| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Use os_exec() to run the action script operations to avoid undesired
command line processing for control interface event strings. Previously,
it could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use. (CVE-2014-3686)
Change-Id: If46d6cfcb9d7fc9700965e818315e5aa50fa11a5
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Tested-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Use os_exec() to run the action script operations to avoid undesired
command line processing for control interface event strings. Previously,
it could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use. (CVE-2014-3686)
Change-Id: I0005ed08e4b06ba3d2ebe95b9240050e47ed2e8c
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Tested-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
| |
|
|
|
|
| |
Change-Id: I579af1fa8c2f85622ffddb186ba799dcb9ac4b6f
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Tested-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a possible memcpy overflow for P2P dev->oper_ssid in
p2p_add_device(). The length provided by the peer device (0..255 bytes)
was used without proper bounds checking and that could have resulted in
arbitrary data of up to 223 bytes being written beyond the end of the
dev->oper_ssid[] array (of which about 150 bytes would be beyond the
heap allocation) when processing a corrupted management frame for P2P
peer discovery purposes.
This could result in corrupted state in heap, unexpected program
behavior due to corrupted P2P peer device information, denial of service
due to process crash, exposure of memory contents during GO Negotiation,
and potentially arbitrary code execution.
Thanks to Google security team for reporting this issue and smart
hardware research group of Alibaba security team for discovering it.
Change-Id: I9f350f20cdd010f2c096514b245b4a901ad74e46
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add "get_capability freq" command to print a more verbose list of channels and
frequencies in MHz. The tag "NO_IBSS" is added, if IBSS mode is not allowed on
a channel. This allows userspace programs to get the frequencies and
limitations associated with each channel.
This extends the information already provided in "get_capability channel" but a
new interface is chosen because of backwards compatibility considerations.
Signed-hostap: Bruno Randolf <br1@einfach.org>
Change-Id: Ic05a080b3cdea3ab095127d8c2e86eb16408bb4f
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Android related changes for socket handling.
Similar to ctrl_iface.c in wpa_supplicant/ctrl_iface.c
Ported from jellybean (was Change-Id: I3f72f5e4746ccdd007f647a923d41629afc17d94)
http://review.cyanogenmod.org/20317
Signed-off-by: Vishal Mahaveer <a0271468@ti.com>
Signed-off-by: Michael Bestas <mikeioannina@gmail.com>
Change-Id: Ibf95b753d60e47fa2e04d7b703c40851d2a13875
|
| |
|
|
|
|
|
|
|
|
| |
Add a driver capability flag for drivers which support IBSS mode and
set it for nl80211 drivers which have set the NL80211_IFTYPE_ADHOC.
Add a new option "modes" to "get_capability" which will return
"AP" and "IBSS" if the corresponding capability flags are set.
Change-Id: I7991ae49b6ac6bc154d4edb0b01af774f4e8522c
|
| |
|
|
|
|
|
|
|
| |
Also save frequency in wpa_config_write_network().
This is necessary for creating IBSS networks which requires the
frequency to be set.
Change-Id: Ic051d1ca1ce3b1d4bad231d46e86c21e818af5de
|
| |
|
|
| |
This reverts commit d04091d01db0ddfb13e0c1279e232bf9c3365cfb.
|
| |
|
|
|
|
|
| |
try to fix #5203
http://code.google.com/p/cyanogenmod/issues/detail?id=5203
As said in the file, we need config_pcsc if config_eap_sim is enable.
|
| |
|
|
|
|
|
|
|
| |
Commit 458cb3019108b6cb8c0c1cab94ae6ebf244eda27 broke LEAP since it
rejects EAP-Success packet that is used within LEAP and this frame does
not have a payload. Fix LEAP by relaxing the generic EAP packet
validation if LEAP has been negotiated.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
|
|
|
|
| |
The condition causes problems on driver initialization if the
NL80211_ATTR_DEVICE_AP_SME is not available. Needs
BOARD_NO_APSME_ATTR:=true.
Change-Id: I88e91996d8e6a70f46a5a84d6540bf3d3b628ddd
|
| |
|
|
|
|
|
|
| |
Both of these are still used by JB, and wext wifi drivers have some
weird behaviors without it (like a reported poor connection 100% of
the time)
Change-Id: I15339dbea4e15831465e2bb52b11675cb20dc34c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows tethering on devices with older bcmdhd
drivers to be fixed. It conditionally reverts
b638fe75d3cb9d21c67386173f10afe65053cc4d
"nl80211: Use native cfg80211 sta events" for these
boards.
Use BOARD_LEGACY_NL80211_STA_EVENTS to enable
this conditional revert.
Forward-port to JB MR1, squashed in Steve Kondik's commit
to handle additional changes.
Change-Id: I4e436c57819944515455725cfd7ac7eeb31552ca
|
| |\ |
|
| | |\ |
|
| | | |\ |
|
| | | | |\ |
|
| | | | | |\ |
|
| | | | | | |\ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
If wpa_s->current_ssid is not set (e.g., after disconnection that
did not result in immediate group removal), an incorrect group could
have been removed since the network block iteration here could select
the network block that is used to store persistent group credentials.
Fix this by verifying that disabled != 2 to avoid picking the network
block that could not have been the temporary P2P group.
Bug: 7290511
Change-Id: Ia61bab3e11137ab2c0c34014e4d8d8bdee2a0469
|
| | | | | | | |\ |
|
| | | | | | | | |\ |
|
| | | | | | | | | |\ |
|
| | | | | | | | | | |\ |
|
| | | | | | | | | | | |\ |
|
| | | | | | | | | | | | |\ |
|
| | | | | | | | | | | | | |\ |
|
| | | | | | | | | | | | | | |\ |
|
| | | | | | | | | | | | | | | |\ |
|
| | | | | | | | | | | | | | | | |\ |
|
| | | | | | | | | | | | | | | | | |\ |
|
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
BUG: b/7137954
Change-Id: I64ef8dbb51c354b4cdebe490ffcd2cec07995939
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| |/ / / / / / / / / / / / / / / / /
|/| | | | | | | | | | | | | | | | | |
|
| | |/ / / / / / / / / / / / / / / /
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
Dongles can be slow to respond and a quick turn around time on packets does not help.
Allow for upto 350ms on retry attempts for provision discovery, negotiation and invitation
This will catch slow responses within the first attempt and prevent any kind of issues
with sequence number handling
Bug: 7445415
Change-Id: I88a849d400b10f42ac298bad6d01f49803fcc8ba
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
Bug: 7423119
Change-Id: Iae85361aa0dc94a75bffd07deef451c85e3d9d96
Signed-off-by: Sasha Levitskiy <sanek@google.com>
|
| |/ / / / / / / / / / / / / / / /
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
Bug: 7423119
Change-Id: Id0266274c9c60f8eea872ca3cfa5ad40d9180789
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |/ / / / / / / / / / / / / / /
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
In an enterprise environment a given Access Point (AP) may reject an
association request due to load balancing. In an enterprise with a
congested Wi-Fi network we may have to connect to many APs before we
find one that will accept the connection. Currently when the
wpa_supplicant receives a CTRL-EVENT-ASSOC-REJECT it will continue to
count down the 10 second authentication timer, and doesn't realize
that it should now attempt to find a different AP. Fix this issue in
multiple ways. First, we increase the number of association rejects
we handle before we disable the network. This will allow us more
opportunity to authenticate with other APs which are sharing the same
SSID. Second, when we are rejected we immediately blacklist the AP
and rescan so that we can immediately attempt to connect to other APs.
Bug: 7329568
Change-Id: I0ff66a0e05e6d4a9dec3dea98eccd850ecd5e343
|
| |/ / / / / / / / / / / / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
The original implementation of wpas_p2p_handle_frequency_conflicts()
only works correctly when P2P groups use a separate interface
(i.e. use_p2p_group_interface=1). Update the implementation so
that it also works when the device interfaces is used
(i.e. use_p2p_group_interface=0).
Bug: 7290509
Change-Id: Icbc489125c5b7bd6e174d6aecd53555cdc9ad99d
|
| |/ / / / / / / / / / / / /
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
There is an inherent flaw in the p2p protocol design where an ACK loss right
before channel switch leads to peers being out of sync.
A work around of 50ms was added persistent case, but it turns out in heavy lossy
conditions that is not enough. Increase it to 100ms.
Experimental evaluation showed 100ms improves the reliability of p2p persistence
reinvocation.
Bug: 7359500
Change-Id: I73ab1b64e32b87101e95b0e487c90818c2c0aaf3
|
| | | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
P2P includes two use cases where one of the devices is going to start a
group and likely change channels immediately after processing a frame.
This operation may be fast enough to make the device leave the current
channel before the peer has completed layer 2 retransmission of the
frame in case the ctrl::ack frame was lost. This can result in the peer
not getting TX status success notification.
For GO Negotiation Confirm frame, p2p_go_neg_conf_cb() has a workaround
that ignores the TX status failure and will continue with the group
formation with the assumption that the peer actually received the frame
even though we did not receive ctrl::ack. For Invitation Response frame
to re-invoke a persistent group, no such workaround is used in
p2p_invitation_resp_cb(). Consequently, TX status failure due to lost
ctrl::ack frame results in one of the peers not starting the group.
Increase the likelihood of layer 2 retransmission getting acknowledged
and ctrl::ack being received by waiting a short duration after having
processed the GO Negotiation Confirm and Invitation Response frames for
the re-invocation case. For the former, use 20 ms wait since this case
has been worked around in deployed devices. For the latter, use 50 ms
wait to get even higher likelihood of getting ctrl::ack through since
deployed devices (and the current wpa_supplicant implementation) do not
have a workaround to ignore TX status failure.
20 ms is long enough to include at least couple of retries and that
should increase likelihood of getting ctrl::ack through quite a bit. The
longer 50 ms wait is likely to include full set of layer 2 retries.
Bug: 7282991
Change-Id: If063895046ff42fb52579bfb386281085bedce58
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |/ / / / / / / / / / / /
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
If wpa_s->current_ssid is not set (e.g., after disconnection that
did not result in immediate group removal), an incorrect group could
have been removed since the network block iteration here could select
the network block that is used to store persistent group credentials.
Fix this by verifying that disabled != 2 to avoid picking the network
block that could not have been the temporary P2P group.
Bug: 7290511
Change-Id: Ia61bab3e11137ab2c0c34014e4d8d8bdee2a0469
|
| |/ / / / / / / / / / /
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
The wpa_s->p2p_in_provisioning flag did not get cleared in some cases
where p2p_cancel command is used to stop group formation. This can result
in some operations (like p2p_find) failing afterwards. Fix this by using
wpas_group_formation_completed() when processing p2p_cancel for a group
that has not yet completed group formation.
Bug: 7280743
Change-Id: I2dea935bd7c0509237de54bd048954f75ce80bfc
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |/ / / / / / / / / /
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Operating channel is always set even without an STA connected. Remove
channel list filtering based on that.
Channel list is filtered in the p2p_connect and p2p_invite path based
on force_freq which is essentially the operating channel for STA
This patch helps fix WifiDirect b/w two android devices for SCC while at
the same time keeping channel compliance with WFD dongle
Bug: 7232932
Change-Id: Ie9524f9e45b6f997959c3359a81b05f63b576045
|
| |/ / / / / / / / /
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
- P2P: Show own channel list in debug log
- P2P: Allow peer to propose channel in invitation process
- P2P: Clear sta_scan_pending on group removal
- P2P: Fix ignoring of PD Response due to dialog token mismatch
BUG: 7226065, 7231289
Change-Id: Iacb0f85d80f63bcdf311ccc0d29d0c282a0c0576
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |/ / / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
- Remove unused function warning in WPS-NFC case
- P2P: Fix p2p_ctrl_invite_persistent to parse peer parameter
- hostapd: Fix CONFIG_INTERWORKING=y build without CONFIG_HS20=y
- hostapd: Fix WDS VLAN bridge handling
- hostapd: Send EAPOL frames from the VO queue if WMM is active
- P2P: Remove channel 14 from supported P2P channels
- hostapd: Clear WLAN_STA_ASSOC_REQ_OK if sending the assoc response failed
- hostapd: Add check for the wds sta flag before creating 4addr VLANs
- nl80211: Use the monitor interface if socket tx status is not supported
- wpa_supplicant: Set state to DISCONNECTED on AP creation errors
- P2P: Fix p2p_group_idle in no-group-interface P2P client case
- P2P: Fix PSK configuration for GO network
- Print control interface commands in easier format
- Add debug print for no enabled networks case
- P2P: Add more debug prints for GO start routines
- P2P: Fix pending sta scan processing for concurrent operation cases
BUG: 6940646
Change-Id: I1b1c54a08c61ec4af2bfd2274afc93501004eea2
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | | |
Change-Id: I847b63428b47016cf9a9a0b090636e1d5b9d28b8
|
| |/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
- Force operating channel as the only channel in channel list attribute for go negotiation
and persistence
- Force an operating channel in go negotiation response even if the GO indicates a different
in negotiation request
- Fix a bug with updating peer operating channel based on GO negotiation confirm
Bug: 7217600
Change-Id: I6da0dc1a49c1d99ae97dcab8ee9899e07a80a6cb
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If a connection operation is started on an interface based on scan
results, other virtual interfaces should not be information about the
results to avoid potential concurrent operations during the association
steps. Since the sibling notification of scan results received was added
as an optimization, skipping it for this type of cases is the simplest
way of avoiding unnecessary concurrent operations.
Change-Id: I145b4237074a97cc75fd68933fff7ed99b850630
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This makes sure that the interrupted station mode scan can be completed
after the P2P operations have had their chance of using the radio.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
