[pkg-wpa-devel] r1145 - /hostapd/branches/upstream/current/
kelmo-guest at users.alioth.debian.org
kelmo-guest at users.alioth.debian.org
Tue Mar 11 02:31:58 UTC 2008
Author: kelmo-guest
Date: Tue Mar 11 02:31:57 2008
New Revision: 1145
URL: http://svn.debian.org/wsvn/?sc=1&rev=1145
Log:
[svn-upgrade] Integrating new upstream version, hostapd (0.5.10)
Modified:
hostapd/branches/upstream/current/ChangeLog
hostapd/branches/upstream/current/README
hostapd/branches/upstream/current/common.c
hostapd/branches/upstream/current/common.h
hostapd/branches/upstream/current/driver_madwifi.c
hostapd/branches/upstream/current/eap_aka.c
hostapd/branches/upstream/current/eap_gpsk.c
hostapd/branches/upstream/current/eap_sim.c
hostapd/branches/upstream/current/eap_sim_common.c
hostapd/branches/upstream/current/eap_sim_db.c
hostapd/branches/upstream/current/eap_tls_common.c
hostapd/branches/upstream/current/hostapd.c
hostapd/branches/upstream/current/ieee802_11.c
hostapd/branches/upstream/current/os.h
hostapd/branches/upstream/current/os_unix.c
hostapd/branches/upstream/current/os_win32.c
hostapd/branches/upstream/current/radius.c
hostapd/branches/upstream/current/radius.h
hostapd/branches/upstream/current/radius_client.c
hostapd/branches/upstream/current/radius_server.c
hostapd/branches/upstream/current/version.h
hostapd/branches/upstream/current/wpa.c
Modified: hostapd/branches/upstream/current/ChangeLog
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/ChangeLog?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/ChangeLog (original)
+++ hostapd/branches/upstream/current/ChangeLog Tue Mar 11 02:31:57 2008
@@ -1,4 +1,18 @@
ChangeLog for hostapd
+
+2008-02-19 - v0.5.10
+ * fixed EAP-SIM and EAP-AKA message parser to validate attribute
+ lengths properly to avoid potential crash caused by invalid messages
+ * fixed Reassociation Response callback processing when using internal
+ MLME (driver_{hostap,devicescape,test}.c)
+ * fixed EAP-SIM/AKA realm processing to allow decorated usernames to
+ be used
+ * added a workaround for EAP-SIM/AKA peers that include incorrect null
+ termination in the username
+ * fixed EAP-SIM Start response processing for fast reauthentication
+ case
+ * copy optional Proxy-State attributes into RADIUS response when acting
+ as a RADIUS authentication server
2007-12-02 - v0.5.9
* updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
Modified: hostapd/branches/upstream/current/README
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/README?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/README (original)
+++ hostapd/branches/upstream/current/README Tue Mar 11 02:31:57 2008
@@ -2,7 +2,7 @@
Authenticator and RADIUS authentication server
================================================================
-Copyright (c) 2002-2007, Jouni Malinen <j at w1.fi> and contributors
+Copyright (c) 2002-2008, Jouni Malinen <j at w1.fi> and contributors
All Rights Reserved.
This program is dual-licensed under both the GPL version 2 and BSD
Modified: hostapd/branches/upstream/current/common.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/common.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/common.c (original)
+++ hostapd/branches/upstream/current/common.c Tue Mar 11 02:31:57 2008
@@ -20,7 +20,6 @@
#ifdef CONFIG_DEBUG_FILE
static FILE *out_file = NULL;
#endif /* CONFIG_DEBUG_FILE */
-int wpa_debug_use_file = 0;
int wpa_debug_level = MSG_INFO;
int wpa_debug_show_keys = 0;
int wpa_debug_timestamp = 0;
@@ -344,32 +343,29 @@
}
-int wpa_debug_open_file(void)
-{
-#ifdef CONFIG_DEBUG_FILE
- static int count = 0;
- char fname[64];
- if (!wpa_debug_use_file)
+int wpa_debug_open_file(const char *path)
+{
+#ifdef CONFIG_DEBUG_FILE
+ if (!path)
return 0;
-#ifdef _WIN32
- os_snprintf(fname, sizeof(fname), "\\Temp\\wpa_supplicant-log-%d.txt",
- count++);
-#else /* _WIN32 */
- os_snprintf(fname, sizeof(fname), "/tmp/wpa_supplicant-log-%d.txt",
- count++);
+ out_file = fopen(path, "a");
+ if (out_file == NULL) {
+ wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open "
+ "output file, using standard output");
+ return -1;
+ }
+#ifndef _WIN32
+ setvbuf(out_file, NULL, _IOLBF, 0);
#endif /* _WIN32 */
- out_file = fopen(fname, "w");
- return out_file == NULL ? -1 : 0;
-#else /* CONFIG_DEBUG_FILE */
+#endif /* CONFIG_DEBUG_FILE */
return 0;
-#endif /* CONFIG_DEBUG_FILE */
}
void wpa_debug_close_file(void)
{
#ifdef CONFIG_DEBUG_FILE
- if (!wpa_debug_use_file)
+ if (!out_file)
return;
fclose(out_file);
out_file = NULL;
Modified: hostapd/branches/upstream/current/common.h
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/common.h?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/common.h (original)
+++ hostapd/branches/upstream/current/common.h Tue Mar 11 02:31:57 2008
@@ -264,12 +264,12 @@
#define wpa_hexdump_key(l,t,b,le) do { } while (0)
#define wpa_hexdump_ascii(l,t,b,le) do { } while (0)
#define wpa_hexdump_ascii_key(l,t,b,le) do { } while (0)
-#define wpa_debug_open_file() do { } while (0)
+#define wpa_debug_open_file(p) do { } while (0)
#define wpa_debug_close_file() do { } while (0)
#else /* CONFIG_NO_STDOUT_DEBUG */
-int wpa_debug_open_file(void);
+int wpa_debug_open_file(const char *path);
void wpa_debug_close_file(void);
/**
Modified: hostapd/branches/upstream/current/driver_madwifi.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/driver_madwifi.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/driver_madwifi.c (original)
+++ hostapd/branches/upstream/current/driver_madwifi.c Tue Mar 11 02:31:57 2008
@@ -98,7 +98,6 @@
if (ioctl(drv->ioctl_sock, op, &iwr) < 0) {
#ifdef MADWIFI_NG
int first = IEEE80211_IOCTL_SETPARAM;
- int last = IEEE80211_IOCTL_KICKMAC;
static const char *opnames[] = {
"ioctl[IEEE80211_IOCTL_SETPARAM]",
"ioctl[IEEE80211_IOCTL_GETPARAM]",
@@ -109,10 +108,10 @@
"ioctl[IEEE80211_IOCTL_SETCHANLIST]",
"ioctl[IEEE80211_IOCTL_GETCHANLIST]",
"ioctl[IEEE80211_IOCTL_CHANSWITCH]",
- NULL,
- NULL,
+ "ioctl[IEEE80211_IOCTL_GET_APPIEBUF]",
+ "ioctl[IEEE80211_IOCTL_SET_APPIEBUF]",
"ioctl[IEEE80211_IOCTL_GETSCANRESULTS]",
- NULL,
+ "ioctl[IEEE80211_IOCTL_FILTERFRAME]",
"ioctl[IEEE80211_IOCTL_GETCHANINFO]",
"ioctl[IEEE80211_IOCTL_SETOPTIE]",
"ioctl[IEEE80211_IOCTL_GETOPTIE]",
@@ -130,11 +129,10 @@
NULL,
"ioctl[IEEE80211_IOCTL_WDSDELMAC]",
NULL,
- "ioctl[IEEE80211_IOCTL_KICMAC]",
+ "ioctl[IEEE80211_IOCTL_KICKMAC]",
};
#else /* MADWIFI_NG */
int first = IEEE80211_IOCTL_SETPARAM;
- int last = IEEE80211_IOCTL_CHANLIST;
static const char *opnames[] = {
"ioctl[IEEE80211_IOCTL_SETPARAM]",
"ioctl[IEEE80211_IOCTL_GETPARAM]",
@@ -158,7 +156,7 @@
};
#endif /* MADWIFI_NG */
int idx = op - first;
- if (first <= op && op <= last &&
+ if (first <= op &&
idx < (int) (sizeof(opnames) / sizeof(opnames[0])) &&
opnames[idx])
perror(opnames[idx]);
Modified: hostapd/branches/upstream/current/eap_aka.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/eap_aka.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/eap_aka.c (original)
+++ hostapd/branches/upstream/current/eap_aka.c Tue Mar 11 02:31:57 2008
@@ -1,6 +1,6 @@
/*
* hostapd / EAP-AKA (RFC 4187)
- * Copyright (c) 2005-2007, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2005-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -124,6 +124,14 @@
sm->identity_len)) {
wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ");
eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
+ } else {
+ /*
+ * RFC 4187, Chap. 4.1.4 recommends that identity from EAP is
+ * ignored and the AKA/Identity is used to request the
+ * identity.
+ */
+ wpa_printf(MSG_DEBUG, " AT_ANY_ID_REQ");
+ eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
}
return eap_sim_msg_finish(msg, reqDataLen, NULL, NULL, 0);
}
@@ -445,10 +453,16 @@
sm->method_pending = METHOD_PENDING_NONE;
}
+ identity_len = sm->identity_len;
+ while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
+ wpa_printf(MSG_DEBUG, "EAP-AKA: Workaround - drop last null "
+ "character from identity");
+ identity_len--;
+ }
wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity for MK derivation",
- sm->identity, sm->identity_len);
-
- eap_aka_derive_mk(sm->identity, sm->identity_len, data->ik, data->ck,
+ sm->identity, identity_len);
+
+ eap_aka_derive_mk(sm->identity, identity_len, data->ik, data->ck,
data->mk);
eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
data->emsk);
Modified: hostapd/branches/upstream/current/eap_gpsk.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/eap_gpsk.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/eap_gpsk.c (original)
+++ hostapd/branches/upstream/current/eap_gpsk.c Tue Mar 11 02:31:57 2008
@@ -1,5 +1,5 @@
/*
- * hostapd / EAP-GPSK (draft-ietf-emu-eap-gpsk-06.txt) server
+ * hostapd / EAP-GPSK (draft-ietf-emu-eap-gpsk-08.txt) server
* Copyright (c) 2006-2007, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
Modified: hostapd/branches/upstream/current/eap_sim.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/eap_sim.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/eap_sim.c (original)
+++ hostapd/branches/upstream/current/eap_sim.c Tue Mar 11 02:31:57 2008
@@ -1,6 +1,6 @@
/*
* hostapd / EAP-SIM (RFC 4186)
- * Copyright (c) 2005-2007, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2005-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -110,6 +110,13 @@
sm->identity_len)) {
wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ");
eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
+ } else {
+ /*
+ * RFC 4186, Chap. 4.2.4 recommends that identity from EAP is
+ * ignored and the SIM/Start is used to request the identity.
+ */
+ wpa_printf(MSG_DEBUG, " AT_ANY_ID_REQ");
+ eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
}
wpa_printf(MSG_DEBUG, " AT_VERSION_LIST");
ver[0] = 0;
@@ -331,20 +338,6 @@
wpa_printf(MSG_DEBUG, "EAP-SIM: Receive start response");
- if (attr->nonce_mt == NULL || attr->selected_version < 0) {
- wpa_printf(MSG_DEBUG, "EAP-SIM: Start/Response missing "
- "required attributes");
- eap_sim_state(data, FAILURE);
- return;
- }
-
- if (!eap_sim_supported_ver(data, attr->selected_version)) {
- wpa_printf(MSG_DEBUG, "EAP-SIM: Peer selected unsupported "
- "version %d", attr->selected_version);
- eap_sim_state(data, FAILURE);
- return;
- }
-
if (attr->identity) {
free(sm->identity);
sm->identity = malloc(attr->identity_len);
@@ -398,6 +391,20 @@
return;
}
+ if (attr->nonce_mt == NULL || attr->selected_version < 0) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Start/Response missing "
+ "required attributes");
+ eap_sim_state(data, FAILURE);
+ return;
+ }
+
+ if (!eap_sim_supported_ver(data, attr->selected_version)) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Peer selected unsupported "
+ "version %d", attr->selected_version);
+ eap_sim_state(data, FAILURE);
+ return;
+ }
+
data->counter = 0; /* reset re-auth counter since this is full auth */
data->reauth = NULL;
@@ -418,12 +425,18 @@
return;
}
+ identity_len = sm->identity_len;
+ while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Workaround - drop last null "
+ "character from identity");
+ identity_len--;
+ }
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Identity for MK derivation",
- sm->identity, sm->identity_len);
+ sm->identity, identity_len);
memcpy(data->nonce_mt, attr->nonce_mt, EAP_SIM_NONCE_MT_LEN);
WPA_PUT_BE16(ver_list, EAP_SIM_VERSION);
- eap_sim_derive_mk(sm->identity, sm->identity_len, attr->nonce_mt,
+ eap_sim_derive_mk(sm->identity, identity_len, attr->nonce_mt,
attr->selected_version, ver_list, sizeof(ver_list),
data->num_chal, (const u8 *) data->kc, data->mk);
eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
Modified: hostapd/branches/upstream/current/eap_sim_common.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/eap_sim_common.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/eap_sim_common.c (original)
+++ hostapd/branches/upstream/current/eap_sim_common.c Tue Mar 11 02:31:57 2008
@@ -1,6 +1,6 @@
/*
* EAP peer: EAP-SIM/AKA shared routines
- * Copyright (c) 2004-2006, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2004-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -118,6 +118,11 @@
const u8 *addr[4];
size_t len[4];
+ while (identity_len > 0 && identity[identity_len - 1] == 0) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Workaround - drop null "
+ "character from the end of identity");
+ identity_len--;
+ }
addr[0] = identity;
len[0] = identity_len;
addr[1] = counter;
@@ -248,6 +253,10 @@
wpa_printf(MSG_INFO, "EAP-SIM: Attribute overflow "
"(pos=%p len=%d end=%p)",
pos, pos[1] * 4, end);
+ return -1;
+ }
+ if (pos[1] == 0) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Attribute underflow");
return -1;
}
apos = pos + 2;
Modified: hostapd/branches/upstream/current/eap_sim_db.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/eap_sim_db.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/eap_sim_db.c (original)
+++ hostapd/branches/upstream/current/eap_sim_db.c Tue Mar 11 02:31:57 2008
@@ -554,8 +554,7 @@
size_t i;
char msg[40];
- if (identity_len < 2 || identity[0] != EAP_SIM_PERMANENT_PREFIX ||
- identity_len + 1 > sizeof(entry->imsi)) {
+ if (identity_len < 2 || identity[0] != EAP_SIM_PERMANENT_PREFIX) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity",
identity, identity_len);
return EAP_SIM_DB_FAILURE;
@@ -567,6 +566,11 @@
identity_len = i;
break;
}
+ }
+ if (identity_len + 1 > sizeof(entry->imsi)) {
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity",
+ identity, identity_len);
+ return EAP_SIM_DB_FAILURE;
}
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: Get GSM triplets for IMSI",
identity, identity_len);
@@ -1117,8 +1121,7 @@
char msg[40];
if (identity_len < 2 || identity == NULL ||
- identity[0] != EAP_AKA_PERMANENT_PREFIX ||
- identity_len + 1 > sizeof(entry->imsi)) {
+ identity[0] != EAP_AKA_PERMANENT_PREFIX) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity",
identity, identity_len);
return EAP_SIM_DB_FAILURE;
@@ -1130,6 +1133,11 @@
identity_len = i;
break;
}
+ }
+ if (identity_len + 1 > sizeof(entry->imsi)) {
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity",
+ identity, identity_len);
+ return EAP_SIM_DB_FAILURE;
}
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: Get AKA auth for IMSI",
identity, identity_len);
@@ -1213,23 +1221,37 @@
const u8 *_rand)
{
struct eap_sim_db_data *data = priv;
-
- if (identity_len < 2 || identity[0] != EAP_AKA_PERMANENT_PREFIX ||
- identity_len > 20) {
+ size_t i;
+
+ if (identity_len < 2 || identity == NULL ||
+ identity[0] != EAP_AKA_PERMANENT_PREFIX) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity",
identity, identity_len);
return -1;
}
+ identity++;
+ identity_len--;
+ for (i = 0; i < identity_len; i++) {
+ if (identity[i] == '@') {
+ identity_len = i;
+ break;
+ }
+ }
+ if (identity_len > 20) {
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity",
+ identity, identity_len);
+ return -1;
+ }
if (data->sock >= 0) {
char msg[100];
int len, ret;
len = snprintf(msg, sizeof(msg), "AKA-AUTS ");
- if (len < 0 || len + identity_len - 1 >= sizeof(msg))
+ if (len < 0 || len + identity_len >= sizeof(msg))
return -1;
- memcpy(msg + len, identity + 1, identity_len - 1);
- len += identity_len - 1;
+ memcpy(msg + len, identity, identity_len);
+ len += identity_len;
ret = snprintf(msg + len, sizeof(msg) - len, " ");
if (ret < 0 || (size_t) ret >= sizeof(msg) - len)
@@ -1244,7 +1266,7 @@
len += wpa_snprintf_hex(msg + len, sizeof(msg) - len,
_rand, EAP_AKA_RAND_LEN);
wpa_hexdump(MSG_DEBUG, "EAP-SIM DB: reporting AKA AUTS for "
- "IMSI", identity + 1, identity_len - 1);
+ "IMSI", identity, identity_len);
if (eap_sim_db_send(data, msg, len) < 0)
return -1;
}
Modified: hostapd/branches/upstream/current/eap_tls_common.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/eap_tls_common.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/eap_tls_common.c (original)
+++ hostapd/branches/upstream/current/eap_tls_common.c Tue Mar 11 02:31:57 2008
@@ -113,6 +113,11 @@
u8 *buf;
if (data->tls_in_left > *in_len || data->tls_in) {
+ if (*in_len == 0) {
+ wpa_printf(MSG_INFO, "SSL: Empty fragment when trying "
+ "to reassemble");
+ return -1;
+ }
if (data->tls_in_len + *in_len > 65536) {
/* Limit length to avoid rogue peers from causing large
* memory allocations. */
Modified: hostapd/branches/upstream/current/hostapd.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/hostapd.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/hostapd.c (original)
+++ hostapd/branches/upstream/current/hostapd.c Tue Mar 11 02:31:57 2008
@@ -1,6 +1,6 @@
/*
* hostapd / Initialization and configuration
- * Copyright (c) 2002-2007, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2002-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -1576,7 +1576,7 @@
"hostapd v" VERSION_STR "\n"
"User space daemon for IEEE 802.11 AP management,\n"
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
- "Copyright (c) 2002-2007, Jouni Malinen <j at w1.fi> "
+ "Copyright (c) 2002-2008, Jouni Malinen <j at w1.fi> "
"and contributors\n");
}
Modified: hostapd/branches/upstream/current/ieee802_11.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/ieee802_11.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/ieee802_11.c (original)
+++ hostapd/branches/upstream/current/ieee802_11.c Tue Mar 11 02:31:57 2008
@@ -1436,8 +1436,8 @@
return;
}
- if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
- sizeof(mgmt->u.assoc_req))) {
+ if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
+ sizeof(mgmt->u.assoc_resp))) {
printf("handle_assoc_cb(reassoc=%d) - too short payload "
"(len=%lu)\n", reassoc, (unsigned long) len);
return;
Modified: hostapd/branches/upstream/current/os.h
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/os.h?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/os.h (original)
+++ hostapd/branches/upstream/current/os.h Tue Mar 11 02:31:57 2008
@@ -63,6 +63,9 @@
* @t: Buffer for returning calendar time representation (seconds since
* 1970-01-01 00:00:00)
* Returns: 0 on success, -1 on failure
+ *
+ * Note: The result is in seconds from Epoch, i.e., in UTC, not in local time
+ * which is used by POSIX mktime().
*/
int os_mktime(int year, int month, int day, int hour, int min, int sec,
os_time_t *t);
Modified: hostapd/branches/upstream/current/os_unix.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/os_unix.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/os_unix.c (original)
+++ hostapd/branches/upstream/current/os_unix.c Tue Mar 11 02:31:57 2008
@@ -39,7 +39,9 @@
int os_mktime(int year, int month, int day, int hour, int min, int sec,
os_time_t *t)
{
- struct tm tm;
+ struct tm tm, *tm1;
+ time_t t_local, t1, t2;
+ os_time_t tz_offset;
if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 ||
hour < 0 || hour > 23 || min < 0 || min > 59 || sec < 0 ||
@@ -54,7 +56,22 @@
tm.tm_min = min;
tm.tm_sec = sec;
- *t = (os_time_t) mktime(&tm);
+ t_local = mktime(&tm);
+
+ /* figure out offset to UTC */
+ tm1 = localtime(&t_local);
+ if (tm1) {
+ t1 = mktime(tm1);
+ tm1 = gmtime(&t_local);
+ if (tm1) {
+ t2 = mktime(tm1);
+ tz_offset = t2 - t1;
+ } else
+ tz_offset = 0;
+ } else
+ tz_offset = 0;
+
+ *t = (os_time_t) t_local - tz_offset;
return 0;
}
Modified: hostapd/branches/upstream/current/os_win32.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/os_win32.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/os_win32.c (original)
+++ hostapd/branches/upstream/current/os_win32.c Tue Mar 11 02:31:57 2008
@@ -55,7 +55,9 @@
int os_mktime(int year, int month, int day, int hour, int min, int sec,
os_time_t *t)
{
- struct tm tm;
+ struct tm tm, *tm1;
+ time_t t_local, t1, t2;
+ os_time_t tz_offset;
if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 ||
hour < 0 || hour > 23 || min < 0 || min > 59 || sec < 0 ||
@@ -70,7 +72,22 @@
tm.tm_min = min;
tm.tm_sec = sec;
- *t = (os_time_t) mktime(&tm);
+ t_local = mktime(&tm);
+
+ /* figure out offset to UTC */
+ tm1 = localtime(&t_local);
+ if (tm1) {
+ t1 = mktime(tm1);
+ tm1 = gmtime(&t_local);
+ if (tm1) {
+ t2 = mktime(tm1);
+ tz_offset = t2 - t1;
+ } else
+ tz_offset = 0;
+ } else
+ tz_offset = 0;
+
+ *t = (os_time_t) t_local - tz_offset;
return 0;
}
Modified: hostapd/branches/upstream/current/radius.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/radius.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/radius.c (original)
+++ hostapd/branches/upstream/current/radius.c Tue Mar 11 02:31:57 2008
@@ -1,6 +1,6 @@
/*
* hostapd / RADIUS message processing
- * Copyright (c) 2002-2005, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2002-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -138,6 +138,7 @@
{ RADIUS_ATTR_CALLING_STATION_ID, "Calling-Station-Id",
RADIUS_ATTR_TEXT },
{ RADIUS_ATTR_NAS_IDENTIFIER, "NAS-Identifier", RADIUS_ATTR_TEXT },
+ { RADIUS_ATTR_PROXY_STATE, "Proxy-State", RADIUS_ATTR_UNDIST },
{ RADIUS_ATTR_ACCT_STATUS_TYPE, "Acct-Status-Type",
RADIUS_ATTR_INT32 },
{ RADIUS_ATTR_ACCT_DELAY_TIME, "Acct-Delay-Time", RADIUS_ATTR_INT32 },
@@ -665,24 +666,21 @@
int radius_msg_copy_attr(struct radius_msg *dst, struct radius_msg *src,
u8 type)
{
- struct radius_attr_hdr *attr = NULL;
+ struct radius_attr_hdr *attr;
size_t i;
+ int count = 0;
for (i = 0; i < src->attr_used; i++) {
- if (src->attrs[i]->type == type) {
- attr = src->attrs[i];
- break;
+ attr = src->attrs[i];
+ if (attr->type == type) {
+ if (!radius_msg_add_attr(dst, type, (u8 *) (attr + 1),
+ attr->length - sizeof(*attr)))
+ return -1;
+ count++;
}
}
- if (attr == NULL)
- return 0;
-
- if (!radius_msg_add_attr(dst, type, (u8 *) (attr + 1),
- attr->length - sizeof(*attr)))
- return -1;
-
- return 1;
+ return count;
}
Modified: hostapd/branches/upstream/current/radius.h
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/radius.h?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/radius.h (original)
+++ hostapd/branches/upstream/current/radius.h Tue Mar 11 02:31:57 2008
@@ -62,6 +62,7 @@
RADIUS_ATTR_CALLED_STATION_ID = 30,
RADIUS_ATTR_CALLING_STATION_ID = 31,
RADIUS_ATTR_NAS_IDENTIFIER = 32,
+ RADIUS_ATTR_PROXY_STATE = 33,
RADIUS_ATTR_ACCT_STATUS_TYPE = 40,
RADIUS_ATTR_ACCT_DELAY_TIME = 41,
RADIUS_ATTR_ACCT_INPUT_OCTETS = 42,
Modified: hostapd/branches/upstream/current/radius_client.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/radius_client.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/radius_client.c (original)
+++ hostapd/branches/upstream/current/radius_client.c Tue Mar 11 02:31:57 2008
@@ -452,6 +452,13 @@
}
if (msg_type == RADIUS_ACCT || msg_type == RADIUS_ACCT_INTERIM) {
+ if (conf->acct_server == NULL) {
+ hostapd_logger(radius->ctx, NULL,
+ HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_INFO,
+ "No accounting server configured");
+ return -1;
+ }
shared_secret = conf->acct_server->shared_secret;
shared_secret_len = conf->acct_server->shared_secret_len;
radius_msg_finish_acct(msg, shared_secret, shared_secret_len);
@@ -459,6 +466,13 @@
s = radius->acct_sock;
conf->acct_server->requests++;
} else {
+ if (conf->auth_server == NULL) {
+ hostapd_logger(radius->ctx, NULL,
+ HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_INFO,
+ "No authentication server configured");
+ return -1;
+ }
shared_secret = conf->auth_server->shared_secret;
shared_secret_len = conf->auth_server->shared_secret_len;
radius_msg_finish(msg, shared_secret, shared_secret_len);
Modified: hostapd/branches/upstream/current/radius_server.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/radius_server.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/radius_server.c (original)
+++ hostapd/branches/upstream/current/radius_server.c Tue Mar 11 02:31:57 2008
@@ -1,6 +1,6 @@
/*
* hostapd / RADIUS authentication server
- * Copyright (c) 2005-2006, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2005-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -376,6 +376,13 @@
}
}
+ if (radius_msg_copy_attr(msg, request, RADIUS_ATTR_PROXY_STATE) < 0) {
+ RADIUS_DEBUG("Failed to copy Proxy-State attribute(s)");
+ radius_msg_free(msg);
+ os_free(msg);
+ return NULL;
+ }
+
if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
client->shared_secret_len,
request->hdr->authenticator) < 0) {
@@ -414,6 +421,12 @@
RADIUS_DEBUG("Failed to add EAP-Message attribute");
}
+ if (radius_msg_copy_attr(msg, request, RADIUS_ATTR_PROXY_STATE) < 0) {
+ RADIUS_DEBUG("Failed to copy Proxy-State attribute(s)");
+ radius_msg_free(msg);
+ os_free(msg);
+ return -1;
+ }
if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
client->shared_secret_len,
Modified: hostapd/branches/upstream/current/version.h
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/version.h?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/version.h (original)
+++ hostapd/branches/upstream/current/version.h Tue Mar 11 02:31:57 2008
@@ -1,6 +1,6 @@
#ifndef VERSION_H
#define VERSION_H
-#define VERSION_STR "0.5.9"
+#define VERSION_STR "0.5.10"
#endif /* VERSION_H */
Modified: hostapd/branches/upstream/current/wpa.c
URL: http://svn.debian.org/wsvn/hostapd/branches/upstream/current/wpa.c?rev=1145&op=diff
==============================================================================
--- hostapd/branches/upstream/current/wpa.c (original)
+++ hostapd/branches/upstream/current/wpa.c Tue Mar 11 02:31:57 2008
@@ -1,6 +1,6 @@
/*
* hostapd - IEEE 802.11i-2004 / WPA Authenticator
- * Copyright (c) 2004-2007, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2004-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -105,7 +105,6 @@
unsigned int in_step_loop:1;
unsigned int pending_deinit:1;
unsigned int started:1;
- unsigned int sta_counted:1;
unsigned int mgmt_frame_prot:1;
u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN];
@@ -134,7 +133,6 @@
int vlan_id;
Boolean GInit;
- int GNoStations;
int GKeyDoneStations;
Boolean GTKReKey;
int GTK_len;
@@ -2685,14 +2683,6 @@
SM_STATE(WPA_PTK, DISCONNECTED)
{
SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
- if (sm->sta_counted) {
- sm->group->GNoStations--;
- sm->sta_counted = 0;
- } else {
- wpa_printf(MSG_DEBUG, "WPA: WPA_PTK::DISCONNECTED - did not "
- "decrease GNoStations (STA " MACSTR ")",
- MAC2STR(sm->addr));
- }
sm->DeauthenticationRequest = FALSE;
}
@@ -2700,14 +2690,6 @@
SM_STATE(WPA_PTK, AUTHENTICATION)
{
SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
- if (!sm->sta_counted) {
- sm->group->GNoStations++;
- sm->sta_counted = 1;
- } else {
- wpa_printf(MSG_DEBUG, "WPA: WPA_PTK::DISCONNECTED - did not "
- "increase GNoStations (STA " MACSTR ")",
- MAC2STR(sm->addr));
- }
memset(&sm->PTK, 0, sizeof(sm->PTK));
sm->PTK_valid = FALSE;
wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
@@ -3219,8 +3201,9 @@
{
SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
sm->EAPOLKeyReceived = FALSE;
+ if (sm->GUpdateStationKeys)
+ sm->group->GKeyDoneStations--;
sm->GUpdateStationKeys = FALSE;
- sm->group->GKeyDoneStations--;
sm->GTimeoutCtr = 0;
/* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
@@ -3233,7 +3216,8 @@
SM_STATE(WPA_PTK_GROUP, KEYERROR)
{
SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
- sm->group->GKeyDoneStations--;
+ if (sm->GUpdateStationKeys)
+ sm->group->GKeyDoneStations--;
sm->GUpdateStationKeys = FALSE;
sm->Disconnect = TRUE;
}
@@ -3309,6 +3293,12 @@
static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
{
+ if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
+ wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
+ "Not in PTKINITDONE; skip Group Key update");
+ return 0;
+ }
+ sm->group->GKeyDoneStations++;
sm->GUpdateStationKeys = TRUE;
wpa_sm_step(sm);
return 0;
@@ -3328,10 +3318,14 @@
tmp = group->GM;
group->GM = group->GN;
group->GN = tmp;
- group->GKeyDoneStations = group->GNoStations;
+ /* "GKeyDoneStations = GNoStations" is done in more robust way by
+ * counting the STAs that are marked with GUpdateStationKeys instead of
+ * including all STAs that could be in not-yet-completed state. */
wpa_gtk_update(wpa_auth, group);
wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
+ wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
+ group->GKeyDoneStations);
}
@@ -3780,13 +3774,6 @@
wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
"machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
- if (sm->group && sm->group != group && sm->sta_counted) {
- sm->group->GNoStations--;
- sm->sta_counted = 0;
- wpa_printf(MSG_DEBUG, "WLA: Decreased GNoStations for the "
- "previously used group state machine");
- }
-
sm->group = group;
return 0;
}
More information about the Pkg-wpa-devel
mailing list