pool/wpa_supplicant
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

-

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=59
This commit is contained in:
Ismail Dönmez 2016-02-18 12:32:42 +00:00 committed by Git OBS Bridge
parent 473bbb6dec
commit 273bca4cee
11 changed files with 77 additions and 1345 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
View File

@ -1,41 +0,0 @@
From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Wed, 29 Apr 2015 02:21:53 +0300
Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser
The length of the WMM Action frame was not properly validated and the
length of the information elements (int left) could end up being
negative. This would result in reading significantly past the stack
buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
so, resulting in segmentation fault.
This can result in an invalid frame being used for a denial of service
attack (hostapd process killed) against an AP with a driver that uses
hostapd for management frame processing (e.g., all mac80211-based
drivers).
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/ap/wmm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/ap/wmm.c b/src/ap/wmm.c
index 6d4177c..314e244 100644
--- a/src/ap/wmm.c
+++ b/src/ap/wmm.c
@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_data *hapd,
return;
}
+ if (left < 0)
+ return; /* not a valid WMM Action frame */
+
/* extract the tspec info element */
if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
--
1.9.1

73
0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
View File

@ -1,73 +0,0 @@
From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Fri, 1 May 2015 16:37:45 +0300
Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit
and Confirm
The length of the received Commit and Confirm message payloads was not
checked before reading them. This could result in a buffer read
overflow when processing an invalid message.
Fix this by verifying that the payload is of expected length before
processing it. In addition, enforce correct state transition sequence to
make sure there is no unexpected behavior if receiving a Commit/Confirm
message before the previous exchanges have been completed.
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/eap_peer/eap_pwd.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index f2b0926..a629437 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -355,6 +355,23 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL;
u16 offset;
u8 *ptr, *scalar = NULL, *element = NULL;
+ size_t prime_len, order_len;
+
+ if (data->state != PWD_Commit_Req) {
+ ret->ignore = TRUE;
+ goto fin;
+ }
+
+ prime_len = BN_num_bytes(data->grp->prime);
+ order_len = BN_num_bytes(data->grp->order);
+
+ if (payload_len != 2 * prime_len + order_len) {
+ wpa_printf(MSG_INFO,
+ "EAP-pwd: Unexpected Commit payload length %u (expected %u)",
+ (unsigned int) payload_len,
+ (unsigned int) (2 * prime_len + order_len));
+ goto fin;
+ }
if (((data->private_value = BN_new()) == NULL) ||
((data->my_element = EC_POINT_new(data->grp->group)) == NULL) ||
@@ -554,6 +571,18 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
int offset;
+ if (data->state != PWD_Confirm_Req) {
+ ret->ignore = TRUE;
+ goto fin;
+ }
+
+ if (payload_len != SHA256_MAC_LEN) {
+ wpa_printf(MSG_INFO,
+ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)",
+ (unsigned int) payload_len, SHA256_MAC_LEN);
+ goto fin;
+ }
+
/*
* first build up the ciphersuite which is group | random_function |
* prf
--
1.9.1

42
0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
View File

@ -1,42 +0,0 @@
From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Tue, 7 Apr 2015 11:32:11 +0300
Subject: [PATCH] P2P: Validate SSID element length before copying it
(CVE-2015-1863)
This fixes a possible memcpy overflow for P2P dev->oper_ssid in
p2p_add_device(). The length provided by the peer device (0..255 bytes)
was used without proper bounds checking and that could have resulted in
arbitrary data of up to 223 bytes being written beyond the end of the
dev->oper_ssid[] array (of which about 150 bytes would be beyond the
heap allocation) when processing a corrupted management frame for P2P
peer discovery purposes.
This could result in corrupted state in heap, unexpected program
behavior due to corrupted P2P peer device information, denial of service
due to process crash, exposure of memory contents during GO Negotiation,
and potentially arbitrary code execution.
Thanks to Google security team for reporting this issue and smart
hardware research group of Alibaba security team for discovering it.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
src/p2p/p2p.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index f584fae..a45fe73 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq,
if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
os_memcpy(dev->interface_addr, addr, ETH_ALEN);
if (msg.ssid &&
+ msg.ssid[1] <= sizeof(dev->oper_ssid) &&
(msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
!= 0)) {
--
1.9.1

49
0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
View File

@ -1,49 +0,0 @@
From 5acd23f4581da58683f3cf5e36cb71bbe4070bd7 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Tue, 28 Apr 2015 17:08:33 +0300
Subject: [PATCH] WPS: Fix HTTP chunked transfer encoding parser
strtoul() return value may end up overflowing the int h->chunk_size and
resulting in a negative value to be stored as the chunk_size. This could
result in the following memcpy operation using a very large length
argument which would result in a buffer overflow and segmentation fault.
This could have been used to cause a denial service by any device that
has been authorized for network access (either wireless or wired). This
would affect both the WPS UPnP functionality in a WPS AP (hostapd with
upnp_iface parameter set in the configuration) and WPS ER
(wpa_supplicant with WPS_ER_START control interface command used).
Validate the parsed chunk length value to avoid this. In addition to
rejecting negative values, we can also reject chunk size that would be
larger than the maximum configured body length.
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/wps/httpread.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/wps/httpread.c b/src/wps/httpread.c
index 2f08f37..d2855e3 100644
--- a/src/wps/httpread.c
+++ b/src/wps/httpread.c
@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx)
if (!isxdigit(*cbp))
goto bad;
h->chunk_size = strtoul(cbp, NULL, 16);
+ if (h->chunk_size < 0 ||
+ h->chunk_size > h->max_bytes) {
+ wpa_printf(MSG_DEBUG,
+ "httpread: Invalid chunk size %d",
+ h->chunk_size);
+ goto bad;
+ }
/* throw away chunk header
* so we have only real data
*/
--
1.9.1

66
0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
View File

@ -1,66 +0,0 @@
From e28a58be26184c2a23f80b410e0997ef1bd5d578 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Fri, 1 May 2015 16:40:44 +0300
Subject: [PATCH 2/5] EAP-pwd server: Fix payload length validation for Commit
and Confirm
The length of the received Commit and Confirm message payloads was not
checked before reading them. This could result in a buffer read
overflow when processing an invalid message.
Fix this by verifying that the payload is of expected length before
processing it. In addition, enforce correct state transition sequence to
make sure there is no unexpected behavior if receiving a Commit/Confirm
message before the previous exchanges have been completed.
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/eap_server/eap_server_pwd.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 66bd5d2..3189105 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -656,9 +656,21 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
BIGNUM *x = NULL, *y = NULL, *cofactor = NULL;
EC_POINT *K = NULL, *point = NULL;
int res = 0;
+ size_t prime_len, order_len;
wpa_printf(MSG_DEBUG, "EAP-pwd: Received commit response");
+ prime_len = BN_num_bytes(data->grp->prime);
+ order_len = BN_num_bytes(data->grp->order);
+
+ if (payload_len != 2 * prime_len + order_len) {
+ wpa_printf(MSG_INFO,
+ "EAP-pwd: Unexpected Commit payload length %u (expected %u)",
+ (unsigned int) payload_len,
+ (unsigned int) (2 * prime_len + order_len));
+ goto fin;
+ }
+
if (((data->peer_scalar = BN_new()) == NULL) ||
((data->k = BN_new()) == NULL) ||
((cofactor = BN_new()) == NULL) ||
@@ -774,6 +786,13 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
int offset;
+ if (payload_len != SHA256_MAC_LEN) {
+ wpa_printf(MSG_INFO,
+ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)",
+ (unsigned int) payload_len, SHA256_MAC_LEN);
+ goto fin;
+ }
+
/* build up the ciphersuite: group | random_function | prf */
grp = htons(data->group_num);
ptr = (u8 *) &cs;
--
1.9.1

52
0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
View File

@ -1,52 +0,0 @@
From 477c74395acd0123340457ba6f15ab345d42016e Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 2 May 2015 19:23:04 +0300
Subject: [PATCH 3/5] EAP-pwd peer: Fix Total-Length parsing for fragment
reassembly
The remaining number of bytes in the message could be smaller than the
Total-Length field size, so the length needs to be explicitly checked
prior to reading the field and decrementing the len variable. This could
have resulted in the remaining length becoming negative and interpreted
as a huge positive integer.
In addition, check that there is no already started fragment in progress
before allocating a new buffer for reassembling fragments. This avoid a
potential memory leak when processing invalid message.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/eap_peer/eap_pwd.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index a629437..1d2079b 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -866,11 +866,23 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
* if it's the first fragment there'll be a length field
*/
if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
+ if (len < 2) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-pwd: Frame too short to contain Total-Length field");
+ ret->ignore = TRUE;
+ return NULL;
+ }
tot_len = WPA_GET_BE16(pos);
wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose "
"total length = %d", tot_len);
if (tot_len > 15000)
return NULL;
+ if (data->inbuf) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
+ ret->ignore = TRUE;
+ return NULL;
+ }
data->inbuf = wpabuf_alloc(tot_len);
if (data->inbuf == NULL) {
wpa_printf(MSG_INFO, "Out of memory to buffer "
--
1.9.1

50
0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
View File

@ -1,50 +0,0 @@
From 3035cc2894e08319b905bd6561e8bddc8c2db9fa Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 2 May 2015 19:26:06 +0300
Subject: [PATCH 4/5] EAP-pwd server: Fix Total-Length parsing for fragment
reassembly
The remaining number of bytes in the message could be smaller than the
Total-Length field size, so the length needs to be explicitly checked
prior to reading the field and decrementing the len variable. This could
have resulted in the remaining length becoming negative and interpreted
as a huge positive integer.
In addition, check that there is no already started fragment in progress
before allocating a new buffer for reassembling fragments. This avoid a
potential memory leak when processing invalid message.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/eap_server/eap_server_pwd.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 3189105..2bfc3c2 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -942,11 +942,21 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
* the first fragment has a total length
*/
if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
+ if (len < 2) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-pwd: Frame too short to contain Total-Length field");
+ return;
+ }
tot_len = WPA_GET_BE16(pos);
wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments, total "
"length = %d", tot_len);
if (tot_len > 15000)
return;
+ if (data->inbuf) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
+ return;
+ }
data->inbuf = wpabuf_alloc(tot_len);
if (data->inbuf == NULL) {
wpa_printf(MSG_INFO, "EAP-pwd: Out of memory to "
--
1.9.1

32
0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
View File

@ -1,32 +0,0 @@
From 28a069a545b06b99eb55ad53f63f2c99e65a98f6 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 2 May 2015 19:26:28 +0300
Subject: [PATCH 5/5] EAP-pwd peer: Fix asymmetric fragmentation behavior
The L (Length) and M (More) flags needs to be cleared before deciding
whether the locally generated response requires fragmentation. This
fixes an issue where these flags from the server could have been invalid
for the following message. In some cases, this could have resulted in
triggering the wpabuf security check that would terminate the process
due to invalid buffer allocation.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/eap_peer/eap_pwd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index 1d2079b..e58b13a 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -968,6 +968,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
/*
* we have output! Do we need to fragment it?
*/
+ lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch);
len = wpabuf_len(data->outbuf);
if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu,
--
1.9.1

913
wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch
View File

@ -1,913 +0,0 @@
From 8a78e227df1ead19be8e12a4108e448887e64d6f Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Wed, 29 Apr 2015 10:13:34 +0000
Subject: D-Bus: Fix operations when P2P management interface is used
Commit 21efc940f6e7f07b84b7e5c5867f3d81594c4fb0 ('wpa_supplicant: Do not
register a P2P management interface on DBus') hides the special P2P
management interface from D-Bus. However, it did not take into account
the possibility of wpa_s->dbus_path and wpa_s->dbus_new_path being NULL
in such cases on number of code paths within the D-Bus handlers. This
could result in invalid arguments (NULL path) being provided to D-Bus
functions (mainly, dbus_message_iter_append_basic) and NULL pointer
dereference when iterating over all interfaces. Either of these could
make wpa_supplicant process terminate.
Fix this by explicitly checking that the interface-specific D-Bus path
has been registered before using it anywhere with D-Bus handlers. In
addition, find the correct wpa_s instance to fix P2P operations through
D-Bus when the P2P Device interface is used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
index 30ef03a..89a562c 100644
--- a/wpa_supplicant/dbus/dbus_new.c
+++ b/wpa_supplicant/dbus/dbus_new.c
@@ -137,7 +137,7 @@ static void wpas_dbus_signal_interface(struct wpa_supplicant *wpa_s,
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(WPAS_DBUS_NEW_PATH,
@@ -200,7 +200,7 @@ void wpas_dbus_signal_scan_done(struct wpa_supplicant *wpa_s, int success)
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -239,7 +239,7 @@ static void wpas_dbus_signal_bss(struct wpa_supplicant *wpa_s,
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -307,7 +307,7 @@ static void wpas_dbus_signal_blob(struct wpa_supplicant *wpa_s,
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -374,7 +374,7 @@ static void wpas_dbus_signal_network(struct wpa_supplicant *wpa_s,
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
os_snprintf(net_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
@@ -467,7 +467,7 @@ void wpas_dbus_signal_network_request(struct wpa_supplicant *wpa_s,
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
field = wpa_supplicant_ctrl_req_to_string(rtype, default_txt, &txt);
@@ -511,6 +511,8 @@ void wpas_dbus_signal_network_enabled_changed(struct wpa_supplicant *wpa_s,
char path[WPAS_DBUS_OBJECT_PATH_MAX];
+ if (!wpa_s->dbus_new_path)
+ return;
os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%d",
wpa_s->dbus_new_path, ssid->id);
@@ -539,7 +541,7 @@ void wpas_dbus_signal_wps_event_success(struct wpa_supplicant *wpa_s)
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -579,7 +581,7 @@ void wpas_dbus_signal_wps_event_fail(struct wpa_supplicant *wpa_s,
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -620,7 +622,7 @@ void wpas_dbus_signal_wps_event_m2d(struct wpa_supplicant *wpa_s,
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -686,7 +688,7 @@ void wpas_dbus_signal_wps_cred(struct wpa_supplicant *wpa_s,
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -760,7 +762,7 @@ void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -801,7 +803,7 @@ void wpas_dbus_signal_eap_status(struct wpa_supplicant *wpa_s,
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -844,7 +846,7 @@ static void wpas_dbus_signal_sta(struct wpa_supplicant *wpa_s,
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
@@ -916,7 +918,8 @@ void wpas_dbus_signal_p2p_group_removed(struct wpa_supplicant *wpa_s,
if (parent->p2p_mgmt)
parent = parent->parent;
- if (!wpa_s->dbus_groupobj_path)
+ if (!wpa_s->dbus_groupobj_path || !wpa_s->dbus_new_path ||
+ !parent->dbus_new_path)
return;
msg = dbus_message_new_signal(parent->dbus_new_path,
@@ -984,6 +987,8 @@ void wpas_dbus_signal_p2p_provision_discovery(struct wpa_supplicant *wpa_s,
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
if (request || !status) {
if (config_methods & WPS_CONFIG_DISPLAY)
@@ -1073,6 +1078,8 @@ void wpas_dbus_signal_p2p_go_neg_req(struct wpa_supplicant *wpa_s,
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR,
@@ -1105,7 +1112,8 @@ static int wpas_dbus_get_group_obj_path(struct wpa_supplicant *wpa_s,
{
char group_name[3];
- if (os_memcmp(ssid->ssid, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN))
+ if (!wpa_s->dbus_new_path ||
+ os_memcmp(ssid->ssid, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN))
return -1;
os_memcpy(group_name, ssid->ssid + P2P_WILDCARD_SSID_LEN, 2);
@@ -1209,7 +1217,7 @@ void wpas_dbus_signal_p2p_group_started(struct wpa_supplicant *wpa_s,
iface = parent->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !parent->dbus_new_path || !wpa_s->dbus_new_path)
return;
if (wpa_s->dbus_groupobj_path == NULL)
@@ -1272,7 +1280,7 @@ void wpas_dbus_signal_p2p_go_neg_resp(struct wpa_supplicant *wpa_s,
os_memset(freqs, 0, sizeof(freqs));
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
@@ -1386,6 +1394,8 @@ void wpas_dbus_signal_p2p_invitation_result(struct wpa_supplicant *wpa_s,
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
WPAS_DBUS_NEW_IFACE_P2PDEVICE,
@@ -1439,6 +1449,8 @@ void wpas_dbus_signal_p2p_peer_joined(struct wpa_supplicant *wpa_s,
parent = wpa_s->parent;
if (parent->p2p_mgmt)
parent = parent->parent;
+ if (!parent->dbus_new_path)
+ return;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/"
@@ -1494,6 +1506,8 @@ void wpas_dbus_signal_p2p_peer_disconnected(struct wpa_supplicant *wpa_s,
parent = wpa_s->parent;
if (parent->p2p_mgmt)
parent = parent->parent;
+ if (!parent->dbus_new_path)
+ return;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/"
@@ -1551,6 +1565,8 @@ void wpas_dbus_signal_p2p_sd_request(struct wpa_supplicant *wpa_s,
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
/* Check if this is a known peer */
if (!p2p_peer_known(wpa_s->global->p2p, sa))
@@ -1617,6 +1633,8 @@ void wpas_dbus_signal_p2p_sd_response(struct wpa_supplicant *wpa_s,
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
/* Check if this is a known peer */
if (!p2p_peer_known(wpa_s->global->p2p, sa))
@@ -1678,6 +1696,8 @@ static void wpas_dbus_signal_persistent_group(struct wpa_supplicant *wpa_s,
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
os_snprintf(pgrp_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%u",
@@ -1762,6 +1782,8 @@ void wpas_dbus_signal_p2p_wps_failed(struct wpa_supplicant *wpa_s,
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
msg = dbus_message_new_signal(wpa_s->dbus_new_path,
WPAS_DBUS_NEW_IFACE_P2PDEVICE,
"WpsFailed");
@@ -1862,6 +1884,9 @@ void wpas_dbus_bss_signal_prop_changed(struct wpa_supplicant *wpa_s,
char path[WPAS_DBUS_OBJECT_PATH_MAX];
char *prop;
+ if (!wpa_s->dbus_new_path)
+ return;
+
switch (property) {
case WPAS_DBUS_BSS_PROP_SIGNAL:
prop = "Signal";
@@ -2177,7 +2202,7 @@ int wpas_dbus_register_network(struct wpa_supplicant *wpa_s,
#endif /* CONFIG_P2P */
/* Do nothing if the control interface is not turned on */
- if (wpa_s == NULL || wpa_s->global == NULL)
+ if (wpa_s == NULL || wpa_s->global == NULL || !wpa_s->dbus_new_path)
return 0;
ctrl_iface = wpa_s->global->dbus;
if (ctrl_iface == NULL)
@@ -2351,7 +2376,7 @@ int wpas_dbus_unregister_bss(struct wpa_supplicant *wpa_s,
char bss_obj_path[WPAS_DBUS_OBJECT_PATH_MAX];
/* Do nothing if the control interface is not turned on */
- if (wpa_s == NULL || wpa_s->global == NULL)
+ if (wpa_s == NULL || wpa_s->global == NULL || !wpa_s->dbus_new_path)
return 0;
ctrl_iface = wpa_s->global->dbus;
if (ctrl_iface == NULL)
@@ -2394,7 +2419,7 @@ int wpas_dbus_register_bss(struct wpa_supplicant *wpa_s,
struct bss_handler_args *arg;
/* Do nothing if the control interface is not turned on */
- if (wpa_s == NULL || wpa_s->global == NULL)
+ if (wpa_s == NULL || wpa_s->global == NULL || !wpa_s->dbus_new_path)
return 0;
ctrl_iface = wpa_s->global->dbus;
if (ctrl_iface == NULL)
@@ -3345,7 +3370,7 @@ static void wpas_dbus_signal_peer(struct wpa_supplicant *wpa_s,
iface = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_new_path)
return;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
@@ -3422,8 +3447,9 @@ int wpas_dbus_register_peer(struct wpa_supplicant *wpa_s, const u8 *dev_addr)
if (ctrl_iface == NULL)
return 0;
- if (wpa_s->p2p_mgmt)
- wpa_s = wpa_s->parent;
+ wpa_s = wpa_s->parent->parent;
+ if (!wpa_s->dbus_new_path)
+ return 0;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR,
@@ -3481,12 +3507,12 @@ int wpas_dbus_unregister_peer(struct wpa_supplicant *wpa_s,
int ret;
/* Do nothing if the control interface is not turned on */
- if (wpa_s == NULL || wpa_s->global == NULL ||
- wpa_s->dbus_new_path == NULL)
+ if (wpa_s == NULL || wpa_s->global == NULL)
return 0;
- if (wpa_s->p2p_mgmt)
- wpa_s = wpa_s->parent;
+ wpa_s = wpa_s->parent->parent;
+ if (!wpa_s->dbus_new_path)
+ return 0;
ctrl_iface = wpa_s->global->dbus;
if (ctrl_iface == NULL)
@@ -3512,6 +3538,8 @@ void wpas_dbus_signal_peer_groups_changed(struct wpa_supplicant *wpa_s,
if (wpa_s->p2p_mgmt)
wpa_s = wpa_s->parent;
+ if (!wpa_s->dbus_new_path)
+ return;
os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR,
wpa_s->dbus_new_path, MAC2STR(dev_addr));
@@ -3713,6 +3741,9 @@ int wpas_dbus_register_persistent_group(struct wpa_supplicant *wpa_s,
/* Do nothing if the control interface is not turned on */
if (wpa_s == NULL || wpa_s->global == NULL)
return 0;
+ wpa_s = wpa_s->parent->parent;
+ if (!wpa_s->dbus_new_path)
+ return 0;
/* Make sure ssid is a persistent group */
if (ssid->disabled != 2 && !ssid->p2p_persistent_group)
@@ -3797,15 +3828,13 @@ int wpas_dbus_unregister_persistent_group(struct wpa_supplicant *wpa_s,
int ret;
/* Do nothing if the control interface is not turned on */
- if (wpa_s == NULL || wpa_s->global == NULL ||
- wpa_s->dbus_new_path == NULL)
+ if (wpa_s == NULL || wpa_s->global == NULL)
return 0;
- if (wpa_s->p2p_mgmt)
- wpa_s = wpa_s->parent;
+ wpa_s = wpa_s->parent->parent;
ctrl_iface = wpa_s->global->dbus;
- if (ctrl_iface == NULL)
+ if (ctrl_iface == NULL || !wpa_s->dbus_new_path)
return 0;
os_snprintf(pgrp_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index d695d1b..3f5fd0a 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -157,7 +157,8 @@ static struct wpa_supplicant * get_iface_by_dbus_path(
struct wpa_supplicant *wpa_s;
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
- if (os_strcmp(wpa_s->dbus_new_path, path) == 0)
+ if (wpa_s->dbus_new_path &&
+ os_strcmp(wpa_s->dbus_new_path, path) == 0)
return wpa_s;
}
return NULL;
@@ -600,7 +601,7 @@ DBusMessage * wpas_dbus_handler_create_interface(DBusMessage *message,
iface.bridge_ifname = bridge_ifname;
/* Otherwise, have wpa_supplicant attach to it. */
wpa_s = wpa_supplicant_add_iface(global, &iface, NULL);
- if (wpa_s) {
+ if (wpa_s && wpa_s->dbus_new_path) {
const char *path = wpa_s->dbus_new_path;
reply = dbus_message_new_method_return(message);
@@ -684,7 +685,7 @@ DBusMessage * wpas_dbus_handler_get_interface(DBusMessage *message,
DBUS_TYPE_INVALID);
wpa_s = wpa_supplicant_get_iface(global, ifname);
- if (wpa_s == NULL)
+ if (wpa_s == NULL || wpa_s->dbus_new_path == NULL)
return wpas_dbus_error_iface_unknown(message);
path = wpa_s->dbus_new_path;
@@ -876,8 +877,10 @@ dbus_bool_t wpas_dbus_getter_interfaces(DBusMessageIter *iter,
unsigned int i = 0, num = 0;
dbus_bool_t success;
- for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
- num++;
+ for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
+ if (wpa_s->dbus_new_path)
+ num++;
+ }
paths = os_calloc(num, sizeof(char *));
if (!paths) {
@@ -885,8 +888,10 @@ dbus_bool_t wpas_dbus_getter_interfaces(DBusMessageIter *iter,
return FALSE;
}
- for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
- paths[i++] = wpa_s->dbus_new_path;
+ for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
+ if (wpa_s->dbus_new_path)
+ paths[i++] = wpa_s->dbus_new_path;
+ }
success = wpas_dbus_simple_array_property_getter(iter,
DBUS_TYPE_OBJECT_PATH,
@@ -1478,7 +1483,8 @@ DBusMessage * wpas_dbus_handler_add_network(DBusMessage *message,
dbus_message_iter_init(message, &iter);
- ssid = wpa_config_add_network(wpa_s->conf);
+ if (wpa_s->dbus_new_path)
+ ssid = wpa_config_add_network(wpa_s->conf);
if (ssid == NULL) {
wpa_printf(MSG_ERROR, "%s[dbus]: can't add new interface.",
__func__);
@@ -1602,7 +1608,7 @@ DBusMessage * wpas_dbus_handler_remove_network(DBusMessage *message,
iface = wpas_dbus_new_decompose_object_path(op,
WPAS_DBUS_NEW_NETWORKS_PART,
&net_id);
- if (iface == NULL || net_id == NULL ||
+ if (iface == NULL || net_id == NULL || !wpa_s->dbus_new_path ||
os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
reply = wpas_dbus_error_invalid_args(message, op);
goto out;
@@ -1715,7 +1721,7 @@ DBusMessage * wpas_dbus_handler_select_network(DBusMessage *message,
iface = wpas_dbus_new_decompose_object_path(op,
WPAS_DBUS_NEW_NETWORKS_PART,
&net_id);
- if (iface == NULL || net_id == NULL ||
+ if (iface == NULL || net_id == NULL || !wpa_s->dbus_new_path ||
os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
reply = wpas_dbus_error_invalid_args(message, op);
goto out;
@@ -1773,7 +1779,7 @@ DBusMessage * wpas_dbus_handler_network_reply(DBusMessage *message,
iface = wpas_dbus_new_decompose_object_path(op,
WPAS_DBUS_NEW_NETWORKS_PART,
&net_id);
- if (iface == NULL || net_id == NULL ||
+ if (iface == NULL || net_id == NULL || !wpa_s->dbus_new_path ||
os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
reply = wpas_dbus_error_invalid_args(message, op);
goto out;
@@ -2266,12 +2272,14 @@ DBusMessage * wpas_dbus_handler_set_pkcs11_engine_and_module_path(
message, DBUS_ERROR_FAILED,
"Reinit of the EAPOL state machine with the new PKCS #11 engine and module path failed.");
- wpa_dbus_mark_property_changed(
- wpa_s->global->dbus, wpa_s->dbus_new_path,
- WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11EnginePath");
- wpa_dbus_mark_property_changed(
- wpa_s->global->dbus, wpa_s->dbus_new_path,
- WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11ModulePath");
+ if (wpa_s->dbus_new_path) {
+ wpa_dbus_mark_property_changed(
+ wpa_s->global->dbus, wpa_s->dbus_new_path,
+ WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11EnginePath");
+ wpa_dbus_mark_property_changed(
+ wpa_s->global->dbus, wpa_s->dbus_new_path,
+ WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11ModulePath");
+ }
return NULL;
}
@@ -3024,7 +3032,7 @@ dbus_bool_t wpas_dbus_getter_current_bss(DBusMessageIter *iter,
struct wpa_supplicant *wpa_s = user_data;
char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *bss_obj_path = path_buf;
- if (wpa_s->current_bss)
+ if (wpa_s->current_bss && wpa_s->dbus_new_path)
os_snprintf(bss_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_BSSIDS_PART "/%u",
wpa_s->dbus_new_path, wpa_s->current_bss->id);
@@ -3052,7 +3060,7 @@ dbus_bool_t wpas_dbus_getter_current_network(DBusMessageIter *iter,
struct wpa_supplicant *wpa_s = user_data;
char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *net_obj_path = path_buf;
- if (wpa_s->current_ssid)
+ if (wpa_s->current_ssid && wpa_s->dbus_new_path)
os_snprintf(net_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%u",
wpa_s->dbus_new_path, wpa_s->current_ssid->id);
@@ -3140,6 +3148,12 @@ dbus_bool_t wpas_dbus_getter_bsss(DBusMessageIter *iter, DBusError *error,
unsigned int i = 0;
dbus_bool_t success = FALSE;
+ if (!wpa_s->dbus_new_path) {
+ dbus_set_error(error, DBUS_ERROR_FAILED,
+ "%s: no D-Bus interface", __func__);
+ return FALSE;
+ }
+
paths = os_calloc(wpa_s->num_bss, sizeof(char *));
if (!paths) {
dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
@@ -3191,6 +3205,12 @@ dbus_bool_t wpas_dbus_getter_networks(DBusMessageIter *iter, DBusError *error,
unsigned int i = 0, num = 0;
dbus_bool_t success = FALSE;
+ if (!wpa_s->dbus_new_path) {
+ dbus_set_error(error, DBUS_ERROR_FAILED,
+ "%s: no D-Bus interface", __func__);
+ return FALSE;
+ }
+
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
if (!network_is_persistent_group(ssid))
num++;
@@ -4104,7 +4124,7 @@ void wpas_dbus_signal_preq(struct wpa_supplicant *wpa_s,
struct wpas_dbus_priv *priv = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
- if (priv == NULL)
+ if (priv == NULL || !wpa_s->dbus_new_path)
return;
if (wpa_s->preq_notify_peer == NULL)
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
index 0eff763..32f0a35 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
@@ -354,7 +354,8 @@ DBusMessage * wpas_dbus_handler_p2p_group_add(DBusMessage *message,
pg_object_path, WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART,
&net_id_str);
if (iface == NULL || net_id_str == NULL ||
- os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
+ !wpa_s->parent->dbus_new_path ||
+ os_strcmp(iface, wpa_s->parent->dbus_new_path) != 0) {
reply =
wpas_dbus_error_invalid_args(message,
pg_object_path);
@@ -649,7 +650,8 @@ DBusMessage * wpas_dbus_handler_p2p_invite(DBusMessage *message,
WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART,
&net_id_str);
if (iface == NULL || net_id_str == NULL ||
- os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
+ !wpa_s->parent->dbus_new_path ||
+ os_strcmp(iface, wpa_s->parent->dbus_new_path) != 0) {
reply = wpas_dbus_error_invalid_args(message,
pg_object_path);
goto out;
@@ -1043,7 +1045,8 @@ dbus_bool_t wpas_dbus_getter_p2p_peers(DBusMessageIter *iter, DBusError *error,
char **peer_obj_paths = NULL;
- if (!wpa_dbus_p2p_check_enabled(wpa_s, NULL, NULL, error))
+ if (!wpa_dbus_p2p_check_enabled(wpa_s, NULL, NULL, error) ||
+ !wpa_s->parent->parent->dbus_new_path)
return FALSE;
dl_list_init(&peer_objpath_list);
@@ -1064,7 +1067,8 @@ dbus_bool_t wpas_dbus_getter_p2p_peers(DBusMessageIter *iter, DBusError *error,
os_snprintf(node->path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART
"/" COMPACT_MACSTR,
- wpa_s->dbus_new_path, MAC2STR(addr));
+ wpa_s->parent->parent->dbus_new_path,
+ MAC2STR(addr));
dl_list_add_tail(&peer_objpath_list, &node->list);
num++;
@@ -1184,13 +1188,17 @@ dbus_bool_t wpas_dbus_getter_p2p_peergo(DBusMessageIter *iter,
struct wpa_supplicant *wpa_s = user_data;
char go_peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path;
+ if (!wpa_s->parent->parent->dbus_new_path)
+ return FALSE;
+
if (wpas_get_p2p_role(wpa_s) != WPAS_P2P_ROLE_CLIENT)
os_snprintf(go_peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, "/");
else
os_snprintf(go_peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/"
COMPACT_MACSTR,
- wpa_s->dbus_new_path, MAC2STR(wpa_s->go_dev_addr));
+ wpa_s->parent->parent->dbus_new_path,
+ MAC2STR(wpa_s->go_dev_addr));
path = go_peer_obj_path;
return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_OBJECT_PATH,
@@ -1636,6 +1644,11 @@ dbus_bool_t wpas_dbus_getter_persistent_groups(DBusMessageIter *iter,
unsigned int i = 0, num = 0;
dbus_bool_t success = FALSE;
+ if (wpa_s->p2p_dev)
+ wpa_s = wpa_s->p2p_dev;
+ if (!wpa_s->parent->dbus_new_path)
+ return FALSE;
+
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
if (network_is_persistent_group(ssid))
num++;
@@ -1659,7 +1672,7 @@ dbus_bool_t wpas_dbus_getter_persistent_groups(DBusMessageIter *iter,
/* Construct the object path for this network. */
os_snprintf(paths[i++], WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%d",
- wpa_s->dbus_new_path, ssid->id);
+ wpa_s->parent->dbus_new_path, ssid->id);
}
success = wpas_dbus_simple_array_property_getter(iter,
@@ -1746,7 +1759,10 @@ DBusMessage * wpas_dbus_handler_add_persistent_group(
dbus_message_iter_init(message, &iter);
- ssid = wpa_config_add_network(wpa_s->conf);
+ if (wpa_s->p2p_dev)
+ wpa_s = wpa_s->p2p_dev;
+ if (wpa_s->parent->dbus_new_path)
+ ssid = wpa_config_add_network(wpa_s->conf);
if (ssid == NULL) {
wpa_printf(MSG_ERROR,
"dbus: %s: Cannot add new persistent group",
@@ -1779,7 +1795,7 @@ DBusMessage * wpas_dbus_handler_add_persistent_group(
/* Construct the object path for this network. */
os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%d",
- wpa_s->dbus_new_path, ssid->id);
+ wpa_s->parent->dbus_new_path, ssid->id);
reply = dbus_message_new_method_return(message);
if (reply == NULL) {
@@ -1826,6 +1842,9 @@ DBusMessage * wpas_dbus_handler_remove_persistent_group(
dbus_message_get_args(message, NULL, DBUS_TYPE_OBJECT_PATH, &op,
DBUS_TYPE_INVALID);
+ if (wpa_s->p2p_dev)
+ wpa_s = wpa_s->p2p_dev;
+
/*
* Extract the network ID and ensure the network is actually a child of
* this interface.
@@ -1834,7 +1853,8 @@ DBusMessage * wpas_dbus_handler_remove_persistent_group(
op, WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART,
&persistent_group_id);
if (iface == NULL || persistent_group_id == NULL ||
- os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
+ !wpa_s->parent->dbus_new_path ||
+ os_strcmp(iface, wpa_s->parent->dbus_new_path) != 0) {
reply = wpas_dbus_error_invalid_args(message, op);
goto out;
}
@@ -1899,6 +1919,8 @@ DBusMessage * wpas_dbus_handler_remove_all_persistent_groups(
struct wpa_ssid *ssid, *next;
struct wpa_config *config;
+ if (wpa_s->p2p_dev)
+ wpa_s = wpa_s->p2p_dev;
config = wpa_s->conf;
ssid = config->ssid;
while (ssid) {
@@ -1928,6 +1950,9 @@ dbus_bool_t wpas_dbus_getter_p2p_group_members(DBusMessageIter *iter,
const u8 *addr;
dbus_bool_t success = FALSE;
+ if (!wpa_s->parent->parent->dbus_new_path)
+ return FALSE;
+
/* Verify correct role for this property */
if (wpas_get_p2p_role(wpa_s) != WPAS_P2P_ROLE_GO) {
return wpas_dbus_simple_array_property_getter(
@@ -1955,7 +1980,8 @@ dbus_bool_t wpas_dbus_getter_p2p_group_members(DBusMessageIter *iter,
os_snprintf(paths[i], WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_P2P_PEERS_PART
"/" COMPACT_MACSTR,
- wpa_s->parent->dbus_new_path, MAC2STR(addr));
+ wpa_s->parent->parent->dbus_new_path,
+ MAC2STR(addr));
i++;
}
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_wps.c b/wpa_supplicant/dbus/dbus_new_handlers_wps.c
index a94a0e5..734ac4a 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers_wps.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers_wps.c
@@ -358,6 +358,8 @@ dbus_bool_t wpas_dbus_setter_process_credentials(DBusMessageIter *iter,
struct wpa_supplicant *wpa_s = user_data;
dbus_bool_t process_credentials, old_pc;
+ if (!wpa_s->dbus_new_path)
+ return FALSE;
if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_BOOLEAN,
&process_credentials))
return FALSE;
diff --git a/wpa_supplicant/dbus/dbus_old.c b/wpa_supplicant/dbus/dbus_old.c
index 45bb402..88227af 100644
--- a/wpa_supplicant/dbus/dbus_old.c
+++ b/wpa_supplicant/dbus/dbus_old.c
@@ -383,7 +383,7 @@ void wpa_supplicant_dbus_notify_scan_results(struct wpa_supplicant *wpa_s)
DBusMessage *_signal;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_path)
return;
_signal = dbus_message_new_signal(wpa_s->dbus_path,
@@ -474,7 +474,7 @@ void wpa_supplicant_dbus_notify_scanning(struct wpa_supplicant *wpa_s)
dbus_bool_t scanning = wpa_s->scanning ? TRUE : FALSE;
/* Do nothing if the control interface is not turned on */
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_path)
return;
_signal = dbus_message_new_signal(wpa_s->dbus_path,
@@ -509,7 +509,7 @@ void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s,
if (wpa_s->global == NULL)
return;
iface = wpa_s->global->dbus;
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_path)
return;
_signal = dbus_message_new_signal(wpa_s->dbus_path,
@@ -559,7 +559,7 @@ void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
if (wpa_s->global == NULL)
return;
iface = wpa_s->global->dbus;
- if (iface == NULL)
+ if (iface == NULL || !wpa_s->dbus_path)
return;
_signal = dbus_message_new_signal(wpa_s->dbus_path,
@@ -738,7 +738,7 @@ struct wpa_supplicant * wpa_supplicant_get_iface_by_dbus_path(
struct wpa_supplicant *wpa_s;
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
- if (strcmp(wpa_s->dbus_path, path) == 0)
+ if (wpa_s->dbus_path && strcmp(wpa_s->dbus_path, path) == 0)
return wpa_s;
}
return NULL;
diff --git a/wpa_supplicant/dbus/dbus_old_handlers.c b/wpa_supplicant/dbus/dbus_old_handlers.c
index 773ee8b..0ffa1be 100644
--- a/wpa_supplicant/dbus/dbus_old_handlers.c
+++ b/wpa_supplicant/dbus/dbus_old_handlers.c
@@ -166,7 +166,7 @@ DBusMessage * wpas_dbus_global_add_interface(DBusMessage *message,
iface.bridge_ifname = bridge_ifname;
/* Otherwise, have wpa_supplicant attach to it. */
wpa_s = wpa_supplicant_add_iface(global, &iface, NULL);
- if (wpa_s) {
+ if (wpa_s && wpa_s->dbus_path) {
const char *path = wpa_s->dbus_path;
reply = dbus_message_new_method_return(message);
@@ -262,7 +262,7 @@ DBusMessage * wpas_dbus_global_get_interface(DBusMessage *message,
}
wpa_s = wpa_supplicant_get_iface(global, ifname);
- if (wpa_s == NULL) {
+ if (wpa_s == NULL || !wpa_s->dbus_path) {
reply = wpas_dbus_new_invalid_iface_error(message);
goto out;
}
@@ -354,6 +354,11 @@ DBusMessage * wpas_dbus_iface_scan_results(DBusMessage *message,
DBusMessageIter sub_iter;
struct wpa_bss *bss;
+ if (!wpa_s->dbus_path)
+ return dbus_message_new_error(message,
+ WPAS_ERROR_INTERNAL_ERROR,
+ "no D-Bus interface available");
+
/* Create and initialize the return message */
reply = dbus_message_new_method_return(message);
dbus_message_iter_init_append(reply, &iter);
@@ -708,10 +713,11 @@ DBusMessage * wpas_dbus_iface_add_network(DBusMessage *message,
struct wpa_supplicant *wpa_s)
{
DBusMessage *reply = NULL;
- struct wpa_ssid *ssid;
+ struct wpa_ssid *ssid = NULL;
char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *path = path_buf;
- ssid = wpa_config_add_network(wpa_s->conf);
+ if (wpa_s->dbus_path)
+ ssid = wpa_config_add_network(wpa_s->conf);
if (ssid == NULL) {
reply = dbus_message_new_error(
message, WPAS_ERROR_ADD_NETWORK_ERROR,
@@ -769,7 +775,7 @@ DBusMessage * wpas_dbus_iface_remove_network(DBusMessage *message,
}
/* Ensure the network is actually a child of this interface */
- if (os_strcmp(iface, wpa_s->dbus_path) != 0) {
+ if (!wpa_s->dbus_path || os_strcmp(iface, wpa_s->dbus_path) != 0) {
reply = wpas_dbus_new_invalid_network_error(message);
goto out;
}
@@ -1020,7 +1026,7 @@ DBusMessage * wpas_dbus_iface_select_network(DBusMessage *message,
goto out;
}
/* Ensure the object path really points to this interface */
- if (network == NULL ||
+ if (network == NULL || !wpa_s->dbus_path ||
os_strcmp(iface_obj_path, wpa_s->dbus_path) != 0) {
reply = wpas_dbus_new_invalid_network_error(message);
goto out;
--
cgit v0.9.2
From 5441da2beb99c67e4f7790b114c65a2cc748f166 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Wed, 29 Apr 2015 17:47:14 +0000
Subject: Fix wpas_notify_network_removed()
Commit bb3df9a569e4a33445c89ebc50019ba46b4f6704 ('notify: Do not raise
any signal from a P2P management interface') was supposed to only change
D-Bus behavior, but it ended up disabling non-D-Bus functionality as
well for some sequences where the P2P Device interface is used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
index ea7dbdb..184a95c 100644
--- a/wpa_supplicant/notify.c
+++ b/wpa_supplicant/notify.c
@@ -307,14 +307,12 @@ void wpas_notify_persistent_group_removed(struct wpa_supplicant *wpa_s,
void wpas_notify_network_removed(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid)
{
- if (wpa_s->p2p_mgmt)
- return;
-
if (wpa_s->next_ssid == ssid)
wpa_s->next_ssid = NULL;
if (wpa_s->wpa)
wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
- if (!ssid->p2p_group && wpa_s->global->p2p_group_formation != wpa_s)
+ if (!ssid->p2p_group && wpa_s->global->p2p_group_formation != wpa_s &&
+ !wpa_s->p2p_mgmt)
wpas_dbus_unregister_network(wpa_s, ssid->id);
if (network_is_persistent_group(ssid))
wpas_notify_persistent_group_removed(wpa_s, ssid);
--
cgit v0.9.2
From 5aeebc48e8449e39a8ad0f2f1c525464ad94e837 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Wed, 29 Apr 2015 17:48:07 +0000
Subject: D-Bus Fix network_is_persistent_group() for P2P operations
Commit c2762e410fa319f75a174aeb12343beddf99fce4 ('P2P: Update D-Bus
network object semantics during group formation') added this helper
function to determine whether a network block is used for storing a
persistent group information. However, it implemented this in a way that
matches both persistent group storage and an operating persist group
instance. This does not seem to match the expected behavior for the
D-Bus objects, so fix this to match only the persistent group storage
case to avoid registering/unregistered incorrect D-Bus objects for
groups.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 8ed8b72..364ba19 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -1118,13 +1118,13 @@ struct wpa_bss * wpa_supplicant_pick_network(struct wpa_supplicant *wpa_s,
int eap_register_methods(void);
/**
- * Utility method to tell if a given network is a persistent group
+ * Utility method to tell if a given network is for persistent group storage
* @ssid: Network object
* Returns: 1 if network is a persistent group, 0 otherwise
*/
static inline int network_is_persistent_group(struct wpa_ssid *ssid)
{
- return ((ssid->disabled == 2) || ssid->p2p_persistent_group);
+ return ssid->disabled == 2 && ssid->p2p_persistent_group;
}
int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
--
cgit v0.9.2

76
wpa_supplicant.changes
View File

@ -4,6 +4,82 @@ Wed Feb 17 13:47:43 UTC 2016 - lnussel@suse.de
- add aliases for both provided dbus names to avoid systemd stopping the
service when switching runlevels (boo#966535)
-------------------------------------------------------------------
Thu Feb 4 10:18:54 UTC 2016 - michael@stroeder.com
- removed obsolete security patches:
* 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
* 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
* 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
* 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
* wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch
* 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
* 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
* 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
* 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
- Update to upstream release 2.5
* fixed P2P validation of SSID element length before copying it
[http://w1.fi/security/2015-1/] (CVE-2015-1863)
* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
[http://w1.fi/security/2015-2/] (CVE-2015-4141)
* fixed WMM Action frame parser (AP mode)
[http://w1.fi/security/2015-3/] (CVE-2015-4142)
* fixed EAP-pwd peer missing payload length validation
[http://w1.fi/security/2015-4/]
(CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
* fixed validation of WPS and P2P NFC NDEF record payload length
[http://w1.fi/security/2015-5/]
* nl80211:
- added VHT configuration for IBSS
- fixed vendor command handling to check OUI properly
- allow driver-based roaming to change ESS
* added AVG_BEACON_RSSI to SIGNAL_POLL output
* wpa_cli: added tab completion for number of commands
* removed unmaintained and not yet completed SChannel/CryptoAPI support
* modified Extended Capabilities element use in Probe Request frames to
include all cases if any of the values are non-zero
* added support for dynamically creating/removing a virtual interface
with interface_add/interface_remove
* added support for hashed password (NtHash) in EAP-pwd peer
* added support for memory-only PSK/passphrase (mem_only_psk=1 and
CTRL-REQ/RSP-PSK_PASSPHRASE)
* P2P
- optimize scan frequencies list when re-joining a persistent group
- fixed number of sequences with nl80211 P2P Device interface
- added operating class 125 for P2P use cases (this allows 5 GHz
channels 161 and 169 to be used if they are enabled in the current
regulatory domain)
- number of fixes to P2PS functionality
- do not allow 40 MHz co-ex PRI/SEC switch to force MCC
- extended support for preferred channel listing
* D-Bus:
- fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
- fixed PresenceRequest to use group interface
- added new signals: FindStopped, WPS pbc-overlap,
GroupFormationFailure, WPS timeout, InvitationReceived
- added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
- added manufacturer info
* added EAP-EKE peer support for deriving Session-Id
* added wps_priority configuration parameter to set the default priority
for all network profiles added by WPS
* added support to request a scan with specific SSIDs with the SCAN
command (optional "ssid <hexdump>" arguments)
* removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
* fixed SAE group selection in an error case
* modified SAE routines to be more robust and PWE generation to be
stronger against timing attacks
* added support for Brainpool Elliptic Curves with SAE
* added support for CCMP-256 and GCMP-256 as group ciphers with FT
* fixed BSS selection based on estimated throughput
* added option to disable TLSv1.0 with OpenSSL
(phase1="tls_disable_tlsv1_0=1")
* added Fast Session Transfer (FST) module
* fixed OpenSSL PKCS#12 extra certificate handling
* fixed key derivation for Suite B 192-bit AKM (this breaks
compatibility with the earlier version)
* added RSN IE to Mesh Peering Open/Confirm frames
* number of small fixes
-------------------------------------------------------------------
Thu May 7 17:18:29 CEST 2015 - ro@suse.de

28
wpa_supplicant.spec
View File

@ -39,24 +39,7 @@ Patch1: wpa_supplicant-flush-debug-output.patch
# wpa_supplicant-sigusr1-changes-debuglevel.patch won't go upstream as it
# is not portable
Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch
Patch3: 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
Patch4: wpa_supplicant-alloc_size.patch
# PATCH-FIX-UPSTREAM wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch arch#44740 zaitor@opensuse.org -- Fix Segmentation fault in wpa_supplicant. Patch taken from upstream master git.
Patch5: wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch
# PATCH-FIX-UPSTREAM 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch bnc#930077
Patch6: 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
# PATCH-FIX-UPSTREAM 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch bnc#930078
Patch7: 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
# PATCH-FIX-UPSTREAM 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch bnc#930079
Patch8: 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
# PATCH-FIX-UPSTREAM 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch bnc#930079
Patch9: 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
# PATCH-FIX-UPSTREAM 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch bnc#930079
Patch10: 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
# PATCH-FIX-UPSTREAM 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch bnc#930079
Patch11: 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
# PATCH-FIX-UPSTREAM 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch bnc#930079
Patch12: 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
Patch3: wpa_supplicant-alloc_size.patch
BuildRequires: dbus-1-devel
BuildRequires: libnl3-devel
BuildRequires: libqt4
@ -93,15 +76,6 @@ cp %{SOURCE1} wpa_supplicant/.config
%patch1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%build
cd wpa_supplicant