When the EAPOL-Key data field is encrypted using AES Wrap, check
that the data field is large enough before calculating the expected
plaintext length.
Previously, if the encrypted data field was smaller than 8 bytes, an
integer underflow would occur when calculating the expected plaintext
data length. This would cause iwd to try to allocate a huge amount of
memory, which causes it to abort and terminate. If the data field was
equal to 8 bytes, iwd would try to allocate 0 bytes of memory, making
l_new return NULL, which subsequently causes iwd to crash on a NULL
pointer deference.
Reported-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
triggered flag was being reset to false in all cases. However, due to
how scan_finished logic works, it should have remained true if no more
commands were left to be sent (e.g. the scan was finished).
Having hidden SSIDs or SSIDs with non-UTF8 characters around make iwd
flood the logs with messages. Make iwd less verbose and show these
messages with enabled debug output only.
In addition, the periodic scan can now alternate between the
active or passive modes. The active mode is enabled by existence of
the known hidden networks and observation of them in the
previous scan result.
To support an auto-connect for the hidden networks and having
a limited number of SSIDs that can be appended into a probe
request, introduced a concept of a command batch. Now, scan request
may consist of a series of commands. The commands in the batch
are triggered sequentially. Once we are notified about the
results from a previous command, a consequent command in the
batch is triggered. The collective results are reported once
the batch is complete. On a command failure, the batch
processing is canceled and scan request is removed
Rework the logic slightly to simplify the need for error labels. Also
the connect_pending variable might not have been properly reset to NULL
in case of error, so make sure we reset it prior to calling into
network_connect_new_hidden_network
1) Change signature of process_bss to return a confirmation
that bss has been added to a network otherwise we can
discard it.
2) Implements logic for the discovery and connection to
a hidden network.
This removes the need for duplicate code in AP/netdev for issuing
a DEL_STATION command. Now AP can issue a DEL_STATION with
netdev_del_station, and specify to either disassociate or deauth
depending on state.
If netdev fails to set the keys, there was no way for device/ap to
know. A new handshake event was added for this. The key setting
failure function was also fixed to support both AP/station iftypes.
It will now automatically send either a disconnect or del_station
depending on the interface type.
In similar manner, netdev_handshake_failed was also modified to
support both AP/station iftypes. Now, any handshake event listeners
should call netdev_handshake_failed upon a handshake failure
event, including AP.
If device is already disconnected or in autoconnect mode, don't return
an error if .Disconnect is called. Instead simply silently return
success after disabling autoconnect.
==1058== 231 (32 direct, 199 indirect) bytes in 1 blocks are definitely lost in loss record 10 of 10
==1058== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1058== by 0x452472: l_malloc (util.c:62)
==1058== by 0x456324: l_settings_new (settings.c:83)
==1058== by 0x427D45: storage_network_open (storage.c:262)
==1058== by 0x42806C: network_settings_load (network.c:75)
==1058== by 0x428C2F: network_autoconnect (network.c:490)
==1058== by 0x4104E9: device_autoconnect_next (device.c:194)
==1058== by 0x410E38: device_set_scan_results (device.c:393)
==1058== by 0x410EFA: new_scan_results (device.c:414)
==1058== by 0x424A6D: scan_finished (scan.c:1012)
==1058== by 0x424B88: get_scan_done (scan.c:1038)
==1058== by 0x45DC67: destroy_request (genl.c:134)
1) wait for a device to become available
2) add try, except block for the clean termination of iwd in
the case of a failure
3) increase the max execution time to help with valgrind
1) wait for a device to become available
2) add try, except block for the clean termination of iwd in
the case of a failure
3) remove waits
4) eliminate a race condition on get_ordered_networks()
list_devices() was updated to take an integer rather than a bool
for the wait_to_appear argument. This updates any tests that
explicily passed True/False as the argument to list_devices.
The list_devices API has a race condition where sometimes it will
return zero or less than the expected number of devices and fail
the test. A fix is in place for when only a single devices is
expected, but some tests expect more than one device. This changes
wait_to_appear to an integer, and the caller can specify the number
of devices they expect to get back. The default stays as it was,
zero or "return cached devices".
This is a fixup for the AP code merge. wsc.c never registered
for handshake events, so in case of failure it was never calling
netdev_handshake_failed, which caused a double free.
Many APs don't send properly zerod key_iv elements in EAPoL-Key frames.
In the past iwd has complained, but this broken behavior is so
prevalent, that it is likely a lost cause.
This patch takes out these warnings
Right now iwd uses Control Port over NL80211 feature if the kernel /
driver supports it. On some kernels this feature is still buggy, so add
an iwd.conf entry to allow the user to override id.
For now the default is to disable this feature until it is more stable.
The single AP test worked fine, but adding a failure test caused some
problems. Since the kernel is never restarted between tests it maintains
old stale scan results from the previous test. This was causing an
assert to sometimes fail in the second test being run because it was
returning > 1 ordered networks. This change iterates through the ordered
network list and chooses the appropriate network rather than assuming
get_ordered_networks() will always return only one network object
