Author: cy Date: Tue Aug 14 20:02:01 2018 New Revision: 337817 URL: https://svnweb.freebsd.org/changeset/base/337817
Log: MFC r336203, r336499, r336501-r336502, r336506, r336510, r336512-r336513, r336515, r336528-r336531 r336203: MFV r324714: Update wpa 2.5 --> 2.6. r336499: MFV: r336485 Address: hostapd: Avoid key reinstallation in FT handshake Obtained from: https://w1.fi/security/2017-1/\ rebased-v2.6-0001-hostapd-Avoid-key-\ reinstallation-in-FT-handshake.patch r336501: MFV: r336486 Prevent reinstallation of an already in-use group key. Upline git commit cb5132bb35698cc0c743e34fe0e845dfc4c3e410. Obtained from: https://w1.fi/security/2017-1/\ rebased-v2.6-0002-Prevent-reinstallation-\ of-an-already-in-use-group-ke.patch r336502: MFV r336487: Import upline security patch: Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases. This git commit 87e2db16bafcbc60b8d0016175814a73c1e8ed45. This commit is is simply a pops change as r324696 already plugged this vulnerability. To maintain consistency with the vendor branch props will be changed. Obtained from: https://w1.fi/security/2017-1/\ rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-\ reinstallation-of-WNM-.patch r336506: MFV r336490: Prevent installation of an all-zero TK. This is also upline git commit 53bb18cc8b7a4da72e47e4b3752d0d2135cffb23. Obtained from: https://w1.fi/security/2017-1/\ rebased-v2.6-0004-Prevent-installation-\ of-an-all-zero-TK.patch r336510: MFV r336493: Fix PTK rekeying to generate a new ANonce. This is also upline git commit 0adc9b28b39d414d5febfff752f6a1576f785c85. This commit is a NOP, just changing props as the heavy lifting was done by r324696. This just brings us into line with the vendor branch. Obtained from: https://w1.fi/security/2017-1/\ rebased-v2.6-0005-Fix-PTK-rekeying-to-\ generate-a-new-ANonce.patch r336512: MFV r336494: TDLS: Reject TPK-TK reconfiguration. This is also upline git commmit ff89af96e5a35c86f50330d2b86c18323318a60c. Once again this is a NOP as this is a props change to sync up with the vendor branch. The real commit is in r324696. Obtained from: https://w1.fi/security/2017-1/\ rebased-v2.6-0006-TDLS-Reject-TPK-TK-\ reconfiguration.patch r336513: MFV r336495: Another props change. The real work was done by r324696. We're simply syncing up with the vendor branch again. mport upline security patch: WNM: Ignore WNM-Sleep Mode Request in wnm_sleep_mode=0 case. This is also upline git commit 114f2830d2c2aee6db23d48240e93415a256a37c. Obtained from: https://w1.fi/security/2017-1/\ rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-\ Response-without-pending-r.patch r336515: MFV r336496: A props change to sync up with the vendor branch. The real work was done by r324696. FILS: Do not allow multiple (Re)Association Response frames. This is also upline git commit e760851176c77ae6de19821bb1d5bf3ae2cb5187. Obtained from: https://w1.fi/security/2017-1/\ rebased-v2.6-0008-FT-Do-not-allow-multiple-\ Reassociation-Response-fram.patch r336528: Revert r336501. It was a of the wrong rev from the vendor branch. r336529: MFV: r336486 Prevent reinstallation of an already in-use group key. Upline git commit cb5132bb35698cc0c743e34fe0e845dfc4c3e410. Obtained from: https://w1.fi/security/2017-1/\ rebased-v2.6-0002-Prevent-reinstallation-\ of-an-already-in-use-group-ke.patch r336530: To reduce our diff between our sources and our upline, sync up with upline. Also making it easier to read. Obtained from: diffing base with ports r336531: Remove a redundant declaration. While at it add a blank line, conforming with the convention used in this file. Added: stable/11/contrib/wpa/src/ap/mbo_ap.c - copied unchanged from r336203, head/contrib/wpa/src/ap/mbo_ap.c stable/11/contrib/wpa/src/ap/mbo_ap.h - copied unchanged from r336203, head/contrib/wpa/src/ap/mbo_ap.h stable/11/contrib/wpa/src/ap/neighbor_db.c - copied unchanged from r336203, head/contrib/wpa/src/ap/neighbor_db.c stable/11/contrib/wpa/src/ap/neighbor_db.h - copied unchanged from r336203, head/contrib/wpa/src/ap/neighbor_db.h stable/11/contrib/wpa/src/ap/rrm.c - copied unchanged from r336203, head/contrib/wpa/src/ap/rrm.c stable/11/contrib/wpa/src/ap/rrm.h - copied unchanged from r336203, head/contrib/wpa/src/ap/rrm.h stable/11/contrib/wpa/src/ap/taxonomy.c - copied unchanged from r336203, head/contrib/wpa/src/ap/taxonomy.c stable/11/contrib/wpa/src/ap/taxonomy.h - copied unchanged from r336203, head/contrib/wpa/src/ap/taxonomy.h stable/11/contrib/wpa/src/ap/vlan.c - copied unchanged from r336203, head/contrib/wpa/src/ap/vlan.c stable/11/contrib/wpa/src/ap/vlan.h - copied unchanged from r336203, head/contrib/wpa/src/ap/vlan.h stable/11/contrib/wpa/src/ap/vlan_full.c - copied unchanged from r336203, head/contrib/wpa/src/ap/vlan_full.c stable/11/contrib/wpa/src/ap/vlan_ifconfig.c - copied unchanged from r336203, head/contrib/wpa/src/ap/vlan_ifconfig.c stable/11/contrib/wpa/src/ap/vlan_ioctl.c - copied unchanged from r336203, head/contrib/wpa/src/ap/vlan_ioctl.c stable/11/contrib/wpa/src/common/cli.c - copied unchanged from r336203, head/contrib/wpa/src/common/cli.c stable/11/contrib/wpa/src/common/cli.h - copied unchanged from r336203, head/contrib/wpa/src/common/cli.h stable/11/contrib/wpa/src/common/ctrl_iface_common.c - copied unchanged from r336203, head/contrib/wpa/src/common/ctrl_iface_common.c stable/11/contrib/wpa/src/common/ctrl_iface_common.h - copied unchanged from r336203, head/contrib/wpa/src/common/ctrl_iface_common.h stable/11/contrib/wpa/src/crypto/sha384-internal.c - copied unchanged from r336203, head/contrib/wpa/src/crypto/sha384-internal.c stable/11/contrib/wpa/src/crypto/sha384_i.h - copied unchanged from r336203, head/contrib/wpa/src/crypto/sha384_i.h stable/11/contrib/wpa/src/crypto/sha512-internal.c - copied unchanged from r336203, head/contrib/wpa/src/crypto/sha512-internal.c stable/11/contrib/wpa/src/crypto/sha512_i.h - copied unchanged from r336203, head/contrib/wpa/src/crypto/sha512_i.h stable/11/contrib/wpa/src/crypto/tls_openssl.h - copied unchanged from r336203, head/contrib/wpa/src/crypto/tls_openssl.h stable/11/contrib/wpa/src/crypto/tls_openssl_ocsp.c - copied unchanged from r336203, head/contrib/wpa/src/crypto/tls_openssl_ocsp.c stable/11/contrib/wpa/src/tls/tlsv1_client_ocsp.c - copied unchanged from r336203, head/contrib/wpa/src/tls/tlsv1_client_ocsp.c stable/11/contrib/wpa/src/utils/module_tests.h - copied unchanged from r336203, head/contrib/wpa/src/utils/module_tests.h stable/11/contrib/wpa/wpa_supplicant/Android.mk - copied unchanged from r336203, head/contrib/wpa/wpa_supplicant/Android.mk stable/11/contrib/wpa/wpa_supplicant/README-Windows.txt - copied unchanged from r336203, head/contrib/wpa/wpa_supplicant/README-Windows.txt stable/11/contrib/wpa/wpa_supplicant/android.config - copied unchanged from r336203, head/contrib/wpa/wpa_supplicant/android.config stable/11/contrib/wpa/wpa_supplicant/binder/ - copied from r336203, head/contrib/wpa/wpa_supplicant/binder/ stable/11/contrib/wpa/wpa_supplicant/libwpa_test.c - copied unchanged from r336203, head/contrib/wpa/wpa_supplicant/libwpa_test.c stable/11/contrib/wpa/wpa_supplicant/mbo.c - copied unchanged from r336203, head/contrib/wpa/wpa_supplicant/mbo.c stable/11/contrib/wpa/wpa_supplicant/systemd/ - copied from r336203, head/contrib/wpa/wpa_supplicant/systemd/ stable/11/contrib/wpa/wpa_supplicant/vs2005/ - copied from r336203, head/contrib/wpa/wpa_supplicant/vs2005/ Deleted: stable/11/contrib/wpa/patches/openssl-0.9.8za-tls-extensions.patch stable/11/contrib/wpa/patches/openssl-0.9.8zf-tls-extensions.patch stable/11/contrib/wpa/wpa_supplicant/tests/link_test.c stable/11/contrib/wpa/wpa_supplicant/tests/test_eap_sim_common.c stable/11/contrib/wpa/wpa_supplicant/tests/test_wpa.c Modified: stable/11/contrib/wpa/CONTRIBUTIONS stable/11/contrib/wpa/COPYING stable/11/contrib/wpa/README stable/11/contrib/wpa/hostapd/ChangeLog stable/11/contrib/wpa/hostapd/README stable/11/contrib/wpa/hostapd/config_file.c stable/11/contrib/wpa/hostapd/ctrl_iface.c stable/11/contrib/wpa/hostapd/defconfig stable/11/contrib/wpa/hostapd/hapd_module_tests.c stable/11/contrib/wpa/hostapd/hlr_auc_gw.c stable/11/contrib/wpa/hostapd/hostapd.conf stable/11/contrib/wpa/hostapd/hostapd_cli.c stable/11/contrib/wpa/hostapd/main.c stable/11/contrib/wpa/hs20/client/Android.mk stable/11/contrib/wpa/hs20/client/Makefile stable/11/contrib/wpa/hs20/client/est.c stable/11/contrib/wpa/hs20/client/osu_client.c stable/11/contrib/wpa/src/ap/accounting.c stable/11/contrib/wpa/src/ap/accounting.h stable/11/contrib/wpa/src/ap/acs.c stable/11/contrib/wpa/src/ap/ap_config.c stable/11/contrib/wpa/src/ap/ap_config.h stable/11/contrib/wpa/src/ap/ap_drv_ops.c stable/11/contrib/wpa/src/ap/ap_drv_ops.h stable/11/contrib/wpa/src/ap/ap_mlme.c stable/11/contrib/wpa/src/ap/authsrv.c stable/11/contrib/wpa/src/ap/beacon.c stable/11/contrib/wpa/src/ap/beacon.h stable/11/contrib/wpa/src/ap/ctrl_iface_ap.c stable/11/contrib/wpa/src/ap/ctrl_iface_ap.h stable/11/contrib/wpa/src/ap/dfs.c stable/11/contrib/wpa/src/ap/dhcp_snoop.c stable/11/contrib/wpa/src/ap/drv_callbacks.c stable/11/contrib/wpa/src/ap/gas_serv.c stable/11/contrib/wpa/src/ap/gas_serv.h stable/11/contrib/wpa/src/ap/hostapd.c stable/11/contrib/wpa/src/ap/hostapd.h stable/11/contrib/wpa/src/ap/hw_features.c stable/11/contrib/wpa/src/ap/iapp.c stable/11/contrib/wpa/src/ap/ieee802_11.c stable/11/contrib/wpa/src/ap/ieee802_11.h stable/11/contrib/wpa/src/ap/ieee802_11_auth.c stable/11/contrib/wpa/src/ap/ieee802_11_auth.h stable/11/contrib/wpa/src/ap/ieee802_11_ht.c stable/11/contrib/wpa/src/ap/ieee802_11_shared.c stable/11/contrib/wpa/src/ap/ieee802_11_vht.c stable/11/contrib/wpa/src/ap/ieee802_1x.c stable/11/contrib/wpa/src/ap/ieee802_1x.h stable/11/contrib/wpa/src/ap/ndisc_snoop.c stable/11/contrib/wpa/src/ap/pmksa_cache_auth.c stable/11/contrib/wpa/src/ap/pmksa_cache_auth.h stable/11/contrib/wpa/src/ap/sta_info.c stable/11/contrib/wpa/src/ap/sta_info.h stable/11/contrib/wpa/src/ap/vlan_init.c stable/11/contrib/wpa/src/ap/vlan_init.h stable/11/contrib/wpa/src/ap/vlan_util.c stable/11/contrib/wpa/src/ap/vlan_util.h stable/11/contrib/wpa/src/ap/wnm_ap.c stable/11/contrib/wpa/src/ap/wnm_ap.h stable/11/contrib/wpa/src/ap/wpa_auth.c stable/11/contrib/wpa/src/ap/wpa_auth.h stable/11/contrib/wpa/src/ap/wpa_auth_ft.c stable/11/contrib/wpa/src/ap/wpa_auth_glue.c stable/11/contrib/wpa/src/ap/wpa_auth_i.h stable/11/contrib/wpa/src/ap/wpa_auth_ie.c stable/11/contrib/wpa/src/ap/wps_hostapd.c stable/11/contrib/wpa/src/common/common_module_tests.c stable/11/contrib/wpa/src/common/defs.h stable/11/contrib/wpa/src/common/eapol_common.h stable/11/contrib/wpa/src/common/ieee802_11_common.c stable/11/contrib/wpa/src/common/ieee802_11_common.h stable/11/contrib/wpa/src/common/ieee802_11_defs.h stable/11/contrib/wpa/src/common/ieee802_1x_defs.h stable/11/contrib/wpa/src/common/qca-vendor.h stable/11/contrib/wpa/src/common/sae.c stable/11/contrib/wpa/src/common/sae.h stable/11/contrib/wpa/src/common/version.h stable/11/contrib/wpa/src/common/wpa_common.c stable/11/contrib/wpa/src/common/wpa_common.h stable/11/contrib/wpa/src/common/wpa_ctrl.c stable/11/contrib/wpa/src/common/wpa_ctrl.h stable/11/contrib/wpa/src/common/wpa_helpers.c stable/11/contrib/wpa/src/crypto/aes-cbc.c stable/11/contrib/wpa/src/crypto/aes-omac1.c stable/11/contrib/wpa/src/crypto/crypto.h stable/11/contrib/wpa/src/crypto/crypto_internal.c stable/11/contrib/wpa/src/crypto/crypto_module_tests.c stable/11/contrib/wpa/src/crypto/crypto_openssl.c stable/11/contrib/wpa/src/crypto/dh_group5.c stable/11/contrib/wpa/src/crypto/dh_groups.c stable/11/contrib/wpa/src/crypto/fips_prf_openssl.c stable/11/contrib/wpa/src/crypto/md4-internal.c stable/11/contrib/wpa/src/crypto/md5-internal.c stable/11/contrib/wpa/src/crypto/ms_funcs.c stable/11/contrib/wpa/src/crypto/sha1-internal.c stable/11/contrib/wpa/src/crypto/sha256-internal.c stable/11/contrib/wpa/src/crypto/sha256-prf.c stable/11/contrib/wpa/src/crypto/sha256.h stable/11/contrib/wpa/src/crypto/tls.h stable/11/contrib/wpa/src/crypto/tls_gnutls.c stable/11/contrib/wpa/src/crypto/tls_internal.c stable/11/contrib/wpa/src/crypto/tls_none.c stable/11/contrib/wpa/src/crypto/tls_openssl.c stable/11/contrib/wpa/src/drivers/driver.h stable/11/contrib/wpa/src/drivers/driver_bsd.c stable/11/contrib/wpa/src/drivers/driver_common.c stable/11/contrib/wpa/src/drivers/driver_macsec_qca.c stable/11/contrib/wpa/src/drivers/driver_ndis.c stable/11/contrib/wpa/src/drivers/driver_nl80211.h stable/11/contrib/wpa/src/drivers/driver_nl80211_capa.c stable/11/contrib/wpa/src/drivers/driver_nl80211_event.c stable/11/contrib/wpa/src/drivers/driver_nl80211_monitor.c stable/11/contrib/wpa/src/drivers/driver_nl80211_scan.c stable/11/contrib/wpa/src/drivers/driver_privsep.c stable/11/contrib/wpa/src/drivers/driver_wired.c stable/11/contrib/wpa/src/drivers/drivers.c stable/11/contrib/wpa/src/eap_common/eap_eke_common.c stable/11/contrib/wpa/src/eap_common/eap_fast_common.c stable/11/contrib/wpa/src/eap_common/eap_fast_common.h stable/11/contrib/wpa/src/eap_common/eap_gpsk_common.c stable/11/contrib/wpa/src/eap_common/eap_pax_common.c stable/11/contrib/wpa/src/eap_common/eap_pwd_common.c stable/11/contrib/wpa/src/eap_common/eap_sake_common.c stable/11/contrib/wpa/src/eap_common/ikev2_common.c stable/11/contrib/wpa/src/eap_peer/eap.c stable/11/contrib/wpa/src/eap_peer/eap_aka.c stable/11/contrib/wpa/src/eap_peer/eap_config.h stable/11/contrib/wpa/src/eap_peer/eap_eke.c stable/11/contrib/wpa/src/eap_peer/eap_fast.c stable/11/contrib/wpa/src/eap_peer/eap_fast_pac.c stable/11/contrib/wpa/src/eap_peer/eap_gpsk.c stable/11/contrib/wpa/src/eap_peer/eap_gtc.c stable/11/contrib/wpa/src/eap_peer/eap_i.h stable/11/contrib/wpa/src/eap_peer/eap_ikev2.c stable/11/contrib/wpa/src/eap_peer/eap_leap.c stable/11/contrib/wpa/src/eap_peer/eap_md5.c stable/11/contrib/wpa/src/eap_peer/eap_methods.c stable/11/contrib/wpa/src/eap_peer/eap_methods.h stable/11/contrib/wpa/src/eap_peer/eap_mschapv2.c stable/11/contrib/wpa/src/eap_peer/eap_otp.c stable/11/contrib/wpa/src/eap_peer/eap_pax.c stable/11/contrib/wpa/src/eap_peer/eap_peap.c stable/11/contrib/wpa/src/eap_peer/eap_psk.c stable/11/contrib/wpa/src/eap_peer/eap_pwd.c stable/11/contrib/wpa/src/eap_peer/eap_sake.c stable/11/contrib/wpa/src/eap_peer/eap_sim.c stable/11/contrib/wpa/src/eap_peer/eap_tls.c stable/11/contrib/wpa/src/eap_peer/eap_tls_common.c stable/11/contrib/wpa/src/eap_peer/eap_tnc.c stable/11/contrib/wpa/src/eap_peer/eap_ttls.c stable/11/contrib/wpa/src/eap_peer/eap_vendor_test.c stable/11/contrib/wpa/src/eap_peer/eap_wsc.c stable/11/contrib/wpa/src/eap_peer/ikev2.c stable/11/contrib/wpa/src/eap_peer/tncc.c stable/11/contrib/wpa/src/eap_server/eap_methods.h stable/11/contrib/wpa/src/eap_server/eap_server_aka.c stable/11/contrib/wpa/src/eap_server/eap_server_eke.c stable/11/contrib/wpa/src/eap_server/eap_server_fast.c stable/11/contrib/wpa/src/eap_server/eap_server_gpsk.c stable/11/contrib/wpa/src/eap_server/eap_server_gtc.c stable/11/contrib/wpa/src/eap_server/eap_server_identity.c stable/11/contrib/wpa/src/eap_server/eap_server_ikev2.c stable/11/contrib/wpa/src/eap_server/eap_server_md5.c stable/11/contrib/wpa/src/eap_server/eap_server_methods.c stable/11/contrib/wpa/src/eap_server/eap_server_mschapv2.c stable/11/contrib/wpa/src/eap_server/eap_server_pax.c stable/11/contrib/wpa/src/eap_server/eap_server_peap.c stable/11/contrib/wpa/src/eap_server/eap_server_psk.c stable/11/contrib/wpa/src/eap_server/eap_server_pwd.c stable/11/contrib/wpa/src/eap_server/eap_server_sake.c stable/11/contrib/wpa/src/eap_server/eap_server_sim.c stable/11/contrib/wpa/src/eap_server/eap_server_tls.c stable/11/contrib/wpa/src/eap_server/eap_server_tls_common.c stable/11/contrib/wpa/src/eap_server/eap_server_tnc.c stable/11/contrib/wpa/src/eap_server/eap_server_ttls.c stable/11/contrib/wpa/src/eap_server/eap_server_vendor_test.c stable/11/contrib/wpa/src/eap_server/eap_server_wsc.c stable/11/contrib/wpa/src/eap_server/eap_sim_db.c stable/11/contrib/wpa/src/eap_server/eap_sim_db.h stable/11/contrib/wpa/src/eap_server/ikev2.c stable/11/contrib/wpa/src/eap_server/tncs.c stable/11/contrib/wpa/src/eapol_auth/eapol_auth_sm.c stable/11/contrib/wpa/src/eapol_auth/eapol_auth_sm_i.h stable/11/contrib/wpa/src/eapol_supp/eapol_supp_sm.c stable/11/contrib/wpa/src/fst/fst.c stable/11/contrib/wpa/src/fst/fst_ctrl_aux.c stable/11/contrib/wpa/src/fst/fst_ctrl_iface.c stable/11/contrib/wpa/src/fst/fst_defs.h stable/11/contrib/wpa/src/fst/fst_group.c stable/11/contrib/wpa/src/fst/fst_group.h stable/11/contrib/wpa/src/fst/fst_iface.c stable/11/contrib/wpa/src/fst/fst_iface.h stable/11/contrib/wpa/src/fst/fst_session.c stable/11/contrib/wpa/src/p2p/p2p.c stable/11/contrib/wpa/src/p2p/p2p.h stable/11/contrib/wpa/src/p2p/p2p_build.c stable/11/contrib/wpa/src/p2p/p2p_go_neg.c stable/11/contrib/wpa/src/p2p/p2p_group.c stable/11/contrib/wpa/src/p2p/p2p_i.h stable/11/contrib/wpa/src/p2p/p2p_invitation.c stable/11/contrib/wpa/src/p2p/p2p_parse.c stable/11/contrib/wpa/src/p2p/p2p_pd.c stable/11/contrib/wpa/src/p2p/p2p_sd.c stable/11/contrib/wpa/src/pae/ieee802_1x_cp.c stable/11/contrib/wpa/src/pae/ieee802_1x_cp.h stable/11/contrib/wpa/src/pae/ieee802_1x_kay.c stable/11/contrib/wpa/src/pae/ieee802_1x_kay.h stable/11/contrib/wpa/src/pae/ieee802_1x_kay_i.h stable/11/contrib/wpa/src/pae/ieee802_1x_secy_ops.c stable/11/contrib/wpa/src/pae/ieee802_1x_secy_ops.h stable/11/contrib/wpa/src/radius/radius.c stable/11/contrib/wpa/src/radius/radius.h stable/11/contrib/wpa/src/radius/radius_client.c stable/11/contrib/wpa/src/radius/radius_client.h stable/11/contrib/wpa/src/radius/radius_das.c stable/11/contrib/wpa/src/radius/radius_das.h stable/11/contrib/wpa/src/rsn_supp/pmksa_cache.c stable/11/contrib/wpa/src/rsn_supp/pmksa_cache.h stable/11/contrib/wpa/src/rsn_supp/preauth.c stable/11/contrib/wpa/src/rsn_supp/preauth.h stable/11/contrib/wpa/src/rsn_supp/tdls.c stable/11/contrib/wpa/src/rsn_supp/wpa.c stable/11/contrib/wpa/src/rsn_supp/wpa.h stable/11/contrib/wpa/src/rsn_supp/wpa_i.h stable/11/contrib/wpa/src/rsn_supp/wpa_ie.c stable/11/contrib/wpa/src/tls/asn1.h stable/11/contrib/wpa/src/tls/pkcs5.c stable/11/contrib/wpa/src/tls/tlsv1_client.c stable/11/contrib/wpa/src/tls/tlsv1_client.h stable/11/contrib/wpa/src/tls/tlsv1_client_i.h stable/11/contrib/wpa/src/tls/tlsv1_client_read.c stable/11/contrib/wpa/src/tls/tlsv1_client_write.c stable/11/contrib/wpa/src/tls/tlsv1_common.c stable/11/contrib/wpa/src/tls/tlsv1_common.h stable/11/contrib/wpa/src/tls/tlsv1_cred.c stable/11/contrib/wpa/src/tls/tlsv1_cred.h stable/11/contrib/wpa/src/tls/tlsv1_server_i.h stable/11/contrib/wpa/src/tls/tlsv1_server_read.c stable/11/contrib/wpa/src/tls/tlsv1_server_write.c stable/11/contrib/wpa/src/tls/x509v3.c stable/11/contrib/wpa/src/tls/x509v3.h stable/11/contrib/wpa/src/utils/browser-android.c stable/11/contrib/wpa/src/utils/common.c stable/11/contrib/wpa/src/utils/common.h stable/11/contrib/wpa/src/utils/edit_simple.c stable/11/contrib/wpa/src/utils/eloop.c stable/11/contrib/wpa/src/utils/eloop.h stable/11/contrib/wpa/src/utils/eloop_win.c stable/11/contrib/wpa/src/utils/ext_password.c stable/11/contrib/wpa/src/utils/ext_password_i.h stable/11/contrib/wpa/src/utils/http_curl.c stable/11/contrib/wpa/src/utils/os.h stable/11/contrib/wpa/src/utils/os_unix.c stable/11/contrib/wpa/src/utils/pcsc_funcs.c stable/11/contrib/wpa/src/utils/platform.h stable/11/contrib/wpa/src/utils/radiotap.c stable/11/contrib/wpa/src/utils/radiotap.h stable/11/contrib/wpa/src/utils/radiotap_iter.h stable/11/contrib/wpa/src/utils/trace.c stable/11/contrib/wpa/src/utils/trace.h stable/11/contrib/wpa/src/utils/utils_module_tests.c stable/11/contrib/wpa/src/utils/wpa_debug.c stable/11/contrib/wpa/src/utils/wpabuf.c stable/11/contrib/wpa/src/utils/wpabuf.h stable/11/contrib/wpa/src/utils/xml_libxml2.c stable/11/contrib/wpa/src/wps/wps.c stable/11/contrib/wpa/src/wps/wps.h stable/11/contrib/wpa/src/wps/wps_attr_build.c stable/11/contrib/wpa/src/wps/wps_attr_parse.c stable/11/contrib/wpa/src/wps/wps_attr_process.c stable/11/contrib/wpa/src/wps/wps_common.c stable/11/contrib/wpa/src/wps/wps_defs.h stable/11/contrib/wpa/src/wps/wps_enrollee.c stable/11/contrib/wpa/src/wps/wps_i.h stable/11/contrib/wpa/src/wps/wps_module_tests.c stable/11/contrib/wpa/src/wps/wps_registrar.c stable/11/contrib/wpa/src/wps/wps_upnp.c stable/11/contrib/wpa/src/wps/wps_upnp.h stable/11/contrib/wpa/src/wps/wps_upnp_i.h stable/11/contrib/wpa/src/wps/wps_upnp_ssdp.c stable/11/contrib/wpa/src/wps/wps_upnp_web.c stable/11/contrib/wpa/wpa_supplicant/ChangeLog stable/11/contrib/wpa/wpa_supplicant/README stable/11/contrib/wpa/wpa_supplicant/README-HS20 stable/11/contrib/wpa/wpa_supplicant/README-P2P stable/11/contrib/wpa/wpa_supplicant/ap.c stable/11/contrib/wpa/wpa_supplicant/ap.h stable/11/contrib/wpa/wpa_supplicant/autoscan.c stable/11/contrib/wpa/wpa_supplicant/autoscan.h stable/11/contrib/wpa/wpa_supplicant/bgscan.c stable/11/contrib/wpa/wpa_supplicant/bgscan.h stable/11/contrib/wpa/wpa_supplicant/bss.c stable/11/contrib/wpa/wpa_supplicant/bss.h stable/11/contrib/wpa/wpa_supplicant/config.c stable/11/contrib/wpa/wpa_supplicant/config.h stable/11/contrib/wpa/wpa_supplicant/config_file.c stable/11/contrib/wpa/wpa_supplicant/config_ssid.h stable/11/contrib/wpa/wpa_supplicant/ctrl_iface.c stable/11/contrib/wpa/wpa_supplicant/ctrl_iface_udp.c stable/11/contrib/wpa/wpa_supplicant/ctrl_iface_unix.c stable/11/contrib/wpa/wpa_supplicant/dbus/dbus-wpa_supplicant.conf stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_common_i.h stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_dict_helpers.c stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_dict_helpers.h stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_new.c stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_new.h stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers.c stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers.h stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers_p2p.c stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers_p2p.h stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers_wps.c stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_new_helpers.c stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_new_helpers.h stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_new_introspect.c stable/11/contrib/wpa/wpa_supplicant/dbus/dbus_old_handlers.c stable/11/contrib/wpa/wpa_supplicant/defconfig stable/11/contrib/wpa/wpa_supplicant/driver_i.h stable/11/contrib/wpa/wpa_supplicant/eapol_test.c stable/11/contrib/wpa/wpa_supplicant/events.c stable/11/contrib/wpa/wpa_supplicant/gas_query.c stable/11/contrib/wpa/wpa_supplicant/gas_query.h stable/11/contrib/wpa/wpa_supplicant/hs20_supplicant.c stable/11/contrib/wpa/wpa_supplicant/hs20_supplicant.h stable/11/contrib/wpa/wpa_supplicant/ibss_rsn.c stable/11/contrib/wpa/wpa_supplicant/ibss_rsn.h stable/11/contrib/wpa/wpa_supplicant/interworking.c stable/11/contrib/wpa/wpa_supplicant/interworking.h stable/11/contrib/wpa/wpa_supplicant/main.c stable/11/contrib/wpa/wpa_supplicant/mesh.c stable/11/contrib/wpa/wpa_supplicant/mesh.h stable/11/contrib/wpa/wpa_supplicant/mesh_mpm.c stable/11/contrib/wpa/wpa_supplicant/mesh_mpm.h stable/11/contrib/wpa/wpa_supplicant/mesh_rsn.c stable/11/contrib/wpa/wpa_supplicant/mesh_rsn.h stable/11/contrib/wpa/wpa_supplicant/notify.c stable/11/contrib/wpa/wpa_supplicant/notify.h stable/11/contrib/wpa/wpa_supplicant/offchannel.c stable/11/contrib/wpa/wpa_supplicant/p2p_supplicant.c stable/11/contrib/wpa/wpa_supplicant/p2p_supplicant.h stable/11/contrib/wpa/wpa_supplicant/p2p_supplicant_sd.c stable/11/contrib/wpa/wpa_supplicant/scan.c stable/11/contrib/wpa/wpa_supplicant/scan.h stable/11/contrib/wpa/wpa_supplicant/sme.c stable/11/contrib/wpa/wpa_supplicant/wmm_ac.h stable/11/contrib/wpa/wpa_supplicant/wnm_sta.c stable/11/contrib/wpa/wpa_supplicant/wnm_sta.h stable/11/contrib/wpa/wpa_supplicant/wpa_cli.c stable/11/contrib/wpa/wpa_supplicant/wpa_priv.c stable/11/contrib/wpa/wpa_supplicant/wpa_supplicant.c stable/11/contrib/wpa/wpa_supplicant/wpa_supplicant.conf stable/11/contrib/wpa/wpa_supplicant/wpa_supplicant_i.h stable/11/contrib/wpa/wpa_supplicant/wpas_glue.c stable/11/contrib/wpa/wpa_supplicant/wpas_kay.c stable/11/contrib/wpa/wpa_supplicant/wpas_module_tests.c stable/11/contrib/wpa/wpa_supplicant/wps_supplicant.c stable/11/contrib/wpa/wpa_supplicant/wps_supplicant.h stable/11/usr.sbin/wpa/Makefile.inc stable/11/usr.sbin/wpa/hostapd/Makefile stable/11/usr.sbin/wpa/hostapd_cli/Makefile stable/11/usr.sbin/wpa/wpa_cli/Makefile stable/11/usr.sbin/wpa/wpa_supplicant/Makefile Directory Properties: stable/11/ (props changed) Modified: stable/11/contrib/wpa/CONTRIBUTIONS ============================================================================== --- stable/11/contrib/wpa/CONTRIBUTIONS Tue Aug 14 19:44:36 2018 (r337816) +++ stable/11/contrib/wpa/CONTRIBUTIONS Tue Aug 14 20:02:01 2018 (r337817) @@ -29,6 +29,34 @@ using your real name. Pseudonyms or anonymous contribu unfortunately be accepted. +The preferred method of submitting the contribution to the project is by +email to the hostap mailing list: +hos...@lists.infradead.org +Note that the list may require subscription before accepting message +without moderation. You can subscribe to the list at this address: +http://lists.infradead.org/mailman/listinfo/hostap + +The message should contain an inlined patch against the current +development branch (i.e., the master branch of +git://w1.fi/hostap.git). Please make sure the software you use for +sending the patch does not corrupt whitespace. If that cannot be fixed +for some reason, it is better to include an attached version of the +patch file than just send a whitespace damaged version in the message +body. + +The patches should be separate logical changes rather than doing +everything in a single patch. In other words, please keep cleanup, new +features, and bug fixes all in their own patches. Each patch needs a +commit log that describes the changes (what the changes fix, what +functionality is added, why the changes are useful, etc.). + +Please try to follow the coding style used in the project. + +In general, the best way of generating a suitable formatted patch file +is by committing the changes to a cloned git repository and using git +format-patch. The patch can then be sent, e.g., with git send-email. + + History of license and contributions terms ------------------------------------------ @@ -112,7 +140,7 @@ The license terms used for hostap.git files Modified BSD license (no advertisement clause): -Copyright (c) 2002-2015, Jouni Malinen <j...@w1.fi> and contributors +Copyright (c) 2002-2016, Jouni Malinen <j...@w1.fi> and contributors All Rights Reserved. Redistribution and use in source and binary forms, with or without Modified: stable/11/contrib/wpa/COPYING ============================================================================== --- stable/11/contrib/wpa/COPYING Tue Aug 14 19:44:36 2018 (r337816) +++ stable/11/contrib/wpa/COPYING Tue Aug 14 20:02:01 2018 (r337817) @@ -1,7 +1,7 @@ wpa_supplicant and hostapd -------------------------- -Copyright (c) 2002-2015, Jouni Malinen <j...@w1.fi> and contributors +Copyright (c) 2002-2016, Jouni Malinen <j...@w1.fi> and contributors All Rights Reserved. Modified: stable/11/contrib/wpa/README ============================================================================== --- stable/11/contrib/wpa/README Tue Aug 14 19:44:36 2018 (r337816) +++ stable/11/contrib/wpa/README Tue Aug 14 20:02:01 2018 (r337817) @@ -1,7 +1,7 @@ wpa_supplicant and hostapd -------------------------- -Copyright (c) 2002-2015, Jouni Malinen <j...@w1.fi> and contributors +Copyright (c) 2002-2016, Jouni Malinen <j...@w1.fi> and contributors All Rights Reserved. These programs are licensed under the BSD license (the one with Modified: stable/11/contrib/wpa/hostapd/ChangeLog ============================================================================== --- stable/11/contrib/wpa/hostapd/ChangeLog Tue Aug 14 19:44:36 2018 (r337816) +++ stable/11/contrib/wpa/hostapd/ChangeLog Tue Aug 14 20:02:01 2018 (r337817) @@ -1,5 +1,78 @@ ChangeLog for hostapd +2016-10-02 - v2.6 + * fixed EAP-pwd last fragment validation + [http://w1.fi/security/2015-7/] (CVE-2015-5314) + * fixed WPS configuration update vulnerability with malformed passphrase + [http://w1.fi/security/2016-1/] (CVE-2016-4476) + * extended channel switch support for VHT bandwidth changes + * added support for configuring new ANQP-elements with + anqp_elem=<InfoID>:<hexdump of payload> + * fixed Suite B 192-bit AKM to use proper PMK length + (note: this makes old releases incompatible with the fixed behavior) + * added no_probe_resp_if_max_sta=1 parameter to disable Probe Response + frame sending for not-associated STAs if max_num_sta limit has been + reached + * added option (-S as command line argument) to request all interfaces + to be started at the same time + * modified rts_threshold and fragm_threshold configuration parameters + to allow -1 to be used to disable RTS/fragmentation + * EAP-pwd: added support for Brainpool Elliptic Curves + (with OpenSSL 1.0.2 and newer) + * fixed EAPOL reauthentication after FT protocol run + * fixed FTIE generation for 4-way handshake after FT protocol run + * fixed and improved various FST operations + * TLS server + - support SHA384 and SHA512 hashes + - support TLS v1.2 signature algorithm with SHA384 and SHA512 + - support PKCS #5 v2.0 PBES2 + - support PKCS #5 with PKCS #12 style key decryption + - minimal support for PKCS #12 + - support OCSP stapling (including ocsp_multi) + * added support for OpenSSL 1.1 API changes + - drop support for OpenSSL 0.9.8 + - drop support for OpenSSL 1.0.0 + * EAP-PEAP: support fast-connect crypto binding + * RADIUS + - fix Called-Station-Id to not escape SSID + - add Event-Timestamp to all Accounting-Request packets + - add Acct-Session-Id to Accounting-On/Off + - add Acct-Multi-Session-Id ton Access-Request packets + - add Service-Type (= Frames) + - allow server to provide PSK instead of passphrase for WPA-PSK + Tunnel_password case + - update full message for interim accounting updates + - add Acct-Delay-Time into Accounting messages + - add require_message_authenticator configuration option to require + CoA/Disconnect-Request packets to be authenticated + * started to postpone WNM-Notification frame sending by 100 ms so that + the STA has some more time to configure the key before this frame is + received after the 4-way handshake + * VHT: added interoperability workaround for 80+80 and 160 MHz channels + * extended VLAN support (per-STA vif, etc.) + * fixed PMKID derivation with SAE + * nl80211 + - added support for full station state operations + - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use + unencrypted EAPOL frames + * added initial MBO support; number of extensions to WNM BSS Transition + Management + * added initial functionality for location related operations + * added assocresp_elements parameter to allow vendor specific elements + to be added into (Re)Association Response frames + * improved Public Action frame addressing + - use Address 3 = wildcard BSSID in GAS response if a query from an + unassociated STA used that address + - fix TX status processing for Address 3 = wildcard BSSID + - add gas_address3 configuration parameter to control Address 3 + behavior + * added command line parameter -i to override interface parameter in + hostapd.conf + * added command completion support to hostapd_cli + * added passive client taxonomy determination (CONFIG_TAXONOMY=y + compile option and "SIGNATURE <addr>" control interface command) + * number of small fixes + 2015-09-27 - v2.5 * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding [http://w1.fi/security/2015-2/] (CVE-2015-4141) Modified: stable/11/contrib/wpa/hostapd/README ============================================================================== --- stable/11/contrib/wpa/hostapd/README Tue Aug 14 19:44:36 2018 (r337816) +++ stable/11/contrib/wpa/hostapd/README Tue Aug 14 20:02:01 2018 (r337817) @@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WP Authenticator and RADIUS authentication server ================================================================ -Copyright (c) 2002-2015, Jouni Malinen <j...@w1.fi> and contributors +Copyright (c) 2002-2016, Jouni Malinen <j...@w1.fi> and contributors All Rights Reserved. This program is licensed under the BSD license (the one with Modified: stable/11/contrib/wpa/hostapd/config_file.c ============================================================================== --- stable/11/contrib/wpa/hostapd/config_file.c Tue Aug 14 19:44:36 2018 (r337816) +++ stable/11/contrib/wpa/hostapd/config_file.c Tue Aug 14 20:02:01 2018 (r337817) @@ -97,6 +97,8 @@ static int hostapd_config_read_vlan_file(struct hostap } vlan->vlan_id = vlan_id; + vlan->vlan_desc.untagged = vlan_id; + vlan->vlan_desc.notempty = !!vlan_id; os_strlcpy(vlan->ifname, pos, sizeof(vlan->ifname)); vlan->next = bss->vlan; bss->vlan = vlan; @@ -197,7 +199,10 @@ static int hostapd_config_read_maclist(const char *fna *acl = newacl; os_memcpy((*acl)[*num].addr, addr, ETH_ALEN); - (*acl)[*num].vlan_id = vlan_id; + os_memset(&(*acl)[*num].vlan_id, 0, + sizeof((*acl)[*num].vlan_id)); + (*acl)[*num].vlan_id.untagged = vlan_id; + (*acl)[*num].vlan_id.notempty = !!vlan_id; (*num)++; } @@ -631,8 +636,7 @@ hostapd_parse_radius_attr(const char *value) } -static int hostapd_parse_das_client(struct hostapd_bss_config *bss, - const char *val) +static int hostapd_parse_das_client(struct hostapd_bss_config *bss, char *val) { char *secret; @@ -640,7 +644,7 @@ static int hostapd_parse_das_client(struct hostapd_bss if (secret == NULL) return -1; - secret++; + *secret++ = '\0'; if (hostapd_parse_ip_addr(val, &bss->radius_das_client_addr)) return -1; @@ -1519,6 +1523,54 @@ fail: } +static int parse_anqp_elem(struct hostapd_bss_config *bss, char *buf, int line) +{ + char *delim; + u16 infoid; + size_t len; + struct wpabuf *payload; + struct anqp_element *elem; + + delim = os_strchr(buf, ':'); + if (!delim) + return -1; + delim++; + infoid = atoi(buf); + len = os_strlen(delim); + if (len & 1) + return -1; + len /= 2; + payload = wpabuf_alloc(len); + if (!payload) + return -1; + if (hexstr2bin(delim, wpabuf_put(payload, len), len) < 0) { + wpabuf_free(payload); + return -1; + } + + dl_list_for_each(elem, &bss->anqp_elem, struct anqp_element, list) { + if (elem->infoid == infoid) { + /* Update existing entry */ + wpabuf_free(elem->payload); + elem->payload = payload; + return 0; + } + } + + /* Add a new entry */ + elem = os_zalloc(sizeof(*elem)); + if (!elem) { + wpabuf_free(payload); + return -1; + } + elem->infoid = infoid; + elem->payload = payload; + dl_list_add(&bss->anqp_elem, &elem->list); + + return 0; +} + + static int parse_qos_map_set(struct hostapd_bss_config *bss, char *buf, int line) { @@ -1867,31 +1919,6 @@ static int hs20_parse_osu_service_desc(struct hostapd_ #endif /* CONFIG_HS20 */ -#ifdef CONFIG_WPS_NFC -static struct wpabuf * hostapd_parse_bin(const char *buf) -{ - size_t len; - struct wpabuf *ret; - - len = os_strlen(buf); - if (len & 0x01) - return NULL; - len /= 2; - - ret = wpabuf_alloc(len); - if (ret == NULL) - return NULL; - - if (hexstr2bin(buf, wpabuf_put(ret, len), len)) { - wpabuf_free(ret); - return NULL; - } - - return ret; -} -#endif /* CONFIG_WPS_NFC */ - - #ifdef CONFIG_ACS static int hostapd_config_parse_acs_chan_bias(struct hostapd_config *conf, char *pos) @@ -1934,6 +1961,31 @@ fail: #endif /* CONFIG_ACS */ +static int parse_wpabuf_hex(int line, const char *name, struct wpabuf **buf, + const char *val) +{ + struct wpabuf *elems; + + if (val[0] == '\0') { + wpabuf_free(*buf); + *buf = NULL; + return 0; + } + + elems = wpabuf_parse_bin(val); + if (!elems) { + wpa_printf(MSG_ERROR, "Line %d: Invalid %s '%s'", + line, name, val); + return -1; + } + + wpabuf_free(*buf); + *buf = elems; + + return 0; +} + + static int hostapd_config_fill(struct hostapd_config *conf, struct hostapd_bss_config *bss, const char *buf, char *pos, int line) @@ -2084,6 +2136,9 @@ static int hostapd_config_fill(struct hostapd_config * } else if (os_strcmp(buf, "ocsp_stapling_response") == 0) { os_free(bss->ocsp_stapling_response); bss->ocsp_stapling_response = os_strdup(pos); + } else if (os_strcmp(buf, "ocsp_stapling_response_multi") == 0) { + os_free(bss->ocsp_stapling_response_multi); + bss->ocsp_stapling_response_multi = os_strdup(pos); } else if (os_strcmp(buf, "dh_file") == 0) { os_free(bss->dh_file); bss->dh_file = os_strdup(pos); @@ -2139,6 +2194,8 @@ static int hostapd_config_fill(struct hostapd_config * } else if (os_strcmp(buf, "eap_sim_db") == 0) { os_free(bss->eap_sim_db); bss->eap_sim_db = os_strdup(pos); + } else if (os_strcmp(buf, "eap_sim_db_timeout") == 0) { + bss->eap_sim_db_timeout = atoi(pos); } else if (os_strcmp(buf, "eap_sim_aka_result_ind") == 0) { bss->eap_sim_aka_result_ind = atoi(pos); #endif /* EAP_SERVER_SIM */ @@ -2353,6 +2410,9 @@ static int hostapd_config_fill(struct hostapd_config * bss->radius_das_time_window = atoi(pos); } else if (os_strcmp(buf, "radius_das_require_event_timestamp") == 0) { bss->radius_das_require_event_timestamp = atoi(pos); + } else if (os_strcmp(buf, "radius_das_require_message_authenticator") == + 0) { + bss->radius_das_require_message_authenticator = atoi(pos); #endif /* CONFIG_NO_RADIUS */ } else if (os_strcmp(buf, "auth_algs") == 0) { bss->auth_algs = atoi(pos); @@ -2644,7 +2704,7 @@ static int hostapd_config_fill(struct hostapd_config * } } else if (os_strcmp(buf, "rts_threshold") == 0) { conf->rts_threshold = atoi(pos); - if (conf->rts_threshold < 0 || conf->rts_threshold > 2347) { + if (conf->rts_threshold < -1 || conf->rts_threshold > 65535) { wpa_printf(MSG_ERROR, "Line %d: invalid rts_threshold %d", line, conf->rts_threshold); @@ -2652,8 +2712,10 @@ static int hostapd_config_fill(struct hostapd_config * } } else if (os_strcmp(buf, "fragm_threshold") == 0) { conf->fragm_threshold = atoi(pos); - if (conf->fragm_threshold < 256 || - conf->fragm_threshold > 2346) { + if (conf->fragm_threshold == -1) { + /* allow a value of -1 */ + } else if (conf->fragm_threshold < 256 || + conf->fragm_threshold > 2346) { wpa_printf(MSG_ERROR, "Line %d: invalid fragm_threshold %d", line, conf->fragm_threshold); @@ -2686,6 +2748,8 @@ static int hostapd_config_fill(struct hostapd_config * conf->preamble = LONG_PREAMBLE; } else if (os_strcmp(buf, "ignore_broadcast_ssid") == 0) { bss->ignore_broadcast_ssid = atoi(pos); + } else if (os_strcmp(buf, "no_probe_resp_if_max_sta") == 0) { + bss->no_probe_resp_if_max_sta = atoi(pos); } else if (os_strcmp(buf, "wep_default_key") == 0) { bss->ssid.wep.idx = atoi(pos); if (bss->ssid.wep.idx > 3) { @@ -2707,6 +2771,8 @@ static int hostapd_config_fill(struct hostapd_config * #ifndef CONFIG_NO_VLAN } else if (os_strcmp(buf, "dynamic_vlan") == 0) { bss->ssid.dynamic_vlan = atoi(pos); + } else if (os_strcmp(buf, "per_sta_vif") == 0) { + bss->ssid.per_sta_vif = atoi(pos); } else if (os_strcmp(buf, "vlan_file") == 0) { if (hostapd_config_read_vlan_file(bss, pos)) { wpa_printf(MSG_ERROR, "Line %d: failed to read VLAN file '%s'", @@ -2762,6 +2828,8 @@ static int hostapd_config_fill(struct hostapd_config * line); return 1; } + } else if (os_strcmp(buf, "use_driver_iface_addr") == 0) { + conf->use_driver_iface_addr = atoi(pos); #ifdef CONFIG_IEEE80211W } else if (os_strcmp(buf, "ieee80211w") == 0) { bss->ieee80211w = atoi(pos); @@ -2827,6 +2895,8 @@ static int hostapd_config_fill(struct hostapd_config * conf->vht_oper_centr_freq_seg1_idx = atoi(pos); } else if (os_strcmp(buf, "vendor_vht") == 0) { bss->vendor_vht = atoi(pos); + } else if (os_strcmp(buf, "use_sta_nsts") == 0) { + bss->use_sta_nsts = atoi(pos); #endif /* CONFIG_IEEE80211AC */ } else if (os_strcmp(buf, "max_listen_interval") == 0) { bss->max_listen_interval = atoi(pos); @@ -2965,15 +3035,15 @@ static int hostapd_config_fill(struct hostapd_config * bss->wps_nfc_pw_from_config = 1; } else if (os_strcmp(buf, "wps_nfc_dh_pubkey") == 0) { wpabuf_free(bss->wps_nfc_dh_pubkey); - bss->wps_nfc_dh_pubkey = hostapd_parse_bin(pos); + bss->wps_nfc_dh_pubkey = wpabuf_parse_bin(pos); bss->wps_nfc_pw_from_config = 1; } else if (os_strcmp(buf, "wps_nfc_dh_privkey") == 0) { wpabuf_free(bss->wps_nfc_dh_privkey); - bss->wps_nfc_dh_privkey = hostapd_parse_bin(pos); + bss->wps_nfc_dh_privkey = wpabuf_parse_bin(pos); bss->wps_nfc_pw_from_config = 1; } else if (os_strcmp(buf, "wps_nfc_dev_pw") == 0) { wpabuf_free(bss->wps_nfc_dev_pw); - bss->wps_nfc_dev_pw = hostapd_parse_bin(pos); + bss->wps_nfc_dev_pw = wpabuf_parse_bin(pos); bss->wps_nfc_pw_from_config = 1; #endif /* CONFIG_WPS_NFC */ #endif /* CONFIG_WPS */ @@ -3136,6 +3206,9 @@ static int hostapd_config_fill(struct hostapd_config * } else if (os_strcmp(buf, "nai_realm") == 0) { if (parse_nai_realm(bss, pos, line) < 0) return 1; + } else if (os_strcmp(buf, "anqp_elem") == 0) { + if (parse_anqp_elem(bss, pos, line) < 0) + return 1; } else if (os_strcmp(buf, "gas_frag_limit") == 0) { bss->gas_frag_limit = atoi(pos); } else if (os_strcmp(buf, "gas_comeback_delay") == 0) { @@ -3149,13 +3222,15 @@ static int hostapd_config_fill(struct hostapd_config * os_free(bss->dump_msk_file); bss->dump_msk_file = os_strdup(pos); #endif /* CONFIG_RADIUS_TEST */ +#ifdef CONFIG_PROXYARP + } else if (os_strcmp(buf, "proxy_arp") == 0) { + bss->proxy_arp = atoi(pos); +#endif /* CONFIG_PROXYARP */ #ifdef CONFIG_HS20 } else if (os_strcmp(buf, "hs20") == 0) { bss->hs20 = atoi(pos); } else if (os_strcmp(buf, "disable_dgaf") == 0) { bss->disable_dgaf = atoi(pos); - } else if (os_strcmp(buf, "proxy_arp") == 0) { - bss->proxy_arp = atoi(pos); } else if (os_strcmp(buf, "na_mcast_to_ucast") == 0) { bss->na_mcast_to_ucast = atoi(pos); } else if (os_strcmp(buf, "osen") == 0) { @@ -3231,6 +3306,10 @@ static int hostapd_config_fill(struct hostapd_config * } else if (os_strcmp(buf, "subscr_remediation_method") == 0) { bss->subscr_remediation_method = atoi(pos); #endif /* CONFIG_HS20 */ +#ifdef CONFIG_MBO + } else if (os_strcmp(buf, "mbo") == 0) { + bss->mbo_enabled = atoi(pos); +#endif /* CONFIG_MBO */ #ifdef CONFIG_TESTING_OPTIONS #define PARSE_TEST_PROBABILITY(_val) \ } else if (os_strcmp(buf, #_val) == 0) { \ @@ -3249,6 +3328,8 @@ static int hostapd_config_fill(struct hostapd_config * PARSE_TEST_PROBABILITY(ignore_assoc_probability) PARSE_TEST_PROBABILITY(ignore_reassoc_probability) PARSE_TEST_PROBABILITY(corrupt_gtk_rekey_mic_probability) + } else if (os_strcmp(buf, "ecsa_ie_only") == 0) { + conf->ecsa_ie_only = atoi(pos); } else if (os_strcmp(buf, "bss_load_test") == 0) { WPA_PUT_LE16(bss->bss_load_test, atoi(pos)); pos = os_strchr(pos, ':'); @@ -3269,7 +3350,15 @@ static int hostapd_config_fill(struct hostapd_config * WPA_PUT_LE16(&bss->bss_load_test[3], atoi(pos)); bss->bss_load_test_set = 1; } else if (os_strcmp(buf, "radio_measurements") == 0) { - bss->radio_measurements = atoi(pos); + /* + * DEPRECATED: This parameter will be removed in the future. + * Use rrm_neighbor_report instead. + */ + int val = atoi(pos); + + if (val & BIT(0)) + bss->radio_measurements[0] |= + WLAN_RRM_CAPS_NEIGHBOR_REPORT; } else if (os_strcmp(buf, "own_ie_override") == 0) { struct wpabuf *tmp; size_t len = os_strlen(pos) / 2; @@ -3290,35 +3379,11 @@ static int hostapd_config_fill(struct hostapd_config * bss->own_ie_override = tmp; #endif /* CONFIG_TESTING_OPTIONS */ } else if (os_strcmp(buf, "vendor_elements") == 0) { - struct wpabuf *elems; - size_t len = os_strlen(pos); - if (len & 0x01) { - wpa_printf(MSG_ERROR, - "Line %d: Invalid vendor_elements '%s'", - line, pos); + if (parse_wpabuf_hex(line, buf, &bss->vendor_elements, pos)) return 1; - } - len /= 2; - if (len == 0) { - wpabuf_free(bss->vendor_elements); - bss->vendor_elements = NULL; - return 0; - } - - elems = wpabuf_alloc(len); - if (elems == NULL) + } else if (os_strcmp(buf, "assocresp_elements") == 0) { + if (parse_wpabuf_hex(line, buf, &bss->assocresp_elements, pos)) return 1; - - if (hexstr2bin(pos, wpabuf_put(elems, len), len)) { - wpabuf_free(elems); - wpa_printf(MSG_ERROR, - "Line %d: Invalid vendor_elements '%s'", - line, pos); - return 1; - } - - wpabuf_free(bss->vendor_elements); - bss->vendor_elements = elems; } else if (os_strcmp(buf, "sae_anti_clogging_threshold") == 0) { bss->sae_anti_clogging_threshold = atoi(pos); } else if (os_strcmp(buf, "sae_groups") == 0) { @@ -3391,7 +3456,8 @@ static int hostapd_config_fill(struct hostapd_config * return -1; } val = strtol(pos, &endp, 0); - if (*endp || val < 1 || val > FST_MAX_LLT_MS) { + if (*endp || val < 1 || + (unsigned long int) val > FST_MAX_LLT_MS) { wpa_printf(MSG_ERROR, "Line %d: Invalid fst_llt %ld (%s) (expected 1..%u)", line, val, pos, FST_MAX_LLT_MS); @@ -3409,6 +3475,22 @@ static int hostapd_config_fill(struct hostapd_config * } else if (os_strcmp(buf, "no_auth_if_seen_on") == 0) { os_free(bss->no_auth_if_seen_on); bss->no_auth_if_seen_on = os_strdup(pos); + } else if (os_strcmp(buf, "lci") == 0) { + wpabuf_free(conf->lci); + conf->lci = wpabuf_parse_bin(pos); + } else if (os_strcmp(buf, "civic") == 0) { + wpabuf_free(conf->civic); + conf->civic = wpabuf_parse_bin(pos); + } else if (os_strcmp(buf, "rrm_neighbor_report") == 0) { + if (atoi(pos)) + bss->radio_measurements[0] |= + WLAN_RRM_CAPS_NEIGHBOR_REPORT; + } else if (os_strcmp(buf, "gas_address3") == 0) { + bss->gas_address3 = atoi(pos); + } else if (os_strcmp(buf, "ftm_responder") == 0) { + bss->ftm_responder = atoi(pos); + } else if (os_strcmp(buf, "ftm_initiator") == 0) { + bss->ftm_initiator = atoi(pos); } else { wpa_printf(MSG_ERROR, "Line %d: unknown configuration item '%s'", @@ -3429,7 +3511,7 @@ struct hostapd_config * hostapd_config_read(const char { struct hostapd_config *conf; FILE *f; - char buf[512], *pos; + char buf[4096], *pos; int line = 0; int errors = 0; size_t i; Modified: stable/11/contrib/wpa/hostapd/ctrl_iface.c ============================================================================== --- stable/11/contrib/wpa/hostapd/ctrl_iface.c Tue Aug 14 19:44:36 2018 (r337816) +++ stable/11/contrib/wpa/hostapd/ctrl_iface.c Tue Aug 14 20:02:01 2018 (r337817) @@ -19,10 +19,16 @@ #include <sys/stat.h> #include <stddef.h> +#ifdef CONFIG_CTRL_IFACE_UDP +#include <netdb.h> +#endif /* CONFIG_CTRL_IFACE_UDP */ + #include "utils/common.h" #include "utils/eloop.h" +#include "utils/module_tests.h" #include "common/version.h" #include "common/ieee802_11_defs.h" +#include "common/ctrl_iface_common.h" #include "crypto/tls.h" #include "drivers/driver.h" #include "eapol_auth/eapol_auth_sm.h" @@ -42,6 +48,8 @@ #include "ap/wnm_ap.h" #include "ap/wpa_auth.h" #include "ap/beacon.h" +#include "ap/neighbor_db.h" +#include "ap/rrm.h" #include "wps/wps_defs.h" #include "wps/wps.h" #include "fst/fst_ctrl_iface.h" @@ -51,96 +59,43 @@ #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256 -struct wpa_ctrl_dst { - struct wpa_ctrl_dst *next; - struct sockaddr_un addr; - socklen_t addrlen; - int debug_level; - int errors; -}; +#ifdef CONFIG_CTRL_IFACE_UDP +#define COOKIE_LEN 8 +static unsigned char cookie[COOKIE_LEN]; +static unsigned char gcookie[COOKIE_LEN]; +#define HOSTAPD_CTRL_IFACE_PORT 8877 +#define HOSTAPD_CTRL_IFACE_PORT_LIMIT 50 +#define HOSTAPD_GLOBAL_CTRL_IFACE_PORT 8878 +#define HOSTAPD_GLOBAL_CTRL_IFACE_PORT_LIMIT 50 +#endif /* CONFIG_CTRL_IFACE_UDP */ - static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level, enum wpa_msg_type type, const char *buf, size_t len); static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd, - struct sockaddr_un *from, + struct sockaddr_storage *from, socklen_t fromlen) { - struct wpa_ctrl_dst *dst; - - dst = os_zalloc(sizeof(*dst)); - if (dst == NULL) - return -1; - os_memcpy(&dst->addr, from, sizeof(struct sockaddr_un)); - dst->addrlen = fromlen; - dst->debug_level = MSG_INFO; - dst->next = hapd->ctrl_dst; - hapd->ctrl_dst = dst; - wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor attached", - (u8 *) from->sun_path, - fromlen - offsetof(struct sockaddr_un, sun_path)); - return 0; + return ctrl_iface_attach(&hapd->ctrl_dst, from, fromlen); } static int hostapd_ctrl_iface_detach(struct hostapd_data *hapd, - struct sockaddr_un *from, + struct sockaddr_storage *from, socklen_t fromlen) { - struct wpa_ctrl_dst *dst, *prev = NULL; - - dst = hapd->ctrl_dst; - while (dst) { - if (fromlen == dst->addrlen && - os_memcmp(from->sun_path, dst->addr.sun_path, - fromlen - offsetof(struct sockaddr_un, sun_path)) - == 0) { - wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor detached", - (u8 *) from->sun_path, - fromlen - - offsetof(struct sockaddr_un, sun_path)); - if (prev == NULL) - hapd->ctrl_dst = dst->next; - else - prev->next = dst->next; - os_free(dst); - return 0; - } - prev = dst; - dst = dst->next; - } - return -1; + return ctrl_iface_detach(&hapd->ctrl_dst, from, fromlen); } static int hostapd_ctrl_iface_level(struct hostapd_data *hapd, - struct sockaddr_un *from, + struct sockaddr_storage *from, socklen_t fromlen, char *level) { - struct wpa_ctrl_dst *dst; - - wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level); - - dst = hapd->ctrl_dst; - while (dst) { - if (fromlen == dst->addrlen && - os_memcmp(from->sun_path, dst->addr.sun_path, - fromlen - offsetof(struct sockaddr_un, sun_path)) - == 0) { - wpa_hexdump(MSG_DEBUG, "CTRL_IFACE changed monitor " - "level", (u8 *) from->sun_path, fromlen - - offsetof(struct sockaddr_un, sun_path)); - dst->debug_level = atoi(level); - return 0; - } - dst = dst->next; - } - - return -1; + return ctrl_iface_level(&hapd->ctrl_dst, from, fromlen, level); } @@ -884,6 +839,8 @@ static int hostapd_ctrl_iface_bss_tm_req(struct hostap int ret; u8 nei_rep[1000]; u8 *nei_pos = nei_rep; + u8 mbo[10]; + size_t mbo_len = 0; if (hwaddr_aton(cmd, addr)) { wpa_printf(MSG_DEBUG, "Invalid STA MAC address"); @@ -1049,10 +1006,66 @@ static int hostapd_ctrl_iface_bss_tm_req(struct hostap if (os_strstr(cmd, " disassoc_imminent=1")) req_mode |= WNM_BSS_TM_REQ_DISASSOC_IMMINENT; +#ifdef CONFIG_MBO + pos = os_strstr(cmd, "mbo="); + if (pos) { + unsigned int mbo_reason, cell_pref, reassoc_delay; + u8 *mbo_pos = mbo; + + ret = sscanf(pos, "mbo=%u:%u:%u", &mbo_reason, + &reassoc_delay, &cell_pref); + if (ret != 3) { + wpa_printf(MSG_DEBUG, + "MBO requires three arguments: mbo=<reason>:<reassoc_delay>:<cell_pref>"); + return -1; + } + + if (mbo_reason > MBO_TRANSITION_REASON_PREMIUM_AP) { + wpa_printf(MSG_DEBUG, + "Invalid MBO transition reason code %u", + mbo_reason); + return -1; + } + + /* Valid values for Cellular preference are: 0, 1, 255 */ + if (cell_pref != 0 && cell_pref != 1 && cell_pref != 255) { + wpa_printf(MSG_DEBUG, + "Invalid MBO cellular capability %u", + cell_pref); + return -1; + } + + if (reassoc_delay > 65535 || + (reassoc_delay && + !(req_mode & WNM_BSS_TM_REQ_DISASSOC_IMMINENT))) { + wpa_printf(MSG_DEBUG, + "MBO: Assoc retry delay is only valid in disassoc imminent mode"); + return -1; + } + + *mbo_pos++ = MBO_ATTR_ID_TRANSITION_REASON; + *mbo_pos++ = 1; + *mbo_pos++ = mbo_reason; + *mbo_pos++ = MBO_ATTR_ID_CELL_DATA_PREF; + *mbo_pos++ = 1; + *mbo_pos++ = cell_pref; + + if (reassoc_delay) { + *mbo_pos++ = MBO_ATTR_ID_ASSOC_RETRY_DELAY; + *mbo_pos++ = 2; + WPA_PUT_LE16(mbo_pos, reassoc_delay); + mbo_pos += 2; + } + + mbo_len = mbo_pos - mbo; + } +#endif /* CONFIG_MBO */ + ret = wnm_send_bss_tm_req(hapd, sta, req_mode, disassoc_timer, valid_int, bss_term_dur, url, nei_pos > nei_rep ? nei_rep : NULL, - nei_pos - nei_rep); + nei_pos - nei_rep, mbo_len ? mbo : NULL, + mbo_len); os_free(url); return ret; } @@ -1320,9 +1333,28 @@ static int hostapd_ctrl_iface_set(struct hostapd_data } else if (os_strcasecmp(cmd, "ext_eapol_frame_io") == 0) { hapd->ext_eapol_frame_io = atoi(value); #endif /* CONFIG_TESTING_OPTIONS */ +#ifdef CONFIG_MBO + } else if (os_strcasecmp(cmd, "mbo_assoc_disallow") == 0) { + int val; + + if (!hapd->conf->mbo_enabled) + return -1; + + val = atoi(value); + if (val < 0 || val > 1) + return -1; + + hapd->mbo_assoc_disallow = val; + ieee802_11_update_beacons(hapd->iface); + + /* + * TODO: Need to configure drivers that do AP MLME offload with + * disallowing station logic. + */ +#endif /* CONFIG_MBO */ } else { struct sta_info *sta; - int vlan_id; + struct vlan_description vlan_id; ret = hostapd_set_iface(hapd->iconf, hapd->conf, cmd, value); if (ret) @@ -1334,7 +1366,8 @@ static int hostapd_ctrl_iface_set(struct hostapd_data hapd->conf->deny_mac, hapd->conf->num_deny_mac, sta->addr, &vlan_id) && - (!vlan_id || vlan_id == sta->vlan_id)) + (!vlan_id.notempty || + !vlan_compare(&vlan_id, sta->vlan_desc))) ap_sta_disconnect( hapd, sta, sta->addr, WLAN_REASON_UNSPECIFIED); @@ -1346,7 +1379,8 @@ static int hostapd_ctrl_iface_set(struct hostapd_data hapd->conf->accept_mac, hapd->conf->num_accept_mac, sta->addr, &vlan_id) || - (vlan_id && vlan_id != sta->vlan_id)) + (vlan_id.notempty && + vlan_compare(&vlan_id, sta->vlan_desc))) ap_sta_disconnect( hapd, sta, sta->addr, WLAN_REASON_UNSPECIFIED); @@ -1557,8 +1591,8 @@ static u16 ipv4_hdr_checksum(const void *buf, size_t l #define HWSIM_PACKETLEN 1500 #define HWSIM_IP_LEN (HWSIM_PACKETLEN - sizeof(struct ether_header)) -void hostapd_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf, - size_t len) +static void hostapd_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf, + size_t len) { struct hostapd_data *hapd = ctx; const struct ether_header *eth; @@ -1745,8 +1779,6 @@ done: static int hostapd_ctrl_test_alloc_fail(struct hostapd_data *hapd, char *cmd) { #ifdef WPA_TRACE_BFD - extern char wpa_trace_fail_func[256]; - extern unsigned int wpa_trace_fail_after; char *pos; wpa_trace_fail_after = atoi(cmd); @@ -1770,9 +1802,6 @@ static int hostapd_ctrl_get_alloc_fail(struct hostapd_ char *buf, size_t buflen) { #ifdef WPA_TRACE_BFD - extern char wpa_trace_fail_func[256]; - extern unsigned int wpa_trace_fail_after; - return os_snprintf(buf, buflen, "%u:%s", wpa_trace_fail_after, wpa_trace_fail_func); #else /* WPA_TRACE_BFD */ @@ -1784,8 +1813,6 @@ static int hostapd_ctrl_get_alloc_fail(struct hostapd_ static int hostapd_ctrl_test_fail(struct hostapd_data *hapd, char *cmd) { #ifdef WPA_TRACE_BFD - extern char wpa_trace_test_fail_func[256]; - extern unsigned int wpa_trace_test_fail_after; char *pos; wpa_trace_test_fail_after = atoi(cmd); @@ -1809,9 +1836,6 @@ static int hostapd_ctrl_get_fail(struct hostapd_data * char *buf, size_t buflen) { #ifdef WPA_TRACE_BFD - extern char wpa_trace_test_fail_func[256]; - extern unsigned int wpa_trace_test_fail_after; - return os_snprintf(buf, buflen, "%u:%s", wpa_trace_test_fail_after, wpa_trace_test_fail_func); #else /* WPA_TRACE_BFD */ @@ -1875,13 +1899,13 @@ static int hostapd_ctrl_iface_vendor(struct hostapd_da /* cmd: <vendor id> <subcommand id> [<hex formatted data>] */ vendor_id = strtoul(cmd, &pos, 16); - if (!isblank(*pos)) + if (!isblank((unsigned char) *pos)) return -EINVAL; subcmd = strtoul(pos, &pos, 10); if (*pos != '\0') { - if (!isblank(*pos++)) + if (!isblank((unsigned char) *pos++)) return -EINVAL; data_len = os_strlen(pos); } @@ -2016,6 +2040,9 @@ static int hostapd_ctrl_iface_track_sta_list(struct ho struct hostapd_sta_info *info; struct os_reltime now; + if (!iface->num_sta_seen) + return 0; + sta_track_expire(iface, 0); pos = buf; @@ -2040,10 +2067,228 @@ static int hostapd_ctrl_iface_track_sta_list(struct ho #endif /* NEED_AP_MLME */ +static int hostapd_ctrl_iface_req_lci(struct hostapd_data *hapd, + const char *cmd) +{ + u8 addr[ETH_ALEN]; + + if (hwaddr_aton(cmd, addr)) { + wpa_printf(MSG_INFO, "CTRL: REQ_LCI: Invalid MAC address"); + return -1; + } + + return hostapd_send_lci_req(hapd, addr); +} + + +static int hostapd_ctrl_iface_req_range(struct hostapd_data *hapd, char *cmd) +{ + u8 addr[ETH_ALEN]; + char *token, *context = NULL; + int random_interval, min_ap; + u8 responders[ETH_ALEN * RRM_RANGE_REQ_MAX_RESPONDERS]; + unsigned int n_responders; + + token = str_token(cmd, " ", &context); + if (!token || hwaddr_aton(token, addr)) { + wpa_printf(MSG_INFO, + "CTRL: REQ_RANGE - Bad destination address"); + return -1; + } + + token = str_token(cmd, " ", &context); + if (!token) + return -1; + + random_interval = atoi(token); + if (random_interval < 0 || random_interval > 0xffff) + return -1; + + token = str_token(cmd, " ", &context); + if (!token) + return -1; + + min_ap = atoi(token); + if (min_ap <= 0 || min_ap > WLAN_RRM_RANGE_REQ_MAX_MIN_AP) + return -1; + + n_responders = 0; + while ((token = str_token(cmd, " ", &context))) { + if (n_responders == RRM_RANGE_REQ_MAX_RESPONDERS) { + wpa_printf(MSG_INFO, + "CTRL: REQ_RANGE: Too many responders"); + return -1; + } + + if (hwaddr_aton(token, responders + n_responders * ETH_ALEN)) { + wpa_printf(MSG_INFO, + "CTRL: REQ_RANGE: Bad responder address"); + return -1; + } + + n_responders++; + } + + if (!n_responders) { + wpa_printf(MSG_INFO, + "CTRL: REQ_RANGE - No FTM responder address"); + return -1; + } + + return hostapd_send_range_req(hapd, addr, random_interval, min_ap, + responders, n_responders); +} + + +static int hostapd_ctrl_iface_set_neighbor(struct hostapd_data *hapd, char *buf) +{ + struct wpa_ssid_value ssid; + u8 bssid[ETH_ALEN]; + struct wpabuf *nr, *lci = NULL, *civic = NULL; + char *tmp; + int ret; + *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
