==1628== Invalid read of size 1
==1628== at 0x405E71: hardware_rekey_cb (netdev.c:1381)
==1628== by 0x444E5B: process_unicast (genl.c:415)
==1628== by 0x444E5B: received_data (genl.c:534)
==1628== by 0x442032: io_callback (io.c:126)
==1628== by 0x4414CD: l_main_iterate (main.c:387)
==1628== by 0x44158B: l_main_run (main.c:434)
==1628== by 0x403775: main (main.c:489)
==1628== Address 0x5475208 is 312 bytes inside a block of size 320 free'd
==1628== at 0x4C2ED18: free (vg_replace_malloc.c:530)
==1628== by 0x43D94D: l_queue_clear (queue.c:107)
==1628== by 0x43D998: l_queue_destroy (queue.c:82)
==1628== by 0x40B431: netdev_shutdown (netdev.c:4765)
==1628== by 0x403B17: iwd_shutdown (main.c:81)
==1628== by 0x4419D2: signal_callback (signal.c:82)
==1628== by 0x4414CD: l_main_iterate (main.c:387)
==1628== by 0x44158B: l_main_run (main.c:434)
==1628== by 0x403775: main (main.c:489)
==1628== Block was alloc'd at
==1628== at 0x4C2DB6B: malloc (vg_replace_malloc.c:299)
==1628== by 0x43CA4D: l_malloc (util.c:62)
==1628== by 0x40A853: netdev_create_from_genl (netdev.c:4517)
==1628== by 0x444E5B: process_unicast (genl.c:415)
==1628== by 0x444E5B: received_data (genl.c:534)
==1628== by 0x442032: io_callback (io.c:126)
==1628== by 0x4414CD: l_main_iterate (main.c:387)
==1628== by 0x44158B: l_main_run (main.c:434)
==1628== by 0x403775: main (main.c:489)
Single AVP should not be padded with zeros as padding is only
used to separate AVPs in a sequence.
RFC 5281 Section 10.2. AVP Sequences
Data encapsulated within the TLS record layer must consist entirely
of a sequence of zero or more AVPs. Each AVP must begin on a four-
octet boundary relative to the first AVP in the sequence. If an AVP
is not a multiple of four octets, it must be padded with zeros to the
next four-octet boundary.
Note that the AVP Length does not include the padding.
Adhoc requires 2 GTK's to be set, a single TX GTK and a per-mac RX GTK.
The per-mac RX GTK already gets set via netdev_set_gtk. The single TX GTK
is created the same as AP, where, upon the first station connecting a GTK
is generated and set in the kernel. Then any subsequent stations use
GET_KEY to retrieve the GTK and set it in the handshake.
AdHoc will also need the same functionality to verify and parse the
key sequence from GET_KEY. This block of code was moved from AP's
GET_KEY callback into nl80211_parse_get_key_seq.
Netdev/AP share several NL80211 commands and each has their own
builder API's. These were moved into a common file nl80211_util.[ch].
A helper was added to AP for building NEW_STATION to make the associate
callback look cleaner (rather than manually building NEW_STATION).
Check that netdev->device is not NULL before doing device_remove()
(which would crash) and emitting NETDEV_WATCH_EVENT_DEL. It may be
NULL if the initial RTM_SETLINK has failed to bring device UP.
If there are Ad-hoc BSSes they should be present in the scan results
together with regular APs as far as scan.c is concerned. But in
station mode we can't connect to them -- the Connect method will fail and
autoconnect would fail. Since we have no property to indicate a
network is an IBSS just filter these results out for now. There are
perhaps better solutions but the benefit is very low.