3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-29 22:19:23 +01:00
Commit Graph

4383 Commits

Author SHA1 Message Date
Tim Kourt
e859e98869 t-runner: Fix possible assignment of NULL pointer 2019-10-22 21:57:31 -05:00
Tim Kourt
43efadcf92 t-runner: Fix out-of-bounds write 2019-10-22 21:57:31 -05:00
Tim Kourt
c0863e5bc6 t-runner: Fix mem leak caused by python test names 2019-10-22 21:57:31 -05:00
Tim Kourt
269bf497c7 t-runner: Fix mem leak caused by unclosed dir 2019-10-22 21:57:31 -05:00
Tim Kourt
7dd32ac093 t-runner: Fix mem leak with sim keys
Use l_settings_get_value instead of l_settings_get_string to
prevent unnecessary memory duplication.
2019-10-22 21:57:31 -05:00
Andrew Zaborowski
1d29221ef0 netdev: Extend checks for P2P scenarios
Extend the iftype-based checks to handle the P2P iftypes and remove a
warning that may be triggered in normal situations in the P2P scenarios.
2019-10-21 22:35:31 -05:00
Andrew Zaborowski
cd47834d6c wiphy: Add wiphy_get_max_roc_duration
Add a function to retrieve the maximum Remain On Channel listen duration
supported by the wiphy's driver.
2019-10-21 22:07:17 -05:00
James Prestwood
a1189d64b1 sae: remove unneeded NULL pointer check
The frame was already validated, and mmpdu_body will never return
a NULL pointer.
2019-10-21 17:14:49 -05:00
James Prestwood
27d698a0c0 sae: fix incorrect length adjustment
The commit/confirm processing was incorrectly subtracting 2 from
the length when they should be subtracting 6. As with the other
similar change, the length is validated with mpdu_validate so
subtracting 6 will not cause an overflow.
2019-10-21 17:12:01 -05:00
James Prestwood
47efe17461 sae: fix inproper return value in sae_verify_accepted
This function was returning a boolean and the expected return was
a signed integer. Since this function actually returned false in
all cases the check for a success (0) return always worked.

The comment about the 'standard code path' was removed as this is
no longer valid.
2019-10-21 16:50:42 -05:00
James Prestwood
3f2b558f57 sae: fix potential integer overflow
If an authentication frame of length <= 5 is sent sae will overflow an
integer. The original cause of this was due to incorrectly using the
sizeof(struct mmpdu_header). The header can be either 24 or 28 bytes
depending on fc.order. sizeof does not account for this so 28 is always
the calculated length.

This, in addition to hostapd not including a group number when rejecting,
cause this erroneous length calculation to be worked around as seen in
the removed comment. The comment is still valid (and described again
in another location) but the actual check for len == 4 is not correct.

To fix this we now rely on mpdu_validate to check that the authentication
frame is valid, and then subtract the actual header length using
mmpdu_header_len rather than sizeof. Doing this lets us also remove the
length check since it was validated previously.
2019-10-21 16:50:42 -05:00
James Prestwood
9ec87acccf mpdu: expose mmpdu_header_len 2019-10-21 16:50:42 -05:00
Tim Kourt
b35e3525be client: Init variable before usage
Uninitialized 'password' variable used to cause an error when --password
option wasn't avaiable
2019-10-21 10:51:52 -05:00
Marcel Holtmann
ac53239109 doc: Split network configuration description into separate manpage 2019-10-20 19:33:53 +02:00
Marcel Holtmann
6238f9bbd7 doc: Start describing settings in main.conf 2019-10-20 10:25:51 +02:00
Marcel Holtmann
5e77e34c46 doc: Mention all available environment settings 2019-10-19 23:13:34 +02:00
Marcel Holtmann
806d36a35e doc: Minor updates to formatting and mention STATE_DIRECTORY 2019-10-19 23:00:16 +02:00
James Prestwood
0d9c9274d9 eapol: do not parse RSN for WPA1 in 1 of 4
A recent change checked the return value of ie_parse_rsne_from_data
inside the ptk 1/4 handler. This seemed safe, but actually caused
the eapol unit test to fail.

The reason was because eapol was parsing the IEs assuming they were
an RSN, when they could be a WPA IE (WPA1 not WPA2). The WPA case
does not end up using the rsn_info at all, so having rsn_info
uninitialized did not pose a problem. After adding the return value
check it was found this fails every time for WPA1.

Since the rsn_info is not needed for WPA1 we can only do the RSN
parse for WPA2 and leave rsn_info uninitialized.
2019-10-17 18:48:18 -05:00
Denis Kenzior
99923c90da util: Be more paranoid when parsing addresses
Add a check to make sure that sscanf reads all 6 bytes of the address as
well.
2019-10-17 18:22:25 -05:00
Denis Kenzior
f878ec275d scan: Fix logic error in frequency validation
The intent here was to validate that the frequency is a multiple of 5
and lies in a certain range.  Somehow the channel was checked for being
a multiple of 5 instead.
2019-10-17 18:00:33 -05:00
Denis Kenzior
9ec50c910b rtnlutil: Remove pointless conditional
gateway is checked to be !null above, so the conditional can be dropped.
2019-10-17 17:53:30 -05:00
Denis Kenzior
a533734471 p2putil: Fix logic in required attribute check
The logic here intended to check whether all required attributes were
available.  However, it set the parse_error to true instead of
have_required to false as intended.
2019-10-17 17:39:53 -05:00
Denis Kenzior
5dbccee798 network: Be extra pedantic in network_get_psk
Check that the passphrase to PSK conversion actually succeeds.
2019-10-17 17:33:56 -05:00
Denis Kenzior
a043f26134 netdev: Skip IE processing of no request IEs sent 2019-10-17 17:30:11 -05:00
Denis Kenzior
aa75b3e06e ap: Remove unneeded NULL check
sta is already dereferenced above, no need for the extra check here
2019-10-17 17:22:02 -05:00
Denis Kenzior
b6554ee41c hwsim: Invoke l_queue_remove prior to object deletion
While the current code is quite safe, the new ordering makes more
logical sense and doesn't confuse static analysis tools.
2019-10-17 13:03:08 -05:00
Denis Kenzior
c8247c3754 unit: assert that l_settings creation/loading succeeds 2019-10-17 12:42:45 -05:00
Denis Kenzior
aba73171f6 wsc: Fix potential memory leak
If the netdev_connect_wsc call fails, handshake_state object isn't
freed.
2019-10-17 12:37:04 -05:00
Denis Kenzior
7397903234 monitor: Fix unused variable warning 2019-10-17 12:36:44 -05:00
Denis Kenzior
9a588944aa backtrace: Don't ignore strchr errors 2019-10-17 12:10:36 -05:00
Denis Kenzior
ef0f9ad193 backtrace: Fix a potential buffer overrun 2019-10-17 12:08:21 -05:00
Denis Kenzior
e4dc23a523 monitor: Use print_ie in auth frame dumper
Do not assume that the challenge IE is present or the only IE in the
authentication frame
2019-10-17 12:04:08 -05:00
Denis Kenzior
e34af3cfac monitor: Reset rtnl to NULL after destruction 2019-10-17 11:51:54 -05:00
Denis Kenzior
0b8de3d5df monitor: Fix p2p channel list dumper
This dumper probably intended to update pos after invoking strncpy.
However, strncpy returns the number of bytes that *would* have been
copied and so the logic gets a bit complex to get completely right.

Instead, switch to using l_string since this is inside the monitor and
not particularly performance critical.
2019-10-17 11:49:11 -05:00
Denis Kenzior
39bb4d07ee monitor: Fix potential memory leak
In case l_netlink object was not created successfully, rtmmsg would
leak.
2019-10-17 11:28:11 -05:00
James Prestwood
34560120f9 util: add bounds check to util_get_{domain,username}
Replace uses of strcpy by the safer l_strlcpy.  Note that both of these
functions can only be called with a buffer of max 253 bytes (the
identity string), so this is purely a precautionary measure.
2019-10-17 11:21:47 -05:00
James Prestwood
65f279dc1e util: Use memcpy instead of strncpy
The sub-string copied here will never have NULL terminators, so use
memcpy here to make this clearer.
2019-10-17 11:20:51 -05:00
James Prestwood
6b8f566498 ie: reorder ie_parse_osen to fix uninitialized value
RSNE_ADVANCE could result in a jump to the done label where info would
be copied without being initialized.
2019-10-16 21:25:41 -05:00
James Prestwood
de3a267d03 eapol: check return of ie_parse_rsne_from_data 2019-10-16 21:24:25 -05:00
James Prestwood
91c449d74a eapol: reorder eapol_sm_free
Technically there's no problem here as l_queue_remove does not
dereference the pointer.  Still, it confuses certain static analysis
tools in the current form. Reordering this will not change the behavior
at all.
2019-10-16 21:16:28 -05:00
James Prestwood
0ade612b3e hotspot: check if HESSID parses correctly 2019-10-16 18:40:30 -05:00
James Prestwood
87a1c55145 hotspot: fix multiple potential memory leaks 2019-10-16 18:32:46 -05:00
Denis Kenzior
b3799a9f8d owe: Fix potential memory leak 2019-10-16 18:14:17 -05:00
James Prestwood
96aa658375 sae: check return getting k_point 2019-10-16 18:09:29 -05:00
James Prestwood
ba7f7febd1 owe: fix potential uninitialized variable 2019-10-16 18:08:47 -05:00
James Prestwood
8bbfa4db49 owe: fix potential double free on error 2019-10-16 18:08:08 -05:00
James Prestwood
ab92901252 owe: check for error return getting shared_secret 2019-10-16 18:05:43 -05:00
James Prestwood
7b1e1497b7 ie: fix uninitialized rx/tx_nss values 2019-10-16 18:02:49 -05:00
James Prestwood
a8e935ee77 crypto: fix potential memory leak 2019-10-16 17:58:50 -05:00
James Prestwood
8364807938 eap-pwd: fix potential memory leak 2019-10-16 17:58:14 -05:00