From 473bbb6decb093576070afc0367c6edff52f986fd8ac15590a4e4f24c2199c40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Thu, 18 Feb 2016 12:03:21 +0000 Subject: [PATCH 1/5] Accepting request 359998 from home:lnussel:branches:hardware - add aliases for both provided dbus names to avoid systemd stopping the service when switching runlevels (boo#966535) OBS-URL: https://build.opensuse.org/request/show/359998 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=58 --- wpa_supplicant.changes | 6 ++++ wpa_supplicant.spec | 66 ++++++++++++++++++++---------------------- 2 files changed, 37 insertions(+), 35 deletions(-) diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes index 1bc71e5..03a6098 100644 --- a/wpa_supplicant.changes +++ b/wpa_supplicant.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Feb 17 13:47:43 UTC 2016 - lnussel@suse.de + +- add aliases for both provided dbus names to avoid systemd stopping the + service when switching runlevels (boo#966535) + ------------------------------------------------------------------- Thu May 7 17:18:29 CEST 2015 - ro@suse.de diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index 77bb8cf..bf368d0 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -1,7 +1,7 @@ # # spec file for package wpa_supplicant # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,24 +16,16 @@ # -Name: wpa_supplicant -BuildRequires: dbus-1-devel -BuildRequires: libqt4 -BuildRequires: libqt4-devel -BuildRequires: openssl-devel -BuildRequires: pkg-config -BuildRequires: readline-devel -%if 0%{?suse_version} > 1230 -BuildRequires: systemd-rpm-macros -%systemd_requires +%if ! %{defined _rundir} +%define _rundir %{_localstatedir}/run %endif -BuildRequires: libnl3-devel -Url: http://hostap.epitest.fi/wpa_supplicant/ +Name: wpa_supplicant Version: 2.4 Release: 0 Summary: WPA supplicant implementation License: BSD-3-Clause and GPL-2.0+ Group: Productivity/Networking/Other +Url: http://hostap.epitest.fi/wpa_supplicant/ Source: http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.gz Source1: config Source2: %{name}.conf @@ -50,7 +42,7 @@ Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch Patch3: 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch Patch4: wpa_supplicant-alloc_size.patch # PATCH-FIX-UPSTREAM wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch arch#44740 zaitor@opensuse.org -- Fix Segmentation fault in wpa_supplicant. Patch taken from upstream master git. -Patch5: wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch +Patch5: wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch # PATCH-FIX-UPSTREAM 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch bnc#930077 Patch6: 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch # PATCH-FIX-UPSTREAM 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch bnc#930078 @@ -65,11 +57,18 @@ Patch10: 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch Patch11: 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch # PATCH-FIX-UPSTREAM 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch bnc#930079 Patch12: 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch - -BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: dbus-1-devel +BuildRequires: libnl3-devel +BuildRequires: libqt4 +BuildRequires: libqt4-devel +BuildRequires: openssl-devel +BuildRequires: pkg-config +BuildRequires: readline-devel Requires: logrotate -%if ! %{defined _rundir} -%define _rundir %{_localstatedir}/run +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if 0%{?suse_version} > 1230 +BuildRequires: systemd-rpm-macros +%systemd_requires %endif %description @@ -78,11 +77,6 @@ i.e., the part that runs in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. - -Authors: --------- - Jouni Malinen - %package gui Summary: WPA supplicant graphical front-end Group: System/Monitoring @@ -92,16 +86,11 @@ Requires: wpa_supplicant This package contains a graphical front-end to wpa_supplicant, an implementation of the WPA Supplicant component. - -Authors: --------- - Jouni Malinen - %prep %setup -q -n wpa_supplicant-%{version} rm -rf wpa_supplicant-%{version}/patches cp %{SOURCE1} wpa_supplicant/.config -%patch1 -p0 +%patch1 %patch2 -p1 %patch3 -p1 %patch4 -p1 @@ -116,9 +105,9 @@ cp %{SOURCE1} wpa_supplicant/.config %build cd wpa_supplicant -CFLAGS="$RPM_OPT_FLAGS" make V=1 %{?_smp_mflags} +CFLAGS="%{optflags}" make V=1 %{?_smp_mflags} cd wpa_gui-qt4 -qmake QMAKE_CXXFLAGS="$RPM_OPT_FLAGS" QMAKE_CFLAGS="$RPM_OPT_FLAGS" +qmake QMAKE_CXXFLAGS="%{optflags}" QMAKE_CFLAGS="%{optflags}" make %{?_smp_mflags} %install @@ -149,6 +138,11 @@ install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir} %endif # avoid spurious dependency on /usr/bin/python chmod -x wpa_supplicant/examples/*.py +%if 0%{?suse_version} > 1230 +# dbus auto activation boo#966535 +ln -s wpa_supplicant.service %{buildroot}%{_unitdir}/dbus-fi.epitest.hostap.WPASupplicant.service +ln -s wpa_supplicant.service %{buildroot}%{_unitdir}/dbus-fi.w1.wpa_supplicant1.service +%endif %if 0%{?suse_version} > 1230 %pre @@ -180,15 +174,17 @@ chmod -x wpa_supplicant/examples/*.py %endif %if 0%{?suse_version} > 1230 %{_unitdir}/wpa_supplicant.service +%{_unitdir}/dbus-fi.epitest.hostap.WPASupplicant.service +%{_unitdir}/dbus-fi.w1.wpa_supplicant1.service %endif %dir %{_sysconfdir}/%{name} -%doc %{_mandir}/man8/* +%{_mandir}/man8/* %exclude %{_mandir}/man8/wpa_gui.* -%doc %{_mandir}/man5/* +%{_mandir}/man5/* %files gui %defattr(-,root,root) -/usr/sbin/wpa_gui -%doc %{_mandir}/man8/wpa_gui.* +%{_sbindir}/wpa_gui +%{_mandir}/man8/wpa_gui.* %changelog From 273bca4ceecd4c2c02fc0182c4208e1928c01c47c7e6fda529730890e6bd81b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Thu, 18 Feb 2016 12:32:42 +0000 Subject: [PATCH 2/5] - OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=59 --- ...er-underflow-in-WMM-Action-frame-par.patch | 41 - ...-payload-length-validation-for-Commi.patch | 73 -- ...D-element-length-before-copying-it-C.patch | 42 - ...TTP-chunked-transfer-encoding-parser.patch | 49 - ...ix-payload-length-validation-for-Com.patch | 66 -- ...-Total-Length-parsing-for-fragment-r.patch | 52 - ...ix-Total-Length-parsing-for-fragment.patch | 50 - ...ix-asymmetric-fragmentation-behavior.patch | 32 - ...hen-P2P-management-interface-is-used.patch | 913 ------------------ wpa_supplicant.changes | 76 ++ wpa_supplicant.spec | 28 +- 11 files changed, 77 insertions(+), 1345 deletions(-) delete mode 100644 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch delete mode 100644 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch delete mode 100644 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch delete mode 100644 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch delete mode 100644 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch delete mode 100644 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch delete mode 100644 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch delete mode 100644 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch delete mode 100644 wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch diff --git a/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch b/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch deleted file mode 100644 index 89ed41c..0000000 --- a/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch +++ /dev/null @@ -1,41 +0,0 @@ -From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Wed, 29 Apr 2015 02:21:53 +0300 -Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser - -The length of the WMM Action frame was not properly validated and the -length of the information elements (int left) could end up being -negative. This would result in reading significantly past the stack -buffer while parsing the IEs in ieee802_11_parse_elems() and while doing -so, resulting in segmentation fault. - -This can result in an invalid frame being used for a denial of service -attack (hostapd process killed) against an AP with a driver that uses -hostapd for management frame processing (e.g., all mac80211-based -drivers). - -Thanks to Kostya Kortchinsky of Google security team for discovering and -reporting this issue. - -Signed-off-by: Jouni Malinen ---- - src/ap/wmm.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/ap/wmm.c b/src/ap/wmm.c -index 6d4177c..314e244 100644 ---- a/src/ap/wmm.c -+++ b/src/ap/wmm.c -@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_data *hapd, - return; - } - -+ if (left < 0) -+ return; /* not a valid WMM Action frame */ -+ - /* extract the tspec info element */ - if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) { - hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, --- -1.9.1 - diff --git a/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch b/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch deleted file mode 100644 index f40099b..0000000 --- a/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch +++ /dev/null @@ -1,73 +0,0 @@ -From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Fri, 1 May 2015 16:37:45 +0300 -Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit - and Confirm - -The length of the received Commit and Confirm message payloads was not -checked before reading them. This could result in a buffer read -overflow when processing an invalid message. - -Fix this by verifying that the payload is of expected length before -processing it. In addition, enforce correct state transition sequence to -make sure there is no unexpected behavior if receiving a Commit/Confirm -message before the previous exchanges have been completed. - -Thanks to Kostya Kortchinsky of Google security team for discovering and -reporting this issue. - -Signed-off-by: Jouni Malinen ---- - src/eap_peer/eap_pwd.c | 29 +++++++++++++++++++++++++++++ - 1 file changed, 29 insertions(+) - -diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c -index f2b0926..a629437 100644 ---- a/src/eap_peer/eap_pwd.c -+++ b/src/eap_peer/eap_pwd.c -@@ -355,6 +355,23 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data, - BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL; - u16 offset; - u8 *ptr, *scalar = NULL, *element = NULL; -+ size_t prime_len, order_len; -+ -+ if (data->state != PWD_Commit_Req) { -+ ret->ignore = TRUE; -+ goto fin; -+ } -+ -+ prime_len = BN_num_bytes(data->grp->prime); -+ order_len = BN_num_bytes(data->grp->order); -+ -+ if (payload_len != 2 * prime_len + order_len) { -+ wpa_printf(MSG_INFO, -+ "EAP-pwd: Unexpected Commit payload length %u (expected %u)", -+ (unsigned int) payload_len, -+ (unsigned int) (2 * prime_len + order_len)); -+ goto fin; -+ } - - if (((data->private_value = BN_new()) == NULL) || - ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) || -@@ -554,6 +571,18 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data, - u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr; - int offset; - -+ if (data->state != PWD_Confirm_Req) { -+ ret->ignore = TRUE; -+ goto fin; -+ } -+ -+ if (payload_len != SHA256_MAC_LEN) { -+ wpa_printf(MSG_INFO, -+ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)", -+ (unsigned int) payload_len, SHA256_MAC_LEN); -+ goto fin; -+ } -+ - /* - * first build up the ciphersuite which is group | random_function | - * prf --- -1.9.1 - diff --git a/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch b/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch deleted file mode 100644 index ccb2d2e..0000000 --- a/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Tue, 7 Apr 2015 11:32:11 +0300 -Subject: [PATCH] P2P: Validate SSID element length before copying it - (CVE-2015-1863) - -This fixes a possible memcpy overflow for P2P dev->oper_ssid in -p2p_add_device(). The length provided by the peer device (0..255 bytes) -was used without proper bounds checking and that could have resulted in -arbitrary data of up to 223 bytes being written beyond the end of the -dev->oper_ssid[] array (of which about 150 bytes would be beyond the -heap allocation) when processing a corrupted management frame for P2P -peer discovery purposes. - -This could result in corrupted state in heap, unexpected program -behavior due to corrupted P2P peer device information, denial of service -due to process crash, exposure of memory contents during GO Negotiation, -and potentially arbitrary code execution. - -Thanks to Google security team for reporting this issue and smart -hardware research group of Alibaba security team for discovering it. - -Signed-off-by: Jouni Malinen ---- - src/p2p/p2p.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c -index f584fae..a45fe73 100644 ---- a/src/p2p/p2p.c -+++ b/src/p2p/p2p.c -@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq, - if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0) - os_memcpy(dev->interface_addr, addr, ETH_ALEN); - if (msg.ssid && -+ msg.ssid[1] <= sizeof(dev->oper_ssid) && - (msg.ssid[1] != P2P_WILDCARD_SSID_LEN || - os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) - != 0)) { --- -1.9.1 - diff --git a/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch b/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch deleted file mode 100644 index a3b61d3..0000000 --- a/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 5acd23f4581da58683f3cf5e36cb71bbe4070bd7 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Tue, 28 Apr 2015 17:08:33 +0300 -Subject: [PATCH] WPS: Fix HTTP chunked transfer encoding parser - -strtoul() return value may end up overflowing the int h->chunk_size and -resulting in a negative value to be stored as the chunk_size. This could -result in the following memcpy operation using a very large length -argument which would result in a buffer overflow and segmentation fault. - -This could have been used to cause a denial service by any device that -has been authorized for network access (either wireless or wired). This -would affect both the WPS UPnP functionality in a WPS AP (hostapd with -upnp_iface parameter set in the configuration) and WPS ER -(wpa_supplicant with WPS_ER_START control interface command used). - -Validate the parsed chunk length value to avoid this. In addition to -rejecting negative values, we can also reject chunk size that would be -larger than the maximum configured body length. - -Thanks to Kostya Kortchinsky of Google security team for discovering and -reporting this issue. - -Signed-off-by: Jouni Malinen ---- - src/wps/httpread.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/wps/httpread.c b/src/wps/httpread.c -index 2f08f37..d2855e3 100644 ---- a/src/wps/httpread.c -+++ b/src/wps/httpread.c -@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx) - if (!isxdigit(*cbp)) - goto bad; - h->chunk_size = strtoul(cbp, NULL, 16); -+ if (h->chunk_size < 0 || -+ h->chunk_size > h->max_bytes) { -+ wpa_printf(MSG_DEBUG, -+ "httpread: Invalid chunk size %d", -+ h->chunk_size); -+ goto bad; -+ } - /* throw away chunk header - * so we have only real data - */ --- -1.9.1 - diff --git a/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch b/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch deleted file mode 100644 index f150f8b..0000000 --- a/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch +++ /dev/null @@ -1,66 +0,0 @@ -From e28a58be26184c2a23f80b410e0997ef1bd5d578 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Fri, 1 May 2015 16:40:44 +0300 -Subject: [PATCH 2/5] EAP-pwd server: Fix payload length validation for Commit - and Confirm - -The length of the received Commit and Confirm message payloads was not -checked before reading them. This could result in a buffer read -overflow when processing an invalid message. - -Fix this by verifying that the payload is of expected length before -processing it. In addition, enforce correct state transition sequence to -make sure there is no unexpected behavior if receiving a Commit/Confirm -message before the previous exchanges have been completed. - -Thanks to Kostya Kortchinsky of Google security team for discovering and -reporting this issue. - -Signed-off-by: Jouni Malinen ---- - src/eap_server/eap_server_pwd.c | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c -index 66bd5d2..3189105 100644 ---- a/src/eap_server/eap_server_pwd.c -+++ b/src/eap_server/eap_server_pwd.c -@@ -656,9 +656,21 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data, - BIGNUM *x = NULL, *y = NULL, *cofactor = NULL; - EC_POINT *K = NULL, *point = NULL; - int res = 0; -+ size_t prime_len, order_len; - - wpa_printf(MSG_DEBUG, "EAP-pwd: Received commit response"); - -+ prime_len = BN_num_bytes(data->grp->prime); -+ order_len = BN_num_bytes(data->grp->order); -+ -+ if (payload_len != 2 * prime_len + order_len) { -+ wpa_printf(MSG_INFO, -+ "EAP-pwd: Unexpected Commit payload length %u (expected %u)", -+ (unsigned int) payload_len, -+ (unsigned int) (2 * prime_len + order_len)); -+ goto fin; -+ } -+ - if (((data->peer_scalar = BN_new()) == NULL) || - ((data->k = BN_new()) == NULL) || - ((cofactor = BN_new()) == NULL) || -@@ -774,6 +786,13 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data, - u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr; - int offset; - -+ if (payload_len != SHA256_MAC_LEN) { -+ wpa_printf(MSG_INFO, -+ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)", -+ (unsigned int) payload_len, SHA256_MAC_LEN); -+ goto fin; -+ } -+ - /* build up the ciphersuite: group | random_function | prf */ - grp = htons(data->group_num); - ptr = (u8 *) &cs; --- -1.9.1 - diff --git a/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch b/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch deleted file mode 100644 index 3c8362e..0000000 --- a/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 477c74395acd0123340457ba6f15ab345d42016e Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sat, 2 May 2015 19:23:04 +0300 -Subject: [PATCH 3/5] EAP-pwd peer: Fix Total-Length parsing for fragment - reassembly - -The remaining number of bytes in the message could be smaller than the -Total-Length field size, so the length needs to be explicitly checked -prior to reading the field and decrementing the len variable. This could -have resulted in the remaining length becoming negative and interpreted -as a huge positive integer. - -In addition, check that there is no already started fragment in progress -before allocating a new buffer for reassembling fragments. This avoid a -potential memory leak when processing invalid message. - -Signed-off-by: Jouni Malinen ---- - src/eap_peer/eap_pwd.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c -index a629437..1d2079b 100644 ---- a/src/eap_peer/eap_pwd.c -+++ b/src/eap_peer/eap_pwd.c -@@ -866,11 +866,23 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, - * if it's the first fragment there'll be a length field - */ - if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) { -+ if (len < 2) { -+ wpa_printf(MSG_DEBUG, -+ "EAP-pwd: Frame too short to contain Total-Length field"); -+ ret->ignore = TRUE; -+ return NULL; -+ } - tot_len = WPA_GET_BE16(pos); - wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose " - "total length = %d", tot_len); - if (tot_len > 15000) - return NULL; -+ if (data->inbuf) { -+ wpa_printf(MSG_DEBUG, -+ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use"); -+ ret->ignore = TRUE; -+ return NULL; -+ } - data->inbuf = wpabuf_alloc(tot_len); - if (data->inbuf == NULL) { - wpa_printf(MSG_INFO, "Out of memory to buffer " --- -1.9.1 - diff --git a/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch b/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch deleted file mode 100644 index c66dbb2..0000000 --- a/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 3035cc2894e08319b905bd6561e8bddc8c2db9fa Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sat, 2 May 2015 19:26:06 +0300 -Subject: [PATCH 4/5] EAP-pwd server: Fix Total-Length parsing for fragment - reassembly - -The remaining number of bytes in the message could be smaller than the -Total-Length field size, so the length needs to be explicitly checked -prior to reading the field and decrementing the len variable. This could -have resulted in the remaining length becoming negative and interpreted -as a huge positive integer. - -In addition, check that there is no already started fragment in progress -before allocating a new buffer for reassembling fragments. This avoid a -potential memory leak when processing invalid message. - -Signed-off-by: Jouni Malinen ---- - src/eap_server/eap_server_pwd.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c -index 3189105..2bfc3c2 100644 ---- a/src/eap_server/eap_server_pwd.c -+++ b/src/eap_server/eap_server_pwd.c -@@ -942,11 +942,21 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv, - * the first fragment has a total length - */ - if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) { -+ if (len < 2) { -+ wpa_printf(MSG_DEBUG, -+ "EAP-pwd: Frame too short to contain Total-Length field"); -+ return; -+ } - tot_len = WPA_GET_BE16(pos); - wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments, total " - "length = %d", tot_len); - if (tot_len > 15000) - return; -+ if (data->inbuf) { -+ wpa_printf(MSG_DEBUG, -+ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use"); -+ return; -+ } - data->inbuf = wpabuf_alloc(tot_len); - if (data->inbuf == NULL) { - wpa_printf(MSG_INFO, "EAP-pwd: Out of memory to " --- -1.9.1 - diff --git a/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch b/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch deleted file mode 100644 index 90a6528..0000000 --- a/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 28a069a545b06b99eb55ad53f63f2c99e65a98f6 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sat, 2 May 2015 19:26:28 +0300 -Subject: [PATCH 5/5] EAP-pwd peer: Fix asymmetric fragmentation behavior - -The L (Length) and M (More) flags needs to be cleared before deciding -whether the locally generated response requires fragmentation. This -fixes an issue where these flags from the server could have been invalid -for the following message. In some cases, this could have resulted in -triggering the wpabuf security check that would terminate the process -due to invalid buffer allocation. - -Signed-off-by: Jouni Malinen ---- - src/eap_peer/eap_pwd.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c -index 1d2079b..e58b13a 100644 ---- a/src/eap_peer/eap_pwd.c -+++ b/src/eap_peer/eap_pwd.c -@@ -968,6 +968,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, - /* - * we have output! Do we need to fragment it? - */ -+ lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch); - len = wpabuf_len(data->outbuf); - if ((len + EAP_PWD_HDR_SIZE) > data->mtu) { - resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu, --- -1.9.1 - diff --git a/wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch b/wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch deleted file mode 100644 index c7708f9..0000000 --- a/wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch +++ /dev/null @@ -1,913 +0,0 @@ -From 8a78e227df1ead19be8e12a4108e448887e64d6f Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Wed, 29 Apr 2015 10:13:34 +0000 -Subject: D-Bus: Fix operations when P2P management interface is used - -Commit 21efc940f6e7f07b84b7e5c5867f3d81594c4fb0 ('wpa_supplicant: Do not -register a P2P management interface on DBus') hides the special P2P -management interface from D-Bus. However, it did not take into account -the possibility of wpa_s->dbus_path and wpa_s->dbus_new_path being NULL -in such cases on number of code paths within the D-Bus handlers. This -could result in invalid arguments (NULL path) being provided to D-Bus -functions (mainly, dbus_message_iter_append_basic) and NULL pointer -dereference when iterating over all interfaces. Either of these could -make wpa_supplicant process terminate. - -Fix this by explicitly checking that the interface-specific D-Bus path -has been registered before using it anywhere with D-Bus handlers. In -addition, find the correct wpa_s instance to fix P2P operations through -D-Bus when the P2P Device interface is used. - -Signed-off-by: Jouni Malinen ---- -diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c -index 30ef03a..89a562c 100644 ---- a/wpa_supplicant/dbus/dbus_new.c -+++ b/wpa_supplicant/dbus/dbus_new.c -@@ -137,7 +137,7 @@ static void wpas_dbus_signal_interface(struct wpa_supplicant *wpa_s, - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - msg = dbus_message_new_signal(WPAS_DBUS_NEW_PATH, -@@ -200,7 +200,7 @@ void wpas_dbus_signal_scan_done(struct wpa_supplicant *wpa_s, int success) - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - msg = dbus_message_new_signal(wpa_s->dbus_new_path, -@@ -239,7 +239,7 @@ static void wpas_dbus_signal_bss(struct wpa_supplicant *wpa_s, - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - msg = dbus_message_new_signal(wpa_s->dbus_new_path, -@@ -307,7 +307,7 @@ static void wpas_dbus_signal_blob(struct wpa_supplicant *wpa_s, - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - msg = dbus_message_new_signal(wpa_s->dbus_new_path, -@@ -374,7 +374,7 @@ static void wpas_dbus_signal_network(struct wpa_supplicant *wpa_s, - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - os_snprintf(net_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, -@@ -467,7 +467,7 @@ void wpas_dbus_signal_network_request(struct wpa_supplicant *wpa_s, - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - field = wpa_supplicant_ctrl_req_to_string(rtype, default_txt, &txt); -@@ -511,6 +511,8 @@ void wpas_dbus_signal_network_enabled_changed(struct wpa_supplicant *wpa_s, - - char path[WPAS_DBUS_OBJECT_PATH_MAX]; - -+ if (!wpa_s->dbus_new_path) -+ return; - os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%d", - wpa_s->dbus_new_path, ssid->id); -@@ -539,7 +541,7 @@ void wpas_dbus_signal_wps_event_success(struct wpa_supplicant *wpa_s) - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - msg = dbus_message_new_signal(wpa_s->dbus_new_path, -@@ -579,7 +581,7 @@ void wpas_dbus_signal_wps_event_fail(struct wpa_supplicant *wpa_s, - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - msg = dbus_message_new_signal(wpa_s->dbus_new_path, -@@ -620,7 +622,7 @@ void wpas_dbus_signal_wps_event_m2d(struct wpa_supplicant *wpa_s, - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - msg = dbus_message_new_signal(wpa_s->dbus_new_path, -@@ -686,7 +688,7 @@ void wpas_dbus_signal_wps_cred(struct wpa_supplicant *wpa_s, - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - msg = dbus_message_new_signal(wpa_s->dbus_new_path, -@@ -760,7 +762,7 @@ void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s, - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - msg = dbus_message_new_signal(wpa_s->dbus_new_path, -@@ -801,7 +803,7 @@ void wpas_dbus_signal_eap_status(struct wpa_supplicant *wpa_s, - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - msg = dbus_message_new_signal(wpa_s->dbus_new_path, -@@ -844,7 +846,7 @@ static void wpas_dbus_signal_sta(struct wpa_supplicant *wpa_s, - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - msg = dbus_message_new_signal(wpa_s->dbus_new_path, -@@ -916,7 +918,8 @@ void wpas_dbus_signal_p2p_group_removed(struct wpa_supplicant *wpa_s, - if (parent->p2p_mgmt) - parent = parent->parent; - -- if (!wpa_s->dbus_groupobj_path) -+ if (!wpa_s->dbus_groupobj_path || !wpa_s->dbus_new_path || -+ !parent->dbus_new_path) - return; - - msg = dbus_message_new_signal(parent->dbus_new_path, -@@ -984,6 +987,8 @@ void wpas_dbus_signal_p2p_provision_discovery(struct wpa_supplicant *wpa_s, - - if (wpa_s->p2p_mgmt) - wpa_s = wpa_s->parent; -+ if (!wpa_s->dbus_new_path) -+ return; - - if (request || !status) { - if (config_methods & WPS_CONFIG_DISPLAY) -@@ -1073,6 +1078,8 @@ void wpas_dbus_signal_p2p_go_neg_req(struct wpa_supplicant *wpa_s, - - if (wpa_s->p2p_mgmt) - wpa_s = wpa_s->parent; -+ if (!wpa_s->dbus_new_path) -+ return; - - os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR, -@@ -1105,7 +1112,8 @@ static int wpas_dbus_get_group_obj_path(struct wpa_supplicant *wpa_s, - { - char group_name[3]; - -- if (os_memcmp(ssid->ssid, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)) -+ if (!wpa_s->dbus_new_path || -+ os_memcmp(ssid->ssid, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)) - return -1; - - os_memcpy(group_name, ssid->ssid + P2P_WILDCARD_SSID_LEN, 2); -@@ -1209,7 +1217,7 @@ void wpas_dbus_signal_p2p_group_started(struct wpa_supplicant *wpa_s, - iface = parent->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !parent->dbus_new_path || !wpa_s->dbus_new_path) - return; - - if (wpa_s->dbus_groupobj_path == NULL) -@@ -1272,7 +1280,7 @@ void wpas_dbus_signal_p2p_go_neg_resp(struct wpa_supplicant *wpa_s, - - os_memset(freqs, 0, sizeof(freqs)); - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, -@@ -1386,6 +1394,8 @@ void wpas_dbus_signal_p2p_invitation_result(struct wpa_supplicant *wpa_s, - - if (wpa_s->p2p_mgmt) - wpa_s = wpa_s->parent; -+ if (!wpa_s->dbus_new_path) -+ return; - - msg = dbus_message_new_signal(wpa_s->dbus_new_path, - WPAS_DBUS_NEW_IFACE_P2PDEVICE, -@@ -1439,6 +1449,8 @@ void wpas_dbus_signal_p2p_peer_joined(struct wpa_supplicant *wpa_s, - parent = wpa_s->parent; - if (parent->p2p_mgmt) - parent = parent->parent; -+ if (!parent->dbus_new_path) -+ return; - - os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" -@@ -1494,6 +1506,8 @@ void wpas_dbus_signal_p2p_peer_disconnected(struct wpa_supplicant *wpa_s, - parent = wpa_s->parent; - if (parent->p2p_mgmt) - parent = parent->parent; -+ if (!parent->dbus_new_path) -+ return; - - os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" -@@ -1551,6 +1565,8 @@ void wpas_dbus_signal_p2p_sd_request(struct wpa_supplicant *wpa_s, - - if (wpa_s->p2p_mgmt) - wpa_s = wpa_s->parent; -+ if (!wpa_s->dbus_new_path) -+ return; - - /* Check if this is a known peer */ - if (!p2p_peer_known(wpa_s->global->p2p, sa)) -@@ -1617,6 +1633,8 @@ void wpas_dbus_signal_p2p_sd_response(struct wpa_supplicant *wpa_s, - - if (wpa_s->p2p_mgmt) - wpa_s = wpa_s->parent; -+ if (!wpa_s->dbus_new_path) -+ return; - - /* Check if this is a known peer */ - if (!p2p_peer_known(wpa_s->global->p2p, sa)) -@@ -1678,6 +1696,8 @@ static void wpas_dbus_signal_persistent_group(struct wpa_supplicant *wpa_s, - - if (wpa_s->p2p_mgmt) - wpa_s = wpa_s->parent; -+ if (!wpa_s->dbus_new_path) -+ return; - - os_snprintf(pgrp_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%u", -@@ -1762,6 +1782,8 @@ void wpas_dbus_signal_p2p_wps_failed(struct wpa_supplicant *wpa_s, - if (wpa_s->p2p_mgmt) - wpa_s = wpa_s->parent; - -+ if (!wpa_s->dbus_new_path) -+ return; - msg = dbus_message_new_signal(wpa_s->dbus_new_path, - WPAS_DBUS_NEW_IFACE_P2PDEVICE, - "WpsFailed"); -@@ -1862,6 +1884,9 @@ void wpas_dbus_bss_signal_prop_changed(struct wpa_supplicant *wpa_s, - char path[WPAS_DBUS_OBJECT_PATH_MAX]; - char *prop; - -+ if (!wpa_s->dbus_new_path) -+ return; -+ - switch (property) { - case WPAS_DBUS_BSS_PROP_SIGNAL: - prop = "Signal"; -@@ -2177,7 +2202,7 @@ int wpas_dbus_register_network(struct wpa_supplicant *wpa_s, - #endif /* CONFIG_P2P */ - - /* Do nothing if the control interface is not turned on */ -- if (wpa_s == NULL || wpa_s->global == NULL) -+ if (wpa_s == NULL || wpa_s->global == NULL || !wpa_s->dbus_new_path) - return 0; - ctrl_iface = wpa_s->global->dbus; - if (ctrl_iface == NULL) -@@ -2351,7 +2376,7 @@ int wpas_dbus_unregister_bss(struct wpa_supplicant *wpa_s, - char bss_obj_path[WPAS_DBUS_OBJECT_PATH_MAX]; - - /* Do nothing if the control interface is not turned on */ -- if (wpa_s == NULL || wpa_s->global == NULL) -+ if (wpa_s == NULL || wpa_s->global == NULL || !wpa_s->dbus_new_path) - return 0; - ctrl_iface = wpa_s->global->dbus; - if (ctrl_iface == NULL) -@@ -2394,7 +2419,7 @@ int wpas_dbus_register_bss(struct wpa_supplicant *wpa_s, - struct bss_handler_args *arg; - - /* Do nothing if the control interface is not turned on */ -- if (wpa_s == NULL || wpa_s->global == NULL) -+ if (wpa_s == NULL || wpa_s->global == NULL || !wpa_s->dbus_new_path) - return 0; - ctrl_iface = wpa_s->global->dbus; - if (ctrl_iface == NULL) -@@ -3345,7 +3370,7 @@ static void wpas_dbus_signal_peer(struct wpa_supplicant *wpa_s, - iface = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_new_path) - return; - - os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, -@@ -3422,8 +3447,9 @@ int wpas_dbus_register_peer(struct wpa_supplicant *wpa_s, const u8 *dev_addr) - if (ctrl_iface == NULL) - return 0; - -- if (wpa_s->p2p_mgmt) -- wpa_s = wpa_s->parent; -+ wpa_s = wpa_s->parent->parent; -+ if (!wpa_s->dbus_new_path) -+ return 0; - - os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR, -@@ -3481,12 +3507,12 @@ int wpas_dbus_unregister_peer(struct wpa_supplicant *wpa_s, - int ret; - - /* Do nothing if the control interface is not turned on */ -- if (wpa_s == NULL || wpa_s->global == NULL || -- wpa_s->dbus_new_path == NULL) -+ if (wpa_s == NULL || wpa_s->global == NULL) - return 0; - -- if (wpa_s->p2p_mgmt) -- wpa_s = wpa_s->parent; -+ wpa_s = wpa_s->parent->parent; -+ if (!wpa_s->dbus_new_path) -+ return 0; - - ctrl_iface = wpa_s->global->dbus; - if (ctrl_iface == NULL) -@@ -3512,6 +3538,8 @@ void wpas_dbus_signal_peer_groups_changed(struct wpa_supplicant *wpa_s, - if (wpa_s->p2p_mgmt) - wpa_s = wpa_s->parent; - -+ if (!wpa_s->dbus_new_path) -+ return; - os_snprintf(peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" COMPACT_MACSTR, - wpa_s->dbus_new_path, MAC2STR(dev_addr)); -@@ -3713,6 +3741,9 @@ int wpas_dbus_register_persistent_group(struct wpa_supplicant *wpa_s, - /* Do nothing if the control interface is not turned on */ - if (wpa_s == NULL || wpa_s->global == NULL) - return 0; -+ wpa_s = wpa_s->parent->parent; -+ if (!wpa_s->dbus_new_path) -+ return 0; - - /* Make sure ssid is a persistent group */ - if (ssid->disabled != 2 && !ssid->p2p_persistent_group) -@@ -3797,15 +3828,13 @@ int wpas_dbus_unregister_persistent_group(struct wpa_supplicant *wpa_s, - int ret; - - /* Do nothing if the control interface is not turned on */ -- if (wpa_s == NULL || wpa_s->global == NULL || -- wpa_s->dbus_new_path == NULL) -+ if (wpa_s == NULL || wpa_s->global == NULL) - return 0; - -- if (wpa_s->p2p_mgmt) -- wpa_s = wpa_s->parent; -+ wpa_s = wpa_s->parent->parent; - - ctrl_iface = wpa_s->global->dbus; -- if (ctrl_iface == NULL) -+ if (ctrl_iface == NULL || !wpa_s->dbus_new_path) - return 0; - - os_snprintf(pgrp_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, -diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c -index d695d1b..3f5fd0a 100644 ---- a/wpa_supplicant/dbus/dbus_new_handlers.c -+++ b/wpa_supplicant/dbus/dbus_new_handlers.c -@@ -157,7 +157,8 @@ static struct wpa_supplicant * get_iface_by_dbus_path( - struct wpa_supplicant *wpa_s; - - for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) { -- if (os_strcmp(wpa_s->dbus_new_path, path) == 0) -+ if (wpa_s->dbus_new_path && -+ os_strcmp(wpa_s->dbus_new_path, path) == 0) - return wpa_s; - } - return NULL; -@@ -600,7 +601,7 @@ DBusMessage * wpas_dbus_handler_create_interface(DBusMessage *message, - iface.bridge_ifname = bridge_ifname; - /* Otherwise, have wpa_supplicant attach to it. */ - wpa_s = wpa_supplicant_add_iface(global, &iface, NULL); -- if (wpa_s) { -+ if (wpa_s && wpa_s->dbus_new_path) { - const char *path = wpa_s->dbus_new_path; - - reply = dbus_message_new_method_return(message); -@@ -684,7 +685,7 @@ DBusMessage * wpas_dbus_handler_get_interface(DBusMessage *message, - DBUS_TYPE_INVALID); - - wpa_s = wpa_supplicant_get_iface(global, ifname); -- if (wpa_s == NULL) -+ if (wpa_s == NULL || wpa_s->dbus_new_path == NULL) - return wpas_dbus_error_iface_unknown(message); - - path = wpa_s->dbus_new_path; -@@ -876,8 +877,10 @@ dbus_bool_t wpas_dbus_getter_interfaces(DBusMessageIter *iter, - unsigned int i = 0, num = 0; - dbus_bool_t success; - -- for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) -- num++; -+ for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) { -+ if (wpa_s->dbus_new_path) -+ num++; -+ } - - paths = os_calloc(num, sizeof(char *)); - if (!paths) { -@@ -885,8 +888,10 @@ dbus_bool_t wpas_dbus_getter_interfaces(DBusMessageIter *iter, - return FALSE; - } - -- for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) -- paths[i++] = wpa_s->dbus_new_path; -+ for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) { -+ if (wpa_s->dbus_new_path) -+ paths[i++] = wpa_s->dbus_new_path; -+ } - - success = wpas_dbus_simple_array_property_getter(iter, - DBUS_TYPE_OBJECT_PATH, -@@ -1478,7 +1483,8 @@ DBusMessage * wpas_dbus_handler_add_network(DBusMessage *message, - - dbus_message_iter_init(message, &iter); - -- ssid = wpa_config_add_network(wpa_s->conf); -+ if (wpa_s->dbus_new_path) -+ ssid = wpa_config_add_network(wpa_s->conf); - if (ssid == NULL) { - wpa_printf(MSG_ERROR, "%s[dbus]: can't add new interface.", - __func__); -@@ -1602,7 +1608,7 @@ DBusMessage * wpas_dbus_handler_remove_network(DBusMessage *message, - iface = wpas_dbus_new_decompose_object_path(op, - WPAS_DBUS_NEW_NETWORKS_PART, - &net_id); -- if (iface == NULL || net_id == NULL || -+ if (iface == NULL || net_id == NULL || !wpa_s->dbus_new_path || - os_strcmp(iface, wpa_s->dbus_new_path) != 0) { - reply = wpas_dbus_error_invalid_args(message, op); - goto out; -@@ -1715,7 +1721,7 @@ DBusMessage * wpas_dbus_handler_select_network(DBusMessage *message, - iface = wpas_dbus_new_decompose_object_path(op, - WPAS_DBUS_NEW_NETWORKS_PART, - &net_id); -- if (iface == NULL || net_id == NULL || -+ if (iface == NULL || net_id == NULL || !wpa_s->dbus_new_path || - os_strcmp(iface, wpa_s->dbus_new_path) != 0) { - reply = wpas_dbus_error_invalid_args(message, op); - goto out; -@@ -1773,7 +1779,7 @@ DBusMessage * wpas_dbus_handler_network_reply(DBusMessage *message, - iface = wpas_dbus_new_decompose_object_path(op, - WPAS_DBUS_NEW_NETWORKS_PART, - &net_id); -- if (iface == NULL || net_id == NULL || -+ if (iface == NULL || net_id == NULL || !wpa_s->dbus_new_path || - os_strcmp(iface, wpa_s->dbus_new_path) != 0) { - reply = wpas_dbus_error_invalid_args(message, op); - goto out; -@@ -2266,12 +2272,14 @@ DBusMessage * wpas_dbus_handler_set_pkcs11_engine_and_module_path( - message, DBUS_ERROR_FAILED, - "Reinit of the EAPOL state machine with the new PKCS #11 engine and module path failed."); - -- wpa_dbus_mark_property_changed( -- wpa_s->global->dbus, wpa_s->dbus_new_path, -- WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11EnginePath"); -- wpa_dbus_mark_property_changed( -- wpa_s->global->dbus, wpa_s->dbus_new_path, -- WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11ModulePath"); -+ if (wpa_s->dbus_new_path) { -+ wpa_dbus_mark_property_changed( -+ wpa_s->global->dbus, wpa_s->dbus_new_path, -+ WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11EnginePath"); -+ wpa_dbus_mark_property_changed( -+ wpa_s->global->dbus, wpa_s->dbus_new_path, -+ WPAS_DBUS_NEW_IFACE_INTERFACE, "PKCS11ModulePath"); -+ } - - return NULL; - } -@@ -3024,7 +3032,7 @@ dbus_bool_t wpas_dbus_getter_current_bss(DBusMessageIter *iter, - struct wpa_supplicant *wpa_s = user_data; - char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *bss_obj_path = path_buf; - -- if (wpa_s->current_bss) -+ if (wpa_s->current_bss && wpa_s->dbus_new_path) - os_snprintf(bss_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_BSSIDS_PART "/%u", - wpa_s->dbus_new_path, wpa_s->current_bss->id); -@@ -3052,7 +3060,7 @@ dbus_bool_t wpas_dbus_getter_current_network(DBusMessageIter *iter, - struct wpa_supplicant *wpa_s = user_data; - char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *net_obj_path = path_buf; - -- if (wpa_s->current_ssid) -+ if (wpa_s->current_ssid && wpa_s->dbus_new_path) - os_snprintf(net_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%u", - wpa_s->dbus_new_path, wpa_s->current_ssid->id); -@@ -3140,6 +3148,12 @@ dbus_bool_t wpas_dbus_getter_bsss(DBusMessageIter *iter, DBusError *error, - unsigned int i = 0; - dbus_bool_t success = FALSE; - -+ if (!wpa_s->dbus_new_path) { -+ dbus_set_error(error, DBUS_ERROR_FAILED, -+ "%s: no D-Bus interface", __func__); -+ return FALSE; -+ } -+ - paths = os_calloc(wpa_s->num_bss, sizeof(char *)); - if (!paths) { - dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory"); -@@ -3191,6 +3205,12 @@ dbus_bool_t wpas_dbus_getter_networks(DBusMessageIter *iter, DBusError *error, - unsigned int i = 0, num = 0; - dbus_bool_t success = FALSE; - -+ if (!wpa_s->dbus_new_path) { -+ dbus_set_error(error, DBUS_ERROR_FAILED, -+ "%s: no D-Bus interface", __func__); -+ return FALSE; -+ } -+ - for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) - if (!network_is_persistent_group(ssid)) - num++; -@@ -4104,7 +4124,7 @@ void wpas_dbus_signal_preq(struct wpa_supplicant *wpa_s, - struct wpas_dbus_priv *priv = wpa_s->global->dbus; - - /* Do nothing if the control interface is not turned on */ -- if (priv == NULL) -+ if (priv == NULL || !wpa_s->dbus_new_path) - return; - - if (wpa_s->preq_notify_peer == NULL) -diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c -index 0eff763..32f0a35 100644 ---- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c -+++ b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c -@@ -354,7 +354,8 @@ DBusMessage * wpas_dbus_handler_p2p_group_add(DBusMessage *message, - pg_object_path, WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART, - &net_id_str); - if (iface == NULL || net_id_str == NULL || -- os_strcmp(iface, wpa_s->dbus_new_path) != 0) { -+ !wpa_s->parent->dbus_new_path || -+ os_strcmp(iface, wpa_s->parent->dbus_new_path) != 0) { - reply = - wpas_dbus_error_invalid_args(message, - pg_object_path); -@@ -649,7 +650,8 @@ DBusMessage * wpas_dbus_handler_p2p_invite(DBusMessage *message, - WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART, - &net_id_str); - if (iface == NULL || net_id_str == NULL || -- os_strcmp(iface, wpa_s->dbus_new_path) != 0) { -+ !wpa_s->parent->dbus_new_path || -+ os_strcmp(iface, wpa_s->parent->dbus_new_path) != 0) { - reply = wpas_dbus_error_invalid_args(message, - pg_object_path); - goto out; -@@ -1043,7 +1045,8 @@ dbus_bool_t wpas_dbus_getter_p2p_peers(DBusMessageIter *iter, DBusError *error, - - char **peer_obj_paths = NULL; - -- if (!wpa_dbus_p2p_check_enabled(wpa_s, NULL, NULL, error)) -+ if (!wpa_dbus_p2p_check_enabled(wpa_s, NULL, NULL, error) || -+ !wpa_s->parent->parent->dbus_new_path) - return FALSE; - - dl_list_init(&peer_objpath_list); -@@ -1064,7 +1067,8 @@ dbus_bool_t wpas_dbus_getter_p2p_peers(DBusMessageIter *iter, DBusError *error, - os_snprintf(node->path, WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART - "/" COMPACT_MACSTR, -- wpa_s->dbus_new_path, MAC2STR(addr)); -+ wpa_s->parent->parent->dbus_new_path, -+ MAC2STR(addr)); - dl_list_add_tail(&peer_objpath_list, &node->list); - num++; - -@@ -1184,13 +1188,17 @@ dbus_bool_t wpas_dbus_getter_p2p_peergo(DBusMessageIter *iter, - struct wpa_supplicant *wpa_s = user_data; - char go_peer_obj_path[WPAS_DBUS_OBJECT_PATH_MAX], *path; - -+ if (!wpa_s->parent->parent->dbus_new_path) -+ return FALSE; -+ - if (wpas_get_p2p_role(wpa_s) != WPAS_P2P_ROLE_CLIENT) - os_snprintf(go_peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, "/"); - else - os_snprintf(go_peer_obj_path, WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART "/" - COMPACT_MACSTR, -- wpa_s->dbus_new_path, MAC2STR(wpa_s->go_dev_addr)); -+ wpa_s->parent->parent->dbus_new_path, -+ MAC2STR(wpa_s->go_dev_addr)); - - path = go_peer_obj_path; - return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_OBJECT_PATH, -@@ -1636,6 +1644,11 @@ dbus_bool_t wpas_dbus_getter_persistent_groups(DBusMessageIter *iter, - unsigned int i = 0, num = 0; - dbus_bool_t success = FALSE; - -+ if (wpa_s->p2p_dev) -+ wpa_s = wpa_s->p2p_dev; -+ if (!wpa_s->parent->dbus_new_path) -+ return FALSE; -+ - for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) - if (network_is_persistent_group(ssid)) - num++; -@@ -1659,7 +1672,7 @@ dbus_bool_t wpas_dbus_getter_persistent_groups(DBusMessageIter *iter, - /* Construct the object path for this network. */ - os_snprintf(paths[i++], WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%d", -- wpa_s->dbus_new_path, ssid->id); -+ wpa_s->parent->dbus_new_path, ssid->id); - } - - success = wpas_dbus_simple_array_property_getter(iter, -@@ -1746,7 +1759,10 @@ DBusMessage * wpas_dbus_handler_add_persistent_group( - - dbus_message_iter_init(message, &iter); - -- ssid = wpa_config_add_network(wpa_s->conf); -+ if (wpa_s->p2p_dev) -+ wpa_s = wpa_s->p2p_dev; -+ if (wpa_s->parent->dbus_new_path) -+ ssid = wpa_config_add_network(wpa_s->conf); - if (ssid == NULL) { - wpa_printf(MSG_ERROR, - "dbus: %s: Cannot add new persistent group", -@@ -1779,7 +1795,7 @@ DBusMessage * wpas_dbus_handler_add_persistent_group( - /* Construct the object path for this network. */ - os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART "/%d", -- wpa_s->dbus_new_path, ssid->id); -+ wpa_s->parent->dbus_new_path, ssid->id); - - reply = dbus_message_new_method_return(message); - if (reply == NULL) { -@@ -1826,6 +1842,9 @@ DBusMessage * wpas_dbus_handler_remove_persistent_group( - dbus_message_get_args(message, NULL, DBUS_TYPE_OBJECT_PATH, &op, - DBUS_TYPE_INVALID); - -+ if (wpa_s->p2p_dev) -+ wpa_s = wpa_s->p2p_dev; -+ - /* - * Extract the network ID and ensure the network is actually a child of - * this interface. -@@ -1834,7 +1853,8 @@ DBusMessage * wpas_dbus_handler_remove_persistent_group( - op, WPAS_DBUS_NEW_PERSISTENT_GROUPS_PART, - &persistent_group_id); - if (iface == NULL || persistent_group_id == NULL || -- os_strcmp(iface, wpa_s->dbus_new_path) != 0) { -+ !wpa_s->parent->dbus_new_path || -+ os_strcmp(iface, wpa_s->parent->dbus_new_path) != 0) { - reply = wpas_dbus_error_invalid_args(message, op); - goto out; - } -@@ -1899,6 +1919,8 @@ DBusMessage * wpas_dbus_handler_remove_all_persistent_groups( - struct wpa_ssid *ssid, *next; - struct wpa_config *config; - -+ if (wpa_s->p2p_dev) -+ wpa_s = wpa_s->p2p_dev; - config = wpa_s->conf; - ssid = config->ssid; - while (ssid) { -@@ -1928,6 +1950,9 @@ dbus_bool_t wpas_dbus_getter_p2p_group_members(DBusMessageIter *iter, - const u8 *addr; - dbus_bool_t success = FALSE; - -+ if (!wpa_s->parent->parent->dbus_new_path) -+ return FALSE; -+ - /* Verify correct role for this property */ - if (wpas_get_p2p_role(wpa_s) != WPAS_P2P_ROLE_GO) { - return wpas_dbus_simple_array_property_getter( -@@ -1955,7 +1980,8 @@ dbus_bool_t wpas_dbus_getter_p2p_group_members(DBusMessageIter *iter, - os_snprintf(paths[i], WPAS_DBUS_OBJECT_PATH_MAX, - "%s/" WPAS_DBUS_NEW_P2P_PEERS_PART - "/" COMPACT_MACSTR, -- wpa_s->parent->dbus_new_path, MAC2STR(addr)); -+ wpa_s->parent->parent->dbus_new_path, -+ MAC2STR(addr)); - i++; - } - -diff --git a/wpa_supplicant/dbus/dbus_new_handlers_wps.c b/wpa_supplicant/dbus/dbus_new_handlers_wps.c -index a94a0e5..734ac4a 100644 ---- a/wpa_supplicant/dbus/dbus_new_handlers_wps.c -+++ b/wpa_supplicant/dbus/dbus_new_handlers_wps.c -@@ -358,6 +358,8 @@ dbus_bool_t wpas_dbus_setter_process_credentials(DBusMessageIter *iter, - struct wpa_supplicant *wpa_s = user_data; - dbus_bool_t process_credentials, old_pc; - -+ if (!wpa_s->dbus_new_path) -+ return FALSE; - if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_BOOLEAN, - &process_credentials)) - return FALSE; -diff --git a/wpa_supplicant/dbus/dbus_old.c b/wpa_supplicant/dbus/dbus_old.c -index 45bb402..88227af 100644 ---- a/wpa_supplicant/dbus/dbus_old.c -+++ b/wpa_supplicant/dbus/dbus_old.c -@@ -383,7 +383,7 @@ void wpa_supplicant_dbus_notify_scan_results(struct wpa_supplicant *wpa_s) - DBusMessage *_signal; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_path) - return; - - _signal = dbus_message_new_signal(wpa_s->dbus_path, -@@ -474,7 +474,7 @@ void wpa_supplicant_dbus_notify_scanning(struct wpa_supplicant *wpa_s) - dbus_bool_t scanning = wpa_s->scanning ? TRUE : FALSE; - - /* Do nothing if the control interface is not turned on */ -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_path) - return; - - _signal = dbus_message_new_signal(wpa_s->dbus_path, -@@ -509,7 +509,7 @@ void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s, - if (wpa_s->global == NULL) - return; - iface = wpa_s->global->dbus; -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_path) - return; - - _signal = dbus_message_new_signal(wpa_s->dbus_path, -@@ -559,7 +559,7 @@ void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s, - if (wpa_s->global == NULL) - return; - iface = wpa_s->global->dbus; -- if (iface == NULL) -+ if (iface == NULL || !wpa_s->dbus_path) - return; - - _signal = dbus_message_new_signal(wpa_s->dbus_path, -@@ -738,7 +738,7 @@ struct wpa_supplicant * wpa_supplicant_get_iface_by_dbus_path( - struct wpa_supplicant *wpa_s; - - for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) { -- if (strcmp(wpa_s->dbus_path, path) == 0) -+ if (wpa_s->dbus_path && strcmp(wpa_s->dbus_path, path) == 0) - return wpa_s; - } - return NULL; -diff --git a/wpa_supplicant/dbus/dbus_old_handlers.c b/wpa_supplicant/dbus/dbus_old_handlers.c -index 773ee8b..0ffa1be 100644 ---- a/wpa_supplicant/dbus/dbus_old_handlers.c -+++ b/wpa_supplicant/dbus/dbus_old_handlers.c -@@ -166,7 +166,7 @@ DBusMessage * wpas_dbus_global_add_interface(DBusMessage *message, - iface.bridge_ifname = bridge_ifname; - /* Otherwise, have wpa_supplicant attach to it. */ - wpa_s = wpa_supplicant_add_iface(global, &iface, NULL); -- if (wpa_s) { -+ if (wpa_s && wpa_s->dbus_path) { - const char *path = wpa_s->dbus_path; - - reply = dbus_message_new_method_return(message); -@@ -262,7 +262,7 @@ DBusMessage * wpas_dbus_global_get_interface(DBusMessage *message, - } - - wpa_s = wpa_supplicant_get_iface(global, ifname); -- if (wpa_s == NULL) { -+ if (wpa_s == NULL || !wpa_s->dbus_path) { - reply = wpas_dbus_new_invalid_iface_error(message); - goto out; - } -@@ -354,6 +354,11 @@ DBusMessage * wpas_dbus_iface_scan_results(DBusMessage *message, - DBusMessageIter sub_iter; - struct wpa_bss *bss; - -+ if (!wpa_s->dbus_path) -+ return dbus_message_new_error(message, -+ WPAS_ERROR_INTERNAL_ERROR, -+ "no D-Bus interface available"); -+ - /* Create and initialize the return message */ - reply = dbus_message_new_method_return(message); - dbus_message_iter_init_append(reply, &iter); -@@ -708,10 +713,11 @@ DBusMessage * wpas_dbus_iface_add_network(DBusMessage *message, - struct wpa_supplicant *wpa_s) - { - DBusMessage *reply = NULL; -- struct wpa_ssid *ssid; -+ struct wpa_ssid *ssid = NULL; - char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *path = path_buf; - -- ssid = wpa_config_add_network(wpa_s->conf); -+ if (wpa_s->dbus_path) -+ ssid = wpa_config_add_network(wpa_s->conf); - if (ssid == NULL) { - reply = dbus_message_new_error( - message, WPAS_ERROR_ADD_NETWORK_ERROR, -@@ -769,7 +775,7 @@ DBusMessage * wpas_dbus_iface_remove_network(DBusMessage *message, - } - - /* Ensure the network is actually a child of this interface */ -- if (os_strcmp(iface, wpa_s->dbus_path) != 0) { -+ if (!wpa_s->dbus_path || os_strcmp(iface, wpa_s->dbus_path) != 0) { - reply = wpas_dbus_new_invalid_network_error(message); - goto out; - } -@@ -1020,7 +1026,7 @@ DBusMessage * wpas_dbus_iface_select_network(DBusMessage *message, - goto out; - } - /* Ensure the object path really points to this interface */ -- if (network == NULL || -+ if (network == NULL || !wpa_s->dbus_path || - os_strcmp(iface_obj_path, wpa_s->dbus_path) != 0) { - reply = wpas_dbus_new_invalid_network_error(message); - goto out; --- -cgit v0.9.2 - -From 5441da2beb99c67e4f7790b114c65a2cc748f166 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Wed, 29 Apr 2015 17:47:14 +0000 -Subject: Fix wpas_notify_network_removed() - -Commit bb3df9a569e4a33445c89ebc50019ba46b4f6704 ('notify: Do not raise -any signal from a P2P management interface') was supposed to only change -D-Bus behavior, but it ended up disabling non-D-Bus functionality as -well for some sequences where the P2P Device interface is used. - -Signed-off-by: Jouni Malinen ---- -diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c -index ea7dbdb..184a95c 100644 ---- a/wpa_supplicant/notify.c -+++ b/wpa_supplicant/notify.c -@@ -307,14 +307,12 @@ void wpas_notify_persistent_group_removed(struct wpa_supplicant *wpa_s, - void wpas_notify_network_removed(struct wpa_supplicant *wpa_s, - struct wpa_ssid *ssid) - { -- if (wpa_s->p2p_mgmt) -- return; -- - if (wpa_s->next_ssid == ssid) - wpa_s->next_ssid = NULL; - if (wpa_s->wpa) - wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid); -- if (!ssid->p2p_group && wpa_s->global->p2p_group_formation != wpa_s) -+ if (!ssid->p2p_group && wpa_s->global->p2p_group_formation != wpa_s && -+ !wpa_s->p2p_mgmt) - wpas_dbus_unregister_network(wpa_s, ssid->id); - if (network_is_persistent_group(ssid)) - wpas_notify_persistent_group_removed(wpa_s, ssid); --- -cgit v0.9.2 - -From 5aeebc48e8449e39a8ad0f2f1c525464ad94e837 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Wed, 29 Apr 2015 17:48:07 +0000 -Subject: D-Bus Fix network_is_persistent_group() for P2P operations - -Commit c2762e410fa319f75a174aeb12343beddf99fce4 ('P2P: Update D-Bus -network object semantics during group formation') added this helper -function to determine whether a network block is used for storing a -persistent group information. However, it implemented this in a way that -matches both persistent group storage and an operating persist group -instance. This does not seem to match the expected behavior for the -D-Bus objects, so fix this to match only the persistent group storage -case to avoid registering/unregistered incorrect D-Bus objects for -groups. - -Signed-off-by: Jouni Malinen ---- -diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h -index 8ed8b72..364ba19 100644 ---- a/wpa_supplicant/wpa_supplicant_i.h -+++ b/wpa_supplicant/wpa_supplicant_i.h -@@ -1118,13 +1118,13 @@ struct wpa_bss * wpa_supplicant_pick_network(struct wpa_supplicant *wpa_s, - int eap_register_methods(void); - - /** -- * Utility method to tell if a given network is a persistent group -+ * Utility method to tell if a given network is for persistent group storage - * @ssid: Network object - * Returns: 1 if network is a persistent group, 0 otherwise - */ - static inline int network_is_persistent_group(struct wpa_ssid *ssid) - { -- return ((ssid->disabled == 2) || ssid->p2p_persistent_group); -+ return ssid->disabled == 2 && ssid->p2p_persistent_group; - } - - int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid); --- -cgit v0.9.2 diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes index 03a6098..ae84efc 100644 --- a/wpa_supplicant.changes +++ b/wpa_supplicant.changes @@ -4,6 +4,82 @@ Wed Feb 17 13:47:43 UTC 2016 - lnussel@suse.de - add aliases for both provided dbus names to avoid systemd stopping the service when switching runlevels (boo#966535) +------------------------------------------------------------------- +Thu Feb 4 10:18:54 UTC 2016 - michael@stroeder.com + +- removed obsolete security patches: + * 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch + * 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch + * 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch + * 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch + * wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch + * 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch + * 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch + * 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch + * 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch +- Update to upstream release 2.5 + * fixed P2P validation of SSID element length before copying it + [http://w1.fi/security/2015-1/] (CVE-2015-1863) + * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding + [http://w1.fi/security/2015-2/] (CVE-2015-4141) + * fixed WMM Action frame parser (AP mode) + [http://w1.fi/security/2015-3/] (CVE-2015-4142) + * fixed EAP-pwd peer missing payload length validation + [http://w1.fi/security/2015-4/] + (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146) + * fixed validation of WPS and P2P NFC NDEF record payload length + [http://w1.fi/security/2015-5/] + * nl80211: + - added VHT configuration for IBSS + - fixed vendor command handling to check OUI properly + - allow driver-based roaming to change ESS + * added AVG_BEACON_RSSI to SIGNAL_POLL output + * wpa_cli: added tab completion for number of commands + * removed unmaintained and not yet completed SChannel/CryptoAPI support + * modified Extended Capabilities element use in Probe Request frames to + include all cases if any of the values are non-zero + * added support for dynamically creating/removing a virtual interface + with interface_add/interface_remove + * added support for hashed password (NtHash) in EAP-pwd peer + * added support for memory-only PSK/passphrase (mem_only_psk=1 and + CTRL-REQ/RSP-PSK_PASSPHRASE) + * P2P + - optimize scan frequencies list when re-joining a persistent group + - fixed number of sequences with nl80211 P2P Device interface + - added operating class 125 for P2P use cases (this allows 5 GHz + channels 161 and 169 to be used if they are enabled in the current + regulatory domain) + - number of fixes to P2PS functionality + - do not allow 40 MHz co-ex PRI/SEC switch to force MCC + - extended support for preferred channel listing + * D-Bus: + - fixed WPS property of fi.w1.wpa_supplicant1.BSS interface + - fixed PresenceRequest to use group interface + - added new signals: FindStopped, WPS pbc-overlap, + GroupFormationFailure, WPS timeout, InvitationReceived + - added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient + - added manufacturer info + * added EAP-EKE peer support for deriving Session-Id + * added wps_priority configuration parameter to set the default priority + for all network profiles added by WPS + * added support to request a scan with specific SSIDs with the SCAN + command (optional "ssid " arguments) + * removed support for WEP40/WEP104 as a group cipher with WPA/WPA2 + * fixed SAE group selection in an error case + * modified SAE routines to be more robust and PWE generation to be + stronger against timing attacks + * added support for Brainpool Elliptic Curves with SAE + * added support for CCMP-256 and GCMP-256 as group ciphers with FT + * fixed BSS selection based on estimated throughput + * added option to disable TLSv1.0 with OpenSSL + (phase1="tls_disable_tlsv1_0=1") + * added Fast Session Transfer (FST) module + * fixed OpenSSL PKCS#12 extra certificate handling + * fixed key derivation for Suite B 192-bit AKM (this breaks + compatibility with the earlier version) + * added RSN IE to Mesh Peering Open/Confirm frames + * number of small fixes + ------------------------------------------------------------------- Thu May 7 17:18:29 CEST 2015 - ro@suse.de diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index bf368d0..813a585 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -39,24 +39,7 @@ Patch1: wpa_supplicant-flush-debug-output.patch # wpa_supplicant-sigusr1-changes-debuglevel.patch won't go upstream as it # is not portable Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch -Patch3: 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch -Patch4: wpa_supplicant-alloc_size.patch -# PATCH-FIX-UPSTREAM wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch arch#44740 zaitor@opensuse.org -- Fix Segmentation fault in wpa_supplicant. Patch taken from upstream master git. -Patch5: wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch -# PATCH-FIX-UPSTREAM 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch bnc#930077 -Patch6: 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch -# PATCH-FIX-UPSTREAM 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch bnc#930078 -Patch7: 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch -# PATCH-FIX-UPSTREAM 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch bnc#930079 -Patch8: 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch -# PATCH-FIX-UPSTREAM 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch bnc#930079 -Patch9: 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch -# PATCH-FIX-UPSTREAM 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch bnc#930079 -Patch10: 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch -# PATCH-FIX-UPSTREAM 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch bnc#930079 -Patch11: 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch -# PATCH-FIX-UPSTREAM 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch bnc#930079 -Patch12: 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch +Patch3: wpa_supplicant-alloc_size.patch BuildRequires: dbus-1-devel BuildRequires: libnl3-devel BuildRequires: libqt4 @@ -93,15 +76,6 @@ cp %{SOURCE1} wpa_supplicant/.config %patch1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 %build cd wpa_supplicant From d8f638566d6b564261cd9ab744d6908bda0f67fee9aa6be7d00664bb7f70cb6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Thu, 18 Feb 2016 15:55:55 +0000 Subject: [PATCH 3/5] Accepting request 360174 from home:elvigia:branches:hardware MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Previous update did not include version 2.5 tarball or changed the version number in spec, only the changelog and removed patches. - config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable· random number generator by using /dev/urandom, no need to keep an internal random number pool which draws entropy from /dev/random. - config: prefer using epoll(7) instead of select(2) by setting CONFIG_ELOOP_EPOLL=y - wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2) system call to collect entropy. if it is not present disable buffering when reading /dev/urandom, otherwise each os_get_random() call will request BUFSIZ of entropy instead of the few needed bytes. OBS-URL: https://build.opensuse.org/request/show/360174 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=60 --- config | 4 ++-- wpa_supplicant-2.4.tar.gz | 3 --- wpa_supplicant-2.5.tar.gz | 3 +++ wpa_supplicant-getrandom.patch | 44 ++++++++++++++++++++++++++++++++++ wpa_supplicant.changes | 17 +++++++++++++ wpa_supplicant.spec | 5 ++-- 6 files changed, 69 insertions(+), 7 deletions(-) delete mode 100644 wpa_supplicant-2.4.tar.gz create mode 100644 wpa_supplicant-2.5.tar.gz create mode 100644 wpa_supplicant-getrandom.patch diff --git a/config b/config index d9e2e3f..707b936 100644 --- a/config +++ b/config @@ -265,7 +265,7 @@ CONFIG_BACKEND=file #CONFIG_ELOOP_POLL=y # Should we use epoll instead of select? Select is used by default. -#CONFIG_ELOOP_EPOLL=y +CONFIG_ELOOP_EPOLL=y # Select layer 2 packet implementation # linux = Linux packet socket (default) @@ -433,7 +433,7 @@ CONFIG_DEBUG_FILE=y # disabled. This will save some in binary size and CPU use. However, this # should only be considered for builds that are known to be used on devices # that meet the requirements described above. -#CONFIG_NO_RANDOM_POOL=y +CONFIG_NO_RANDOM_POOL=y # IEEE 802.11n (High Throughput) support (mainly for AP mode) CONFIG_IEEE80211N=y diff --git a/wpa_supplicant-2.4.tar.gz b/wpa_supplicant-2.4.tar.gz deleted file mode 100644 index d78c9c2..0000000 --- a/wpa_supplicant-2.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:058dc832c096139a059e6df814080f50251a8d313c21b13364c54a1e70109122 -size 2525648 diff --git a/wpa_supplicant-2.5.tar.gz b/wpa_supplicant-2.5.tar.gz new file mode 100644 index 0000000..34c4078 --- /dev/null +++ b/wpa_supplicant-2.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cce55bae483b364eae55c35ba567c279be442ed8bab5b80a3c7fb0d057b9b316 +size 2607336 diff --git a/wpa_supplicant-getrandom.patch b/wpa_supplicant-getrandom.patch new file mode 100644 index 0000000..6364b2e --- /dev/null +++ b/wpa_supplicant-getrandom.patch @@ -0,0 +1,44 @@ +--- wpa_supplicant-2.4.orig/src/utils/os_unix.c ++++ wpa_supplicant-2.4/src/utils/os_unix.c +@@ -6,11 +6,15 @@ + * See README for more details. + */ + ++#ifndef _GNU_SOURCE ++#define _GNU_SOURCE ++#endif + #include "includes.h" + + #include + #include +- ++#include ++#include + #ifdef ANDROID + #include + #include +@@ -223,6 +227,10 @@ void os_daemonize_terminate(const char * + + int os_get_random(unsigned char *buf, size_t len) + { ++#ifdef SYS_getrandom ++ int gr = TEMP_FAILURE_RETRY(syscall(SYS_getrandom, buf, len, 0)); ++ return (gr != -1 && gr == len) ? 0 : -1; ++#else + FILE *f; + size_t rc; + +@@ -232,10 +240,13 @@ int os_get_random(unsigned char *buf, si + return -1; + } + ++ setbuf(f, NULL); ++ + rc = fread(buf, 1, len, f); + fclose(f); + + return rc != len ? -1 : 0; ++#endif + } + + diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes index ae84efc..6bc18dd 100644 --- a/wpa_supplicant.changes +++ b/wpa_supplicant.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Thu Feb 18 15:36:23 UTC 2016 - crrodriguez@opensuse.org + +- Previous update did not include version 2.5 tarball + or changed the version number in spec, only the changelog + and removed patches. +- config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable· + random number generator by using /dev/urandom, no need to + keep an internal random number pool which draws entropy from + /dev/random. +- config: prefer using epoll(7) instead of select(2) + by setting CONFIG_ELOOP_EPOLL=y +- wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2) + system call to collect entropy. if it is not present disable + buffering when reading /dev/urandom, otherwise each os_get_random() + call will request BUFSIZ of entropy instead of the few needed bytes. + ------------------------------------------------------------------- Wed Feb 17 13:47:43 UTC 2016 - lnussel@suse.de diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index 813a585..0105cbc 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -20,7 +20,7 @@ %define _rundir %{_localstatedir}/run %endif Name: wpa_supplicant -Version: 2.4 +Version: 2.5 Release: 0 Summary: WPA supplicant implementation License: BSD-3-Clause and GPL-2.0+ @@ -40,6 +40,7 @@ Patch1: wpa_supplicant-flush-debug-output.patch # is not portable Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch Patch3: wpa_supplicant-alloc_size.patch +Patch4: wpa_supplicant-getrandom.patch BuildRequires: dbus-1-devel BuildRequires: libnl3-devel BuildRequires: libqt4 @@ -76,7 +77,7 @@ cp %{SOURCE1} wpa_supplicant/.config %patch1 %patch2 -p1 %patch3 -p1 - +%patch4 -p1 %build cd wpa_supplicant CFLAGS="%{optflags}" make V=1 %{?_smp_mflags} From d15605b2093e4d8c84d7873de973e55aeb9bd57d8841a357e018d490d4b31c34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Sat, 20 Feb 2016 18:00:59 +0000 Subject: [PATCH 4/5] Accepting request 360636 from home:elvigia:branches:hardware - spec: Compile the GUI against QT5 in 13.2 and later. OBS-URL: https://build.opensuse.org/request/show/360636 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=61 --- wpa_supplicant.changes | 5 +++++ wpa_supplicant.spec | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes index 6bc18dd..f47dbf2 100644 --- a/wpa_supplicant.changes +++ b/wpa_supplicant.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Feb 20 16:56:01 UTC 2016 - crrodriguez@opensuse.org + +- spec: Compile the GUI against QT5 in 13.2 and later. + ------------------------------------------------------------------- Thu Feb 18 15:36:23 UTC 2016 - crrodriguez@opensuse.org diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index 0105cbc..eb56715 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -43,8 +43,14 @@ Patch3: wpa_supplicant-alloc_size.patch Patch4: wpa_supplicant-getrandom.patch BuildRequires: dbus-1-devel BuildRequires: libnl3-devel +%if 0%{?suse_version} < 1320 BuildRequires: libqt4 BuildRequires: libqt4-devel +%else +BuildRequires: pkgconfig(Qt5Core) +BuildRequires: pkgconfig(Qt5Gui) +BuildRequires: pkgconfig(Qt5Widgets) +%endif BuildRequires: openssl-devel BuildRequires: pkg-config BuildRequires: readline-devel @@ -82,7 +88,11 @@ cp %{SOURCE1} wpa_supplicant/.config cd wpa_supplicant CFLAGS="%{optflags}" make V=1 %{?_smp_mflags} cd wpa_gui-qt4 +%if 0%{?suse_version} < 1320 qmake QMAKE_CXXFLAGS="%{optflags}" QMAKE_CFLAGS="%{optflags}" +%else +qmake-qt5 QMAKE_CXXFLAGS="%{optflags}" QMAKE_CFLAGS="%{optflags}" +%endif make %{?_smp_mflags} %install From aeded15942b43837f2cbccba1083593e81f8756a2f43ef244d37002a87dcfd8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Sat, 27 Feb 2016 12:05:37 +0000 Subject: [PATCH 5/5] Accepting request 362042 from home:elvigia:branches:hardware - Revert CONFIG_ELOOP_EPOLL=y, it is broken in combination with CONFIG_DBUS=yes. OBS-URL: https://build.opensuse.org/request/show/362042 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=62 --- config | 2 +- wpa_supplicant.changes | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/config b/config index 707b936..dc321a6 100644 --- a/config +++ b/config @@ -265,7 +265,7 @@ CONFIG_BACKEND=file #CONFIG_ELOOP_POLL=y # Should we use epoll instead of select? Select is used by default. -CONFIG_ELOOP_EPOLL=y +#CONFIG_ELOOP_EPOLL=y # Select layer 2 packet implementation # linux = Linux packet socket (default) diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes index f47dbf2..d7bbbbd 100644 --- a/wpa_supplicant.changes +++ b/wpa_supplicant.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Feb 26 21:10:55 UTC 2016 - crrodriguez@opensuse.org + +- Revert CONFIG_ELOOP_EPOLL=y, it is broken in combination + with CONFIG_DBUS=yes. + ------------------------------------------------------------------- Sat Feb 20 16:56:01 UTC 2016 - crrodriguez@opensuse.org