The return value from network_connected is not checked and even if one
of the storage operations fails the function should probably continue
so only print a message on error.
If the device mode it toggled from 'ap' back to 'station' without actually
starting the access point ap_free attempts to zero out the psk, which
causes a crash because it had never been allocated (Start() never was
called). Since ap->psk is actually never used this was removed. Also added
a memset to zero out the pmk on cleanup.
This is the crash observed:
++++++++ backtrace ++++++++
0 0x7f6ffe978a80 in /lib64/libc.so.6
1 0x7f6ffe9d6766 in /lib64/libc.so.6
2 0x42dd51 in memset() at /usr/include/bits/string3.h:90
3 0x42ddd9 in ap_free() at src/ap.c:144
4 0x445ec6 in interface_instance_free() at ell/dbus-service.c:513
5 0x448650 in _dbus_object_tree_remove_interface() at ell/dbus-service.c:1595
6 0x40d980 in device_set_mode_sta() at src/device.c:2113
7 0x447d4c in properties_set() at ell/dbus-service.c:1861
8 0x448a33 in _dbus_object_tree_dispatch() at ell/dbus-service.c:1691
9 0x442587 in message_read_handler() at ell/dbus.c:285
10 0x43cac9 in io_callback() at ell/io.c:123
11 0x43bf5e in l_main_iterate() at ell/main.c:376
12 0x43c01c in l_main_run() at ell/main.c:419
13 0x40379d in main() at src/main.c:460
14 0x7f6ffe96288a in /lib64/libc.so.6
+++++++++++++++++++++++++++
- wsc module does not need nl80211 any longer, so remove it.
- Move wsc_init & wsc_exit declarations to iwd.h and remove wsc.h
- re-arrange how wsc_init & wsc_exit is called inside main.c.
The plugin_exit was in the wrong place, it should be triggered in case
genl creation fails. Also adhoc_exit was in the wrong sequence compared
to _init()
Rather than have device.c manage the creation/removal of
AP/AdHoc interfaces this new event was introduced. Now
anyone can listen for device events and if the mode changes
handle accordingly. This fixes potential memory leaks
in WSC when switching modes as well.
These will issue a JOIN/LEAVE_IBSS to the kernel. There is
a TODO regarding network configuration. For now, only the
SSID is configurable. This configuration is also required
for AP, but needs to be thought out. Since the current
AP Dbus API has nothing related to configuration items
such as freq/channel or RSN elements they are hard coded,
and will be for Ad-Hoc as well (for now).
Now that the device mode can be changed, netdev must check that
the iftype is correct before starting a connection or disconnecting.
netdev_connect, netdev_connect_wsc, and netdev_disconnect now check
that the iftype is station before continuing.
With the introduction of Ad-Hoc, its not as simple as choosing
aa/spa addresses when setting the keys. Since Ad-Hoc acts as
both the authenticator and supplicant we must check how the netdev
address relates to the particular handshake object as well as
choose the correct key depending on the value of the AA/SPA address.
802.11 states that the higher of the two addresses is to be used
to set the key for the Ad-Hoc connection.
A simple helper was added to choose the correct addressed based on
netdev type and handshake state. netdev_set_tk also checks that
aa > spa in the handshake object when in Ad-Hoc mode. If this is
true then the keys from that handshake are used, otherwise return
and the other handshake key will be used (aa will be > spa).
The station/ap mode behaves exactly the same as before.
For Ad-Hoc networks, the kernel takes care of auth/assoc
and issues a NEW_STATION event when that is complete. This
provides a way to notify when NEW_STATION events occur as
well as forward the MAC of the station to Ad-Hoc.
The two new API's added:
- netdev_station_watch_add()
- netdev_station_watch_remove()
When the EAPOL-Key data field is encrypted using AES Wrap, check
that the data field is large enough before calculating the expected
plaintext length.
Previously, if the encrypted data field was smaller than 8 bytes, an
integer underflow would occur when calculating the expected plaintext
data length. This would cause iwd to try to allocate a huge amount of
memory, which causes it to abort and terminate. If the data field was
equal to 8 bytes, iwd would try to allocate 0 bytes of memory, making
l_new return NULL, which subsequently causes iwd to crash on a NULL
pointer deference.
Reported-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
triggered flag was being reset to false in all cases. However, due to
how scan_finished logic works, it should have remained true if no more
commands were left to be sent (e.g. the scan was finished).
Having hidden SSIDs or SSIDs with non-UTF8 characters around make iwd
flood the logs with messages. Make iwd less verbose and show these
messages with enabled debug output only.
In addition, the periodic scan can now alternate between the
active or passive modes. The active mode is enabled by existence of
the known hidden networks and observation of them in the
previous scan result.
To support an auto-connect for the hidden networks and having
a limited number of SSIDs that can be appended into a probe
request, introduced a concept of a command batch. Now, scan request
may consist of a series of commands. The commands in the batch
are triggered sequentially. Once we are notified about the
results from a previous command, a consequent command in the
batch is triggered. The collective results are reported once
the batch is complete. On a command failure, the batch
processing is canceled and scan request is removed
Rework the logic slightly to simplify the need for error labels. Also
the connect_pending variable might not have been properly reset to NULL
in case of error, so make sure we reset it prior to calling into
network_connect_new_hidden_network
1) Change signature of process_bss to return a confirmation
that bss has been added to a network otherwise we can
discard it.
2) Implements logic for the discovery and connection to
a hidden network.
Andrew Zaborowski