reject(data, client, msg, from);
return -1;
}
}
==== //depot/projects/hammer/contrib/hostapd/tls_openssl.c#2 (text+ko) ====
@@ -489,9 +489,12 @@
if (private_key == NULL)
return 0;
- passwd = strdup(private_key_passwd);
- if (passwd == NULL)
- return -1;
+ if (private_key_passwd) {
+ passwd = strdup(private_key_passwd);
+ if (passwd == NULL)
+ return -1;
+ } else
+ passwd = NULL;
SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
==== //depot/projects/hammer/contrib/hostapd/version.h#2 (text+ko) ====
@@ -1,6 +1,6 @@
#ifndef VERSION_H
#define VERSION_H
-#define VERSION_STR "0.3.7"
+#define VERSION_STR "0.3.9"
#endif /* VERSION_H */
==== //depot/projects/hammer/contrib/hostapd/wpa.c#2 (text+ko) ====
@@ -12,7 +12,7 @@
*
* See README and COPYING for more details.
*
- * $FreeBSD: src/contrib/hostapd/wpa.c,v 1.2 2005/06/05 22:41:14 sam Exp $
+ * $FreeBSD: src/contrib/hostapd/wpa.c,v 1.3 2005/06/13 17:07:31 sam Exp $
*/
#include <stdlib.h>
@@ -1416,6 +1416,14 @@
key = (struct wpa_eapol_key *) (hdr + 1);
key_info = ntohs(key->key_info);
key_data_length = ntohs(key->key_data_length);
+ if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
+ wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
+ "key_data overflow (%d > %lu)",
+ key_data_length,
+ (unsigned long) (data_len - sizeof(*hdr) -
+ sizeof(*key)));
+ return;
+ }
/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
* are set */
==== //depot/projects/hammer/contrib/wpa_supplicant/ChangeLog#2 (text+ko) ====
@@ -1,5 +1,28 @@
ChangeLog for wpa_supplicant
+2005-06-10 - v0.3.9
+ * modified the EAP workaround that accepts EAP-Success with incorrect
+ Identifier to be even less strict about verification in order to
+ interoperate with some authentication servers
+ * fixed RSN IE in 4-Way Handshake message 2/4 for the case where
+ Authenticator rejects PMKSA caching attempt and the driver is not
+ using assoc_info events
+ * fixed a possible double free in EAP-TTLS fast-reauthentication when
+ identity or password is entered through control interface
+ * added -P<pid file> argument for wpa_supplicant to write the current
+ process id into a file
+ * driver_madwifi: fixed association in plaintext mode
+ * driver_madwifi: added preliminary support for compiling against 'BSD'
+ branch of madwifi CVS tree
+ * added EAP workaround for PEAPv1 session resumption: allow outer,
+ i.e., not tunneled, EAP-Success to terminate session since; this can
+ be disabled with eap_workaround=0
+ * driver_ipw: updated driver structures to match with ipw2200-1.0.4
+ (note: ipw2100-1.1.0 is likely to require an update to work with
+ this)
+ * driver_broadcom: fixed couple of memory leaks in scan result
+ processing
+
2005-02-13 - v0.3.8
* fixed EAPOL-Key validation to drop packets with invalid Key Data
Length; such frames could have crashed wpa_supplicant due to buffer
==== //depot/projects/hammer/contrib/wpa_supplicant/README#2 (text+ko) ====
@@ -6,9 +6,7 @@
All Rights Reserved.
This program is dual-licensed under both the GPL version 2 and BSD
-license. Either license may be used at your option. Please note that
-some of the driver interface implementations (driver_*.c) may be
-licensed under a different license.
+license. Either license may be used at your option.
==== //depot/projects/hammer/contrib/wpa_supplicant/config.c#2 (text+ko) ====
@@ -245,7 +245,7 @@
return -1;
start = buf;
- while (start != '\0') {
+ while (*start != '\0') {
while (*start == ' ' || *start == '\t')
start++;
if (*start == '\0')
@@ -295,7 +295,7 @@
return -1;
start = buf;
- while (start != '\0') {
+ while (*start != '\0') {
while (*start == ' ' || *start == '\t')
start++;
if (*start == '\0')
@@ -349,7 +349,7 @@
return -1;
start = buf;
- while (start != '\0') {
+ while (*start != '\0') {
while (*start == ' ' || *start == '\t')
start++;
if (*start == '\0')
@@ -441,7 +441,7 @@
return -1;
start = buf;
- while (start != '\0') {
+ while (*start != '\0') {
while (*start == ' ' || *start == '\t')
start++;
if (*start == '\0')
@@ -494,7 +494,7 @@
return -1;
start = buf;
- while (start != '\0') {
+ while (*start != '\0') {
while (*start == ' ' || *start == '\t')
start++;
if (*start == '\0')
==== //depot/projects/hammer/contrib/wpa_supplicant/ctrl_iface.c#2 (text+ko) ====
@@ -248,8 +248,9 @@
return -1;
*pos++ = '\0';
id = atoi(id_pos);
- wpa_printf(MSG_DEBUG, "CTRL_IFACE: field=%s id=%d value='%s'",
- rsp, id, pos);
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE: field=%s id=%d", rsp, id);
+ wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: value",
+ (u8 *) pos, strlen(pos));
ssid = wpa_s->conf->ssid;
while (ssid) {
@@ -606,6 +607,16 @@
if (wpa_s->ctrl_sock > -1) {
char *fname;
eloop_unregister_read_sock(wpa_s->ctrl_sock);
+ if (wpa_s->ctrl_dst) {
+ /*
+ * Wait a second before closing the control socket if
+ * there are any attached monitors in order to allow
+ * them to receive any pending messages.
+ */
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "
+ "monitors to receive messages");
+ sleep(1);
+ }
close(wpa_s->ctrl_sock);
wpa_s->ctrl_sock = -1;
fname = wpa_supplicant_ctrl_iface_path(wpa_s);
==== //depot/projects/hammer/contrib/wpa_supplicant/eap.c#2 (text+ko) ====
@@ -458,19 +458,27 @@
static int eap_success_workaround(struct eap_sm *sm, int reqId, int lastId)
{
- /* At least Microsoft IAS and Meetinghouse Aegis seem to be sending
+ /*
+ * At least Microsoft IAS and Meetinghouse Aegis seem to be sending
* EAP-Success/Failure with lastId + 1 even though RFC 3748 and
* draft-ietf-eap-statemachine-05.pdf require that reqId == lastId.
+ * In addition, it looks like Ringmaster v2.1.2.0 would be using
+ * lastId + 2 in EAP-Success.
+ *
* Accept this kind of Id if EAP workarounds are enabled. These are
* unauthenticated plaintext messages, so this should have minimal
- * security implications (bit easier to fake EAP-Success/Failure). */
- if (sm->workaround && reqId == ((lastId + 1) & 0xff)) {
+ * security implications (bit easier to fake EAP-Success/Failure).
+ */
+ if (sm->workaround && (reqId == ((lastId + 1) & 0xff) ||
+ reqId == ((lastId + 2) & 0xff))) {
wpa_printf(MSG_DEBUG, "EAP: Workaround for unexpected "
"identifier field in EAP Success: "
"reqId=%d lastId=%d (these are supposed to be "
"same)", reqId, lastId);
return 1;
}
+ wpa_printf(MSG_DEBUG, "EAP: EAP-Success Id mismatch - reqId=%d "
+ "lastId=%d", reqId, lastId);
return 0;
}
==== //depot/projects/hammer/contrib/wpa_supplicant/eap_mschapv2.c#2 (text+ko) ====
@@ -126,8 +126,8 @@
{
struct wpa_ssid *config = eap_get_config(sm);
u8 *challenge, *peer_challenge, *username, *pos;
- int challenge_len, i, ms_len;
- size_t len, username_len;
+ int i, ms_len;
+ size_t len, challenge_len, username_len;
struct eap_mschapv2_hdr *resp;
u8 password_hash[16], password_hash_hash[16];
@@ -155,10 +155,12 @@
return NULL;
}
- if (len - challenge_len - 10 < 0) {
+ if (len < 10 || len - 10 < challenge_len) {
wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Too short challenge"
" packet: len=%lu challenge_len=%d",
(unsigned long) len, challenge_len);
+ ret->ignore = TRUE;
+ return NULL;
}
challenge = pos;
@@ -469,7 +471,8 @@
req = (struct eap_mschapv2_hdr *) reqData;
len = be_to_host16(req->length);
- if (len < sizeof(*req) + 2 || req->type != EAP_TYPE_MSCHAPV2) {
+ if (len < sizeof(*req) + 2 || req->type != EAP_TYPE_MSCHAPV2 ||
+ len > reqDataLen) {
wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Invalid frame");
ret->ignore = TRUE;
return NULL;
==== //depot/projects/hammer/contrib/wpa_supplicant/eap_peap.c#2 (text+ko) ====
@@ -380,6 +380,12 @@
if (data->pending_phase2_req) {
wpa_printf(MSG_DEBUG, "EAP-PEAP: Pending Phase 2 request - "
"skip decryption and use old data");
+ /* Clear TLS reassembly state. */
+ free(data->ssl.tls_in);
+ data->ssl.tls_in = NULL;
+ data->ssl.tls_in_len = 0;
+ data->ssl.tls_in_left = 0;
+ data->ssl.tls_in_total = 0;
in_decrypted = data->pending_phase2_req;
data->pending_phase2_req = NULL;
len_decrypted = data->pending_phase2_req_len;
@@ -391,6 +397,19 @@
if (res < 0 || res == 1)
return res;
+ if (in_len == 0 && sm->workaround && data->phase2_success) {
+ /*
+ * Cisco ACS seems to be using TLS ACK to terminate
+ * EAP-PEAPv0/GTC. Try to reply with TLS ACK.
+ */
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Received TLS ACK, but "
+ "expected data - acknowledge with TLS ACK since "
+ "Phase 2 has been completed");
+ ret->decision = DECISION_COND_SUCC;
+ ret->methodState = METHOD_DONE;
+ return 1;
+ }
+
buf_len = in_len;
if (data->ssl.tls_in_total > buf_len)
buf_len = data->ssl.tls_in_total;
@@ -713,6 +732,25 @@
wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to "
"derive key");
}
+
+ if (sm->workaround && data->peap_version == 1 &&
+ data->resuming) {
+ /*
+ * At least one RADIUS server (Aegis v1.1.6;
+ * but not v1.1.4) seems to be terminating
+ * PEAPv1 session resumption with outer
+ * EAP-Success. This does not seem to follow
+ * draft-josefsson-pppext-eap-tls-eap-05.txt
+ * section 4.2, so only allow this if EAP
+ * workarounds are enabled.
+ */
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Workaround - "
+ "allow outer EAP-Success to "
+ "terminate PEAPv1 resumption");
+ ret->decision = DECISION_COND_SUCC;
+ data->phase2_success = 1;
+ }
+
data->resuming = 0;
}
}
==== //depot/projects/hammer/contrib/wpa_supplicant/eap_tls_common.c#2 (text+ko) ====
@@ -160,6 +160,17 @@
u8 *buf;
if (data->tls_in_left > *in_len || data->tls_in) {
+ if (data->tls_in_len + *in_len == 0) {
+ free(data->tls_in);
+ data->tls_in = NULL;
+ data->tls_in_len = 0;
+ wpa_printf(MSG_WARNING, "SSL: Invalid reassembly "
+ "state: tls_in_left=%d tls_in_len=%d "
+ "*in_len=%d",
+ data->tls_in_left, data->tls_in_len,
+ *in_len);
+ return -1;
+ }
buf = realloc(data->tls_in, data->tls_in_len + *in_len);
if (buf == NULL) {
free(data->tls_in);
==== //depot/projects/hammer/contrib/wpa_supplicant/eap_ttls.c#2 (text+ko) ====
@@ -194,7 +194,7 @@
* add TLS Message Length field, if the frame is fragmented. */
resp = malloc(sizeof(struct eap_hdr) + 2 + data->ssl.tls_out_limit);
if (resp == NULL)
- return 0;
+ return -1;
resp->code = EAP_CODE_RESPONSE;
resp->identifier = id;
@@ -210,7 +210,7 @@
wpa_printf(MSG_INFO, "EAP-TTLS: Failed to encrypt Phase 2 "
"data");
free(resp);
- return 0;
+ return -1;
}
*out_len = sizeof(struct eap_hdr) + 2 + res;
@@ -265,6 +265,7 @@
avp = malloc(sizeof(struct ttls_avp) + *resp_len + 4);
if (avp == NULL) {
free(*resp);
+ *resp = NULL;
*resp_len = 0;
return -1;
}
@@ -782,6 +783,13 @@
if (data->pending_phase2_req) {
wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 request - "
"skip decryption and use old data");
+ /* Clear TLS reassembly state. */
+ free(data->ssl.tls_in);
+ data->ssl.tls_in = NULL;
+ data->ssl.tls_in_len = 0;
+ data->ssl.tls_in_left = 0;
+ data->ssl.tls_in_total = 0;
+
in_decrypted = data->pending_phase2_req;
data->pending_phase2_req = NULL;
len_decrypted = data->pending_phase2_req_len;
==== //depot/projects/hammer/contrib/wpa_supplicant/eapol_sm.c#2 (text+ko) ====
@@ -194,9 +194,8 @@
"heldWhile=%d startWhen=%d idleWhile=%d",
sm->authWhile, sm->heldWhile, sm->startWhen, sm->idleWhile);
+ eloop_register_timeout(1, 0, eapol_port_timers_tick, eloop_ctx, sm);
eapol_sm_step(sm);
-
- eloop_register_timeout(1, 0, eapol_port_timers_tick, eloop_ctx, sm);
}
==== //depot/projects/hammer/contrib/wpa_supplicant/ms_funcs.c#2 (text+ko) ====
@@ -158,12 +158,14 @@
};
const unsigned char *addr[3];
const size_t len[3] = { 16, 24, sizeof(magic1) };
+ u8 hash[SHA1_MAC_LEN];
addr[0] = password_hash_hash;
addr[1] = nt_response;
addr[2] = magic1;
- sha1_vector(3, addr, len, master_key);
+ sha1_vector(3, addr, len, hash);
+ memcpy(master_key, hash, 16);
}
==== //depot/projects/hammer/contrib/wpa_supplicant/tls_openssl.c#2 (text+ko) ====
@@ -489,9 +489,12 @@
if (private_key == NULL)
return 0;
- passwd = strdup(private_key_passwd);
- if (passwd == NULL)
- return -1;
+ if (private_key_passwd) {
+ passwd = strdup(private_key_passwd);
+ if (passwd == NULL)
+ return -1;
+ } else
+ passwd = NULL;
SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
==== //depot/projects/hammer/contrib/wpa_supplicant/version.h#2 (text+ko) ====
@@ -1,6 +1,6 @@
#ifndef VERSION_H
#define VERSION_H
-#define VERSION_STR "0.3.8"
+#define VERSION_STR "0.3.9"
#endif /* VERSION_H */
==== //depot/projects/hammer/contrib/wpa_supplicant/wpa.c#2 (text+ko) ====
@@ -1035,6 +1035,7 @@
if (hostapd_get_rand(wpa_s->snonce, WPA_NONCE_LEN)) {
wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to get "
"random data for SNonce");
+ free(rbuf);
return;
}
wpa_s->renew_snonce = 0;
@@ -1100,6 +1101,7 @@
wpa_s->cur_pmksa = NULL;
abort_cached = 1;
} else {
+ free(rbuf);
return;
}
}
@@ -1110,6 +1112,7 @@
"been received from the external IEEE "
"802.1X Supplicant - ignoring WPA "
"EAPOL-Key frame");
+ free(rbuf);
return;
#endif /* CONFIG_XSUPPLICANT_IFACE */
}
@@ -1120,6 +1123,7 @@
"full EAP authenication");
wpa_eapol_send(wpa_s, IEEE802_1X_TYPE_EAPOL_START,
(u8 *) "", 0);
+ free(rbuf);
return;
}
@@ -1963,8 +1967,9 @@
if (be_to_host16(key->key_data_length) > extra_len) {
wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
- "key_data overflow (%d > %d)",
- be_to_host16(key->key_data_length), extra_len);
+ "key_data overflow (%d > %lu)",
+ be_to_host16(key->key_data_length),
+ (unsigned long) extra_len);
return;
}
@@ -2009,6 +2014,12 @@
wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
+ if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
+ wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
+ "no key management is configured");
+ return;
+ }
+
if (wpa_s->eapol_received == 0) {
/* Timeout for completing IEEE 802.1X and WPA authentication */
wpa_supplicant_req_auth_timeout(
@@ -2252,6 +2263,7 @@
}
memset(ctx, 0, sizeof(*ctx));
ctx->ctx = wpa_s;
+ ctx->msg_ctx = wpa_s;
ctx->preauth = 1;
ctx->cb = rsn_preauth_eapol_cb;
ctx->cb_ctx = wpa_s;
==== //depot/projects/hammer/contrib/wpa_supplicant/wpa_ctrl.c#2 (text+ko) ====
@@ -11,7 +11,7 @@
*
* See README and COPYING for more details.
*
- * $FreeBSD: src/contrib/wpa_supplicant/wpa_ctrl.c,v 1.2 2005/06/05 21:13:08 sam Exp $
+ * $FreeBSD: src/contrib/wpa_supplicant/wpa_ctrl.c,v 1.3 2005/06/13 16:54:21 sam Exp $
*/
#include <stdlib.h>
@@ -93,8 +93,7 @@
snprintf(ctrl->local.sun_path, sizeof(ctrl->local.sun_path) - 1,
"/tmp/wpa_ctrl_%d-%d", getpid(), counter++);
if (bind(ctrl->s, (struct sockaddr *) &ctrl->local,
- sizeof(ctrl->local.sun_family) +
- strlen(ctrl->local.sun_path)) < 0) {
+ sizeof(ctrl->local)) < 0) {
close(ctrl->s);
free(ctrl);
return NULL;
==== //depot/projects/hammer/contrib/wpa_supplicant/wpa_supplicant.c#2 (text+ko) ====
@@ -360,18 +360,19 @@
}
-static int wpa_blacklisted(struct wpa_supplicant *wpa_s, const u8 *bssid)
+static struct wpa_blacklist *
+wpa_blacklist_get(struct wpa_supplicant *wpa_s, const u8 *bssid)
{
struct wpa_blacklist *e;
e = wpa_s->blacklist;
while (e) {
if (memcmp(e->bssid, bssid, ETH_ALEN) == 0)
- return 1;
+ return e;
e = e->next;
}
- return 0;
+ return NULL;
}
@@ -379,14 +380,21 @@
{
struct wpa_blacklist *e;
- if (wpa_blacklisted(wpa_s, bssid))
+ e = wpa_blacklist_get(wpa_s, bssid);
+ if (e) {
+ e->count++;
+ wpa_printf(MSG_DEBUG, "BSSID " MACSTR " blacklist count "
+ "incremented to %d",
+ MAC2STR(bssid), e->count);
return 0;
+ }
e = malloc(sizeof(*e));
if (e == NULL)
return -1;
memset(e, 0, sizeof(*e));
memcpy(e->bssid, bssid, ETH_ALEN);
+ e->count = 1;
e->next = wpa_s->blacklist;
wpa_s->blacklist = e;
wpa_printf(MSG_DEBUG, "Added BSSID " MACSTR " into blacklist",
@@ -1341,6 +1349,18 @@
return -1;
}
wpa_hexdump(MSG_DEBUG, "WPA: Own WPA IE", wpa_ie, *wpa_ie_len);
+ if (wpa_s->assoc_wpa_ie == NULL) {
+ /*
+ * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
+ * the correct version of the IE even if PMKSA caching is
+ * aborted (which would remove PMKID from IE generation).
+ */
+ wpa_s->assoc_wpa_ie = malloc(*wpa_ie_len);
+ if (wpa_s->assoc_wpa_ie) {
+ memcpy(wpa_s->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
+ wpa_s->assoc_wpa_ie_len = *wpa_ie_len;
+ }
+ }
if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) {
wpa_s->pmk_len = PMK_LEN;
@@ -1651,6 +1671,7 @@
struct wpa_ssid *ssid;
struct wpa_scan_result *bss, *selected = NULL;
int i;
+ struct wpa_blacklist *e;
wpa_printf(MSG_DEBUG, "Selecting BSS from priority group %d",
group->priority);
@@ -1666,7 +1687,8 @@
wpa_ssid_txt(bss->ssid, bss->ssid_len),
(unsigned long) bss->wpa_ie_len,
(unsigned long) bss->rsn_ie_len);
- if (wpa_blacklisted(wpa_s, bss->bssid)) {
+ if ((e = wpa_blacklist_get(wpa_s, bss->bssid)) &&
+ e->count > 1) {
wpa_printf(MSG_DEBUG, " skip - blacklisted");
continue;
}
@@ -1733,7 +1755,8 @@
* allows this. */
for (i = 0; i < num && !selected; i++) {
bss = &results[i];
- if (wpa_blacklisted(wpa_s, bss->bssid)) {
+ if ((e = wpa_blacklist_get(wpa_s, bss->bssid)) &&
+ e->count > 1) {
continue;
}
for (ssid = group; ssid; ssid = ssid->pnext) {
@@ -2088,7 +2111,8 @@
"usage:\n"
" wpa_supplicant [-BddehLqqvw] -i<ifname> -c<config file> "
"[-D<driver>] \\\n"
- " [-N -i<ifname> -c<conf> [-D<driver>] ...]\n"
+ " [-P<pid file>] "
+ "[-N -i<ifname> -c<conf> [-D<driver>] ...]\n"
"\n"
"drivers:\n",
wpa_supplicant_version, wpa_supplicant_license);
@@ -2135,6 +2159,7 @@
if (wpa_s == NULL)
return NULL;
memset(wpa_s, 0, sizeof(*wpa_s));
+ wpa_s->ctrl_sock = -1;
#ifdef CONFIG_XSUPPLICANT_IFACE
wpa_s->dot1x_s = -1;
#endif /* CONFIG_XSUPPLICANT_IFACE */
@@ -2279,6 +2304,7 @@
wpa_drv_set_drop_unencrypted(wpa_s, 0);
wpa_drv_set_countermeasures(wpa_s, 0);
+ wpa_clear_keys(wpa_s, NULL);
wpa_drv_deinit(wpa_s);
}
@@ -2291,6 +2317,7 @@
struct wpa_supplicant *head, *wpa_s;
int c;
const char *confname, *driver, *ifname;
+ char *pid_file = NULL;
int daemonize = 0, wait_for_interface = 0, disable_eapol = 0, exitcode;
#ifdef CONFIG_NATIVE_WINDOWS
@@ -2312,7 +2339,7 @@
ifname = confname = driver = NULL;
for (;;) {
- c = getopt(argc, argv, "Bc:D:dehi:KLNqtvw");
+ c = getopt(argc, argv, "Bc:D:dehi:KLNP:qtvw");
if (c < 0)
break;
switch (c) {
@@ -2347,6 +2374,9 @@
case 'L':
license();
return -1;
+ case 'P':
+ pid_file = rel2abs_path(optarg);
+ break;
case 'q':
wpa_debug_level++;
break;
@@ -2407,6 +2437,14 @@
}
}
+ if (pid_file) {
+ FILE *f = fopen(pid_file, "w");
+ if (f) {
+ fprintf(f, "%u\n", getpid());
+ fclose(f);
+ }
+ }
+
eloop_register_signal(SIGINT, wpa_supplicant_terminate, NULL);
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list