[PATCH] eap-pwd: add length checks for fragmented packets
by James Prestwood
---
src/eap-pwd.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/eap-pwd.c b/src/eap-pwd.c
index af373493..cd6684e7 100644
--- a/src/eap-pwd.c
+++ b/src/eap-pwd.c
@@ -669,6 +669,14 @@ static void eap_pwd_handle_request(struct eap_state *eap,
/* remove length of Total-Length parameter (2) */
pwd->rx_frag_total = l_get_be16(pkt + 1) - 2;
+
+ if (pwd->rx_frag_total < len - 2) {
+ l_error("Total-Length too small for remaining length");
+ pwd->rx_frag_total = 0;
+
+ return;
+ }
+
pwd->rx_frag_buf = l_malloc(pwd->rx_frag_total);
/* skip copying Total-Length for easier processing later */
@@ -687,6 +695,12 @@ static void eap_pwd_handle_request(struct eap_state *eap,
/* more rx fragments */
if (pwd->rx_frag_buf) {
+ if (pwd->rx_frag_total - pwd->rx_frag_count <
+ (uint16_t) len - 1) {
+ l_error("Not enough room for fragment (%zu)", len - 1);
+ return;
+
+ }
/* continue building packet (not including PWD-Exch byte) */
memcpy(pwd->rx_frag_buf + pwd->rx_frag_count, pkt + 1, len - 1);
pwd->rx_frag_count += (len - 1);
--
2.31.1
5 months
[PATCH 1/2] dpp: free nl80211 object on exit
by James Prestwood
---
src/dpp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/dpp.c b/src/dpp.c
index 78e8ffc5..6889bef9 100644
--- a/src/dpp.c
+++ b/src/dpp.c
@@ -1931,6 +1931,9 @@ static void dpp_exit(void)
l_genl_family_unregister(nl80211, mlme_watch);
mlme_watch = 0;
+ l_genl_family_free(nl80211);
+ nl80211 = NULL;
+
l_queue_destroy(dpp_list, (l_queue_destroy_func_t) dpp_free);
}
--
2.31.1
5 months, 1 week
[PATCH v3 1/3] station: send debug "roam-scan-triggered" event
by James Prestwood
---
src/station.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/station.c b/src/station.c
index 38d0757c..d9eb8d09 100644
--- a/src/station.c
+++ b/src/station.c
@@ -2246,6 +2246,8 @@ static void station_roam_scan_triggered(int err, void *user_data)
return;
}
+ station_debug_event(station, "roam-scan-triggered");
+
/*
* Do not update the Scanning property as we won't be updating the
* list of networks.
--
2.31.1
5 months, 1 week
[PATCH v2 1/2] station: send debug "roam-scan-triggered" event
by James Prestwood
---
src/station.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/station.c b/src/station.c
index 38d0757c..d9eb8d09 100644
--- a/src/station.c
+++ b/src/station.c
@@ -2246,6 +2246,8 @@ static void station_roam_scan_triggered(int err, void *user_data)
return;
}
+ station_debug_event(station, "roam-scan-triggered");
+
/*
* Do not update the Scanning property as we won't be updating the
* list of networks.
--
2.31.1
5 months, 1 week
[PATCH] auto-t: roam test to simulate reported crash
by James Prestwood
The crash itself is caused by new roam scans overwriting the previous
scan ID. To simulate this both BSS's are set to very low signal strength
which will cause IWD to attempt a roam but find no better BSS candidates.
IWD will then attempt a roam scan again. During this we kill hostapd which
sends a disconnect and should trigger a crash without the fix.
---
.../testPSK-roam/roam_ap_disconnect_test.py | 96 +++++++++++++++++++
1 file changed, 96 insertions(+)
create mode 100644 autotests/testPSK-roam/roam_ap_disconnect_test.py
diff --git a/autotests/testPSK-roam/roam_ap_disconnect_test.py b/autotests/testPSK-roam/roam_ap_disconnect_test.py
new file mode 100644
index 00000000..f11fe5bb
--- /dev/null
+++ b/autotests/testPSK-roam/roam_ap_disconnect_test.py
@@ -0,0 +1,96 @@
+#! /usr/bin/python3
+
+import unittest
+import sys, os
+
+sys.path.append('../util')
+from iwd import IWD
+from iwd import NetworkType
+from hwsim import Hwsim
+from hostapd import HostapdCLI
+
+class Test(unittest.TestCase):
+ #
+ # Tests a crash reported where multiple roam scans combined with an AP
+ # disconnect result in a crash getting scan results.
+ #
+ def test_ap_disconnect(self):
+ wd = IWD(True)
+ device = wd.list_devices(1)[0]
+
+ ordered_network = device.get_ordered_network('TestFT')
+
+ self.assertEqual(ordered_network.type, NetworkType.psk)
+
+ condition = 'not obj.connected'
+ wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+ device.connect_bssid(self.bss_hostapd[0].bssid)
+
+ condition = 'obj.state == DeviceState.connected'
+ wd.wait_for_object_condition(device, condition)
+
+ # Since both BSS's have low signal, the roam should fail and trigger
+ # another roam scan.
+ device.wait_for_event('no-roam-candidates')
+
+ # Hostapd sends disconnect
+ self.bss_hostapd[0].disable()
+
+ # IWD should recover, and not crash
+ condition = 'obj.state == DeviceState.disconnected'
+ wd.wait_for_object_condition(device, condition)
+
+ def tearDown(self):
+ os.system('ip link set "' + self.bss_hostapd[0].ifname + '" down')
+ os.system('ip link set "' + self.bss_hostapd[1].ifname + '" down')
+ os.system('ip link set "' + self.bss_hostapd[0].ifname + '" up')
+ os.system('ip link set "' + self.bss_hostapd[1].ifname + '" up')
+
+ @classmethod
+ def setUpClass(cls):
+ hwsim = Hwsim()
+
+ IWD.copy_to_storage('TestFT.psk')
+
+ cls.bss_hostapd = [ HostapdCLI(config='ft-psk-ccmp-1.conf'),
+ HostapdCLI(config='ft-psk-ccmp-2.conf') ]
+
+ cls.rule0 = hwsim.rules.create()
+ cls.rule0.source = cls.bss_hostapd[0].bssid
+ cls.rule0.signal = -8000
+ cls.rule0.enabled = True
+
+ cls.rule1 = hwsim.rules.create()
+ cls.rule1.source = cls.bss_hostapd[1].bssid
+ cls.rule1.signal = -9000
+ cls.rule1.enabled = True
+
+ # Set interface addresses to those expected by hostapd config files
+ os.system('ip link set dev "' + cls.bss_hostapd[0].ifname + '" down')
+ os.system('ip link set dev "' + cls.bss_hostapd[0].ifname + '" addr 12:00:00:00:00:01 up')
+ os.system('ip link set dev "' + cls.bss_hostapd[1].ifname + '" down')
+ os.system('ip link set dev "' + cls.bss_hostapd[1].ifname + '" addr 12:00:00:00:00:02 up')
+
+ cls.bss_hostapd[0].reload()
+ cls.bss_hostapd[0].wait_for_event("AP-ENABLED")
+ cls.bss_hostapd[1].reload()
+ cls.bss_hostapd[1].wait_for_event("AP-ENABLED")
+
+ # Fill in the neighbor AP tables in both BSSes. By default each
+ # instance knows only about current BSS, even inside one hostapd
+ # process.
+ # FT still works without the neighbor AP table but neighbor reports
+ # have to be disabled in the .conf files
+ cls.bss_hostapd[0].set_neighbor('12:00:00:00:00:02', 'TestFT',
+ '1200000000028f0000005102060603000000')
+ cls.bss_hostapd[1].set_neighbor('12:00:00:00:00:01', 'TestFT',
+ '1200000000018f0000005101060603000000')
+
+ @classmethod
+ def tearDownClass(cls):
+ IWD.clear_storage()
+ cls.bss_hostapd = None
+
+if __name__ == '__main__':
+ unittest.main(exit=True)
--
2.31.1
5 months, 1 week
[PATCH v2] dpp-util: fix dpp_point_to_asn1 compressed type
by James Prestwood
The point type was being hard coded to 0x3 (BIT1) which may have resulted
in the peer subtracting Y from P when reading in the point (depending on
if Y was odd or not).
Instead set the compressed type to whatever avoids the subtraction which
both saves IWD from needing to do it, as well as the peer.
---
src/dpp-util.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/dpp-util.c b/src/dpp-util.c
index 8ea3d498..029fbf6f 100644
--- a/src/dpp-util.c
+++ b/src/dpp-util.c
@@ -725,6 +725,7 @@ uint8_t *dpp_point_to_asn1(const struct l_ecc_point *p, size_t *len_out)
uint64_t x[L_ECC_MAX_DIGITS];
ssize_t ret;
size_t len;
+ uint8_t point_type;
switch (key_size) {
case 32:
@@ -745,6 +746,17 @@ uint8_t *dpp_point_to_asn1(const struct l_ecc_point *p, size_t *len_out)
len = 2 + sizeof(ec_oid) + 2 + type_oid_len + 2 + key_size + 4;
+ /*
+ * Set the type to whatever avoids doing p - y when reading in the
+ * key. Working backwards from l_ecc_point_from_data if Y is odd and
+ * the type is BIT0 there is no subtraction. Similarly if Y is even
+ * and the type is BIT1.
+ */
+ if (l_ecc_point_y_isodd(p))
+ point_type = L_ECC_POINT_TYPE_COMPRESSED_BIT0;
+ else
+ point_type = L_ECC_POINT_TYPE_COMPRESSED_BIT1;
+
if (L_WARN_ON(len > 128))
return NULL;
@@ -774,7 +786,7 @@ uint8_t *dpp_point_to_asn1(const struct l_ecc_point *p, size_t *len_out)
*ptr++ = ASN1_ID_BIT_STRING;
*ptr++ = key_size + 2;
*ptr++ = 0x00;
- *ptr++ = 0x03;
+ *ptr++ = point_type;
memcpy(ptr, x, key_size);
ptr += key_size;
--
2.31.1
5 months, 1 week
[PATCH] dpp-util: fix dpp_point_to_asn1 compressed type
by James Prestwood
The point type was being hard coded to 0x3 (BIT1) which may have resulted
in the peer subtracting Y from P when reading in the point (depending on
if Y was odd or not).
Instead set the compressed type to whatever avoids the subtraction which
both saves IWD from needing to do it, as well as the peer.
---
src/dpp-util.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/dpp-util.c b/src/dpp-util.c
index 048009c4..a643beb1 100644
--- a/src/dpp-util.c
+++ b/src/dpp-util.c
@@ -728,6 +728,7 @@ uint8_t *dpp_point_to_asn1(const struct l_ecc_point *p, size_t *len_out)
uint64_t x[L_ECC_MAX_DIGITS];
ssize_t ret;
size_t len;
+ uint8_t point_type;
switch (key_size) {
case 32:
@@ -744,6 +745,17 @@ uint8_t *dpp_point_to_asn1(const struct l_ecc_point *p, size_t *len_out)
if (ret < 0 || ret != key_size)
return NULL;
+ /*
+ * Set the type to whatever avoids doing p - y when reading in the
+ * key. Working backwards from l_ecc_point_from_data if Y is odd and
+ * the type is BIT0 there is no subtraction. Similarly if Y is even
+ * and the type is BIT1.
+ */
+ if (l_ecc_point_y_isodd(p))
+ point_type = L_ECC_POINT_TYPE_COMPRESSED_BIT0;
+ else
+ point_type = L_ECC_POINT_TYPE_COMPRESSED_BIT1;
+
len = 2 + ec_oid.asn1_len + 2 + key_type->asn1_len + 2 + key_size + 4;
if (L_WARN_ON(len > 128))
@@ -775,7 +787,7 @@ uint8_t *dpp_point_to_asn1(const struct l_ecc_point *p, size_t *len_out)
*ptr++ = ASN1_ID_BIT_STRING;
*ptr++ = key_size + 2;
*ptr++ = 0x00;
- *ptr++ = 0x03;
+ *ptr++ = point_type;
memcpy(ptr, x, key_size);
ptr += key_size;
--
2.31.1
5 months, 1 week
Specifying BSSID in station connect?
by Bruce A. Johnson
Has any consideration been given to permitting the specification of a
particular BSSID in the /station <wlan> connect/ command? I initially
wrote my project to work with WPA supplicant, and this was a feature
that my testing guy liked. I seem some utility in being able to lock
onto a specific access point.
Thanks!
--
Bruce A. Johnson
Chantilly, VA
USA
OpenPGP key ID: 296D1CD6F2B84CAB https://keys.openpgp.org/
5 months, 1 week
[Feature discussion] Allow overriding of network-specific options globally
by Rhys Perry
`Hi,
I use IWD as the network manager on my laptop, also utilising it's
inbuilt DHCP client. One of the things that gets on my nerves about
this is that there is no way to override the DNS server globally, only
per-network. This becomes rather annoying on a device like a laptop,
where I am regularly connecting to new networks.
I am proposing the ability to override network specific options (ones
documented in `iwd.network`) globally. This would be implemented by
having another configuration file (something like
`/etc/iwd/network-overrides.conf`), where any network-specific options
can be set, but globally. Of course, it is still useful to be able to
set per-network options, so any options in the per-network configs
(`/var/lib/iwd/*`) should take precedence over the global options.
What do you think of this proposal? Admittedly, I am not familiar with
how IWD parses configs, nor the codebase in general, and my
programming skills do have a lot to be desired, so maybe I am
overlooking something.
Rhys Perry
5 months, 1 week
[PATCH] doc: fix overriden -> overridden
by Diederik de Haas
---
src/iwd.config.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/iwd.config.rst b/src/iwd.config.rst
index 5cd2b06b..54943702 100644
--- a/src/iwd.config.rst
+++ b/src/iwd.config.rst
@@ -205,7 +205,7 @@ The group ``[Network]`` contains network configuration related settings.
Sets the global default that tells **iwd** whether it should configure
IPv6 addresses and routes (either provided via static settings,
Router Advertisements or DHCPv6 protocol). This setting is disabled
- by default. This setting can also be overriden on a per-network basis.
+ by default. This setting can also be overridden on a per-network basis.
* - NameResolvingService
- Values: resolvconf, **systemd**
--
2.34.1
5 months, 1 week
