3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 04:32:37 +01:00
Commit Graph

4947 Commits

Author SHA1 Message Date
Tim Kourt
1e0058cf73 ofono: Validate message parsing 2019-10-23 18:00:09 -05:00
Tim Kourt
ea0fc68597 client: Check family name before comparison 2019-10-23 17:59:41 -05:00
Tim Kourt
25b3cb77e1 hwsim: Fix potential memory leak
If msg has multiple RADIO NAME attributes, memory leak occurs.

Note that this doesn't happen in practice.
2019-10-23 17:58:51 -05:00
Tim Kourt
b096c27377 hotspot: eliminate double assignment of variable 2019-10-23 17:57:35 -05:00
Tim Kourt
d8f98a5f20 hotspot: Fix mem leak on failed hotspot config 2019-10-23 17:56:18 -05:00
Tim Kourt
13bb8c1afe client: Ignore invalid notifications 2019-10-23 17:44:51 -05:00
Tim Kourt
cfa652e9ba client: Treat invalid DBus reply same as an error 2019-10-23 17:44:16 -05:00
Denis Kenzior
966114ab3e doc: Merge signal-level-agent-api.txt
into station-api.txt where it logically belongs
2019-10-23 17:43:10 -05:00
Denis Kenzior
3191c61b26 doc: Merge agent-api.txt and agent-manager.txt 2019-10-23 17:41:28 -05:00
James Prestwood
bf3b403e90 test-runner: fix double free issue on subtest queue
Coverity reported this as a leak, but the test queue is actually
getting freed later and does not need to be freed locally in add_path

This basically reverts c0863e5bc6
2019-10-23 12:28:51 -05:00
Denis Kenzior
45bd459711 eap-tls-common: Relax certificate chain check
Relax the pre-check for local user certificate.  Before we used to check
that the CA provided (if any) was used to verify both the peer identity
and the local certificate chain.  However, there seem to be networks
that use different CAs to sign AP/Radius certificates and certificates
issued to users.

Drop the ca_certs argument from l_certchain_verify, but keep the call
there to make sure the certificate chain is indeed a chain as a sanity
check.
2019-10-23 09:51:29 -05:00
James Prestwood
cdc9eb13aa auto-t: hostapd: raise exception upon invalid config
If the config file passed in is not found we would continue and
eventually something else would fail. Instead immediately raise an
exception to be more clear on what is actually failing.
2019-10-22 21:58:30 -05:00
Tim Kourt
6fea4e6f4f t-runner: Check for errors after opening file 2019-10-22 21:57:31 -05:00
Tim Kourt
e3551ab56b t-runner: Check for NULL before using strcmp 2019-10-22 21:57:31 -05:00
Tim Kourt
e859e98869 t-runner: Fix possible assignment of NULL pointer 2019-10-22 21:57:31 -05:00
Tim Kourt
43efadcf92 t-runner: Fix out-of-bounds write 2019-10-22 21:57:31 -05:00
Tim Kourt
c0863e5bc6 t-runner: Fix mem leak caused by python test names 2019-10-22 21:57:31 -05:00
Tim Kourt
269bf497c7 t-runner: Fix mem leak caused by unclosed dir 2019-10-22 21:57:31 -05:00
Tim Kourt
7dd32ac093 t-runner: Fix mem leak with sim keys
Use l_settings_get_value instead of l_settings_get_string to
prevent unnecessary memory duplication.
2019-10-22 21:57:31 -05:00
Andrew Zaborowski
1d29221ef0 netdev: Extend checks for P2P scenarios
Extend the iftype-based checks to handle the P2P iftypes and remove a
warning that may be triggered in normal situations in the P2P scenarios.
2019-10-21 22:35:31 -05:00
Andrew Zaborowski
cd47834d6c wiphy: Add wiphy_get_max_roc_duration
Add a function to retrieve the maximum Remain On Channel listen duration
supported by the wiphy's driver.
2019-10-21 22:07:17 -05:00
James Prestwood
a1189d64b1 sae: remove unneeded NULL pointer check
The frame was already validated, and mmpdu_body will never return
a NULL pointer.
2019-10-21 17:14:49 -05:00
James Prestwood
27d698a0c0 sae: fix incorrect length adjustment
The commit/confirm processing was incorrectly subtracting 2 from
the length when they should be subtracting 6. As with the other
similar change, the length is validated with mpdu_validate so
subtracting 6 will not cause an overflow.
2019-10-21 17:12:01 -05:00
James Prestwood
47efe17461 sae: fix inproper return value in sae_verify_accepted
This function was returning a boolean and the expected return was
a signed integer. Since this function actually returned false in
all cases the check for a success (0) return always worked.

The comment about the 'standard code path' was removed as this is
no longer valid.
2019-10-21 16:50:42 -05:00
James Prestwood
3f2b558f57 sae: fix potential integer overflow
If an authentication frame of length <= 5 is sent sae will overflow an
integer. The original cause of this was due to incorrectly using the
sizeof(struct mmpdu_header). The header can be either 24 or 28 bytes
depending on fc.order. sizeof does not account for this so 28 is always
the calculated length.

This, in addition to hostapd not including a group number when rejecting,
cause this erroneous length calculation to be worked around as seen in
the removed comment. The comment is still valid (and described again
in another location) but the actual check for len == 4 is not correct.

To fix this we now rely on mpdu_validate to check that the authentication
frame is valid, and then subtract the actual header length using
mmpdu_header_len rather than sizeof. Doing this lets us also remove the
length check since it was validated previously.
2019-10-21 16:50:42 -05:00
James Prestwood
9ec87acccf mpdu: expose mmpdu_header_len 2019-10-21 16:50:42 -05:00
Tim Kourt
b35e3525be client: Init variable before usage
Uninitialized 'password' variable used to cause an error when --password
option wasn't avaiable
2019-10-21 10:51:52 -05:00
Marcel Holtmann
ac53239109 doc: Split network configuration description into separate manpage 2019-10-20 19:33:53 +02:00
Marcel Holtmann
6238f9bbd7 doc: Start describing settings in main.conf 2019-10-20 10:25:51 +02:00
Marcel Holtmann
5e77e34c46 doc: Mention all available environment settings 2019-10-19 23:13:34 +02:00
Marcel Holtmann
806d36a35e doc: Minor updates to formatting and mention STATE_DIRECTORY 2019-10-19 23:00:16 +02:00
James Prestwood
0d9c9274d9 eapol: do not parse RSN for WPA1 in 1 of 4
A recent change checked the return value of ie_parse_rsne_from_data
inside the ptk 1/4 handler. This seemed safe, but actually caused
the eapol unit test to fail.

The reason was because eapol was parsing the IEs assuming they were
an RSN, when they could be a WPA IE (WPA1 not WPA2). The WPA case
does not end up using the rsn_info at all, so having rsn_info
uninitialized did not pose a problem. After adding the return value
check it was found this fails every time for WPA1.

Since the rsn_info is not needed for WPA1 we can only do the RSN
parse for WPA2 and leave rsn_info uninitialized.
2019-10-17 18:48:18 -05:00
Denis Kenzior
99923c90da util: Be more paranoid when parsing addresses
Add a check to make sure that sscanf reads all 6 bytes of the address as
well.
2019-10-17 18:22:25 -05:00
Denis Kenzior
f878ec275d scan: Fix logic error in frequency validation
The intent here was to validate that the frequency is a multiple of 5
and lies in a certain range.  Somehow the channel was checked for being
a multiple of 5 instead.
2019-10-17 18:00:33 -05:00
Denis Kenzior
9ec50c910b rtnlutil: Remove pointless conditional
gateway is checked to be !null above, so the conditional can be dropped.
2019-10-17 17:53:30 -05:00
Denis Kenzior
a533734471 p2putil: Fix logic in required attribute check
The logic here intended to check whether all required attributes were
available.  However, it set the parse_error to true instead of
have_required to false as intended.
2019-10-17 17:39:53 -05:00
Denis Kenzior
5dbccee798 network: Be extra pedantic in network_get_psk
Check that the passphrase to PSK conversion actually succeeds.
2019-10-17 17:33:56 -05:00
Denis Kenzior
a043f26134 netdev: Skip IE processing of no request IEs sent 2019-10-17 17:30:11 -05:00
Denis Kenzior
aa75b3e06e ap: Remove unneeded NULL check
sta is already dereferenced above, no need for the extra check here
2019-10-17 17:22:02 -05:00
Denis Kenzior
b6554ee41c hwsim: Invoke l_queue_remove prior to object deletion
While the current code is quite safe, the new ordering makes more
logical sense and doesn't confuse static analysis tools.
2019-10-17 13:03:08 -05:00
Denis Kenzior
c8247c3754 unit: assert that l_settings creation/loading succeeds 2019-10-17 12:42:45 -05:00
Denis Kenzior
aba73171f6 wsc: Fix potential memory leak
If the netdev_connect_wsc call fails, handshake_state object isn't
freed.
2019-10-17 12:37:04 -05:00
Denis Kenzior
7397903234 monitor: Fix unused variable warning 2019-10-17 12:36:44 -05:00
Denis Kenzior
9a588944aa backtrace: Don't ignore strchr errors 2019-10-17 12:10:36 -05:00
Denis Kenzior
ef0f9ad193 backtrace: Fix a potential buffer overrun 2019-10-17 12:08:21 -05:00
Denis Kenzior
e4dc23a523 monitor: Use print_ie in auth frame dumper
Do not assume that the challenge IE is present or the only IE in the
authentication frame
2019-10-17 12:04:08 -05:00
Denis Kenzior
e34af3cfac monitor: Reset rtnl to NULL after destruction 2019-10-17 11:51:54 -05:00
Denis Kenzior
0b8de3d5df monitor: Fix p2p channel list dumper
This dumper probably intended to update pos after invoking strncpy.
However, strncpy returns the number of bytes that *would* have been
copied and so the logic gets a bit complex to get completely right.

Instead, switch to using l_string since this is inside the monitor and
not particularly performance critical.
2019-10-17 11:49:11 -05:00
Denis Kenzior
39bb4d07ee monitor: Fix potential memory leak
In case l_netlink object was not created successfully, rtmmsg would
leak.
2019-10-17 11:28:11 -05:00
James Prestwood
34560120f9 util: add bounds check to util_get_{domain,username}
Replace uses of strcpy by the safer l_strlcpy.  Note that both of these
functions can only be called with a buffer of max 253 bytes (the
identity string), so this is purely a precautionary measure.
2019-10-17 11:21:47 -05:00