From 416562992f1c5c64266fb650b4a0fc2626379cca Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Fri, 11 Sep 2015 16:33:54 +0000 Subject: [PATCH 1/9] CC: hostapd: Add eapol_version config option Add eapol_version to the openwrt wireless config ssid section. Only eapol_version=1 and 2 will get passed to hostapd, the default in hostapd is 2. This is only useful for really old client devices that don't accept eapol_version=2. Signed-off-by: Helmut Schaa SVN-Revision: 46861 --- package/network/services/hostapd/files/netifd.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/package/network/services/hostapd/files/netifd.sh b/package/network/services/hostapd/files/netifd.sh index 23d2e7e83e..508b0c555a 100644 --- a/package/network/services/hostapd/files/netifd.sh +++ b/package/network/services/hostapd/files/netifd.sh @@ -120,6 +120,7 @@ hostapd_common_add_bss_config() { config_add_boolean rsn_preauth auth_cache config_add_int ieee80211w + config_add_int eapol_version config_add_string 'auth_server:host' 'server:host' config_add_string auth_secret @@ -182,7 +183,7 @@ hostapd_set_bss_options() { wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 \ wps_device_type wps_device_name wps_manufacturer wps_pin \ macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \ - iapp_interface + iapp_interface eapol_version set_default isolate 0 set_default maxassoc 0 @@ -237,6 +238,8 @@ hostapd_set_bss_options() { [ -e "$wpa_psk_file" ] || touch "$wpa_psk_file" append bss_conf "wpa_psk_file=$wpa_psk_file" "$N" } + [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" + wps_possible=1 append wpa_key_mgmt "WPA-PSK" ;; @@ -292,6 +295,8 @@ hostapd_set_bss_options() { [ -n "$vlan_tagged_interface" ] && \ append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N" } + + [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" ;; wep) local wep_keyidx=0 From 08a15abe4f332282ef7a48afba3a1bf1aa123a9c Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 2 Nov 2015 18:12:54 +0000 Subject: [PATCH 2/9] CC: hostapd: add default value to eapol_version (#20641) r46861 introduced a new option eapol_version to hostapd, but did not provide a default value. When the option value is evaluated, the non-existing value causes errors to the systen log: "netifd: radio0: sh: out of range" Add a no-op default value 0 for eapol_version. Only values 1 or 2 are actually passed on, so 0 will not change the default action in hostapd. Signed-off-by: Hannu Nyman SVN-Revision: 47361 --- package/network/services/hostapd/files/netifd.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/package/network/services/hostapd/files/netifd.sh b/package/network/services/hostapd/files/netifd.sh index 508b0c555a..21762e9ddb 100644 --- a/package/network/services/hostapd/files/netifd.sh +++ b/package/network/services/hostapd/files/netifd.sh @@ -193,6 +193,7 @@ hostapd_set_bss_options() { set_default hidden 0 set_default wmm 1 set_default uapsd 1 + set_default eapol_version 0 append bss_conf "ctrl_interface=/var/run/hostapd" if [ "$isolate" -gt 0 ]; then From b0f2c9d602ab80f9d1dc611f1bb8cc29b23da9e3 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Thu, 28 Jan 2016 17:19:13 +0000 Subject: [PATCH 3/9] hostapd: update to version 2016-01-15 Signed-off-by: Felix Fietkau [Drop 014 - Zoltan HERPAI ] --- package/network/services/hostapd/Makefile | 4 +- ...D-element-length-before-copying-it-C.patch | 37 -------- ...er-underflow-in-WMM-Action-frame-par.patch | 36 -------- ...TTP-chunked-transfer-encoding-parser.patch | 49 ----------- ...-payload-length-validation-for-Commi.patch | 73 ---------------- ...ix-payload-length-validation-for-Com.patch | 66 -------------- ...-Total-Length-parsing-for-fragment-r.patch | 52 ----------- ...ix-Total-Length-parsing-for-fragment.patch | 50 ----------- ...ix-asymmetric-fragmentation-behavior.patch | 32 ------- ...length-validation-in-NDEF-record-par.patch | 61 ------------- ...ata-in-WNM-Sleep-Mode-Response-frame.patch | 32 ------- ...-Fix-last-fragment-length-validation.patch | 54 ------------ ...-Fix-last-fragment-length-validation.patch | 51 ----------- ...-error-path-for-unexpected-Confirm-m.patch | 34 -------- ...ing-without-mgmt-frame-subscription-.patch | 48 ----------- .../hostapd/patches/110-bool_fix.patch | 14 --- .../hostapd/patches/120-daemonize_fix.patch | 2 +- .../hostapd/patches/130-no_eapol_fix.patch | 2 +- ...140-disable_bridge_packet_workaround.patch | 4 +- ...isassociated-STA-lost-peer-for-the-c.patch | 67 --------------- .../hostapd/patches/200-multicall.patch | 71 ++++++++------- .../services/hostapd/patches/300-noscan.patch | 21 ++--- .../patches/310-rescan_immediately.patch | 2 +- .../hostapd/patches/320-optional_rfkill.patch | 8 +- .../patches/330-nl80211_fix_set_freq.patch | 2 +- .../patches/340-reload_freq_change.patch | 4 +- .../patches/350-nl80211_del_beacon_bss.patch | 12 +-- .../patches/360-ctrl_iface_reload.patch | 16 ++-- .../hostapd/patches/370-ap_sta_support.patch | 44 +++++----- .../patches/380-disable_ctrl_iface_mib.patch | 46 +++++----- .../patches/390-wpa_ie_cap_workaround.patch | 4 +- .../400-wps_single_auth_enc_type.patch | 39 ++++----- .../patches/410-limit_debug_messages.patch | 8 +- .../patches/420-indicate-features.patch | 14 +-- .../patches/430-hostapd_cli_ifdef.patch | 12 +-- .../hostapd/patches/431-wpa_cli_ifdef.patch | 9 +- .../patches/440-max_num_sta_probe.patch | 13 --- .../hostapd/patches/450-scan_wait.patch | 12 +-- ...dd-new-config-params-to-be-used-with.patch | 18 ++-- ...-use-new-parameters-during-ibss-join.patch | 4 +- .../462-wpa_s-support-htmode-param.patch | 12 +-- .../470-wait-for-nullfunc-longer.patch | 11 --- .../hostapd/patches/600-ubus_support.patch | 86 ++++++++++++------- 43 files changed, 243 insertions(+), 993 deletions(-) delete mode 100644 package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch delete mode 100644 package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch delete mode 100644 package/network/services/hostapd/patches/003-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch delete mode 100644 package/network/services/hostapd/patches/004-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch delete mode 100644 package/network/services/hostapd/patches/005-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch delete mode 100644 package/network/services/hostapd/patches/006-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch delete mode 100644 package/network/services/hostapd/patches/007-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch delete mode 100644 package/network/services/hostapd/patches/008-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch delete mode 100644 package/network/services/hostapd/patches/009-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch delete mode 100644 package/network/services/hostapd/patches/010-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch delete mode 100644 package/network/services/hostapd/patches/011-EAP-pwd-peer-Fix-last-fragment-length-validation.patch delete mode 100644 package/network/services/hostapd/patches/012-EAP-pwd-server-Fix-last-fragment-length-validation.patch delete mode 100644 package/network/services/hostapd/patches/013-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch delete mode 100644 package/network/services/hostapd/patches/014-nl80211-Try-running-without-mgmt-frame-subscription-.patch delete mode 100644 package/network/services/hostapd/patches/110-bool_fix.patch delete mode 100644 package/network/services/hostapd/patches/150-nl80211-Report-disassociated-STA-lost-peer-for-the-c.patch delete mode 100644 package/network/services/hostapd/patches/440-max_num_sta_probe.patch delete mode 100644 package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 8e706dc5a3..22964d5f12 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -7,9 +7,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd -PKG_VERSION:=2015-03-25 +PKG_VERSION:=2016-01-15 PKG_RELEASE:=1 -PKG_REV:=8278138e679174b1ec8af7f169c2810a8888e202 +PKG_REV:=e15dcf6d1bc2725388555523effca75b1ffab735 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=git://w1.fi/srv/git/hostap.git diff --git a/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch b/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch deleted file mode 100644 index e408fbe383..0000000000 --- a/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Tue, 7 Apr 2015 11:32:11 +0300 -Subject: [PATCH] P2P: Validate SSID element length before copying it - (CVE-2015-1863) - -This fixes a possible memcpy overflow for P2P dev->oper_ssid in -p2p_add_device(). The length provided by the peer device (0..255 bytes) -was used without proper bounds checking and that could have resulted in -arbitrary data of up to 223 bytes being written beyond the end of the -dev->oper_ssid[] array (of which about 150 bytes would be beyond the -heap allocation) when processing a corrupted management frame for P2P -peer discovery purposes. - -This could result in corrupted state in heap, unexpected program -behavior due to corrupted P2P peer device information, denial of service -due to process crash, exposure of memory contents during GO Negotiation, -and potentially arbitrary code execution. - -Thanks to Google security team for reporting this issue and smart -hardware research group of Alibaba security team for discovering it. - -Signed-off-by: Jouni Malinen ---- - src/p2p/p2p.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/src/p2p/p2p.c -+++ b/src/p2p/p2p.c -@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, - if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0) - os_memcpy(dev->interface_addr, addr, ETH_ALEN); - if (msg.ssid && -+ msg.ssid[1] <= sizeof(dev->oper_ssid) && - (msg.ssid[1] != P2P_WILDCARD_SSID_LEN || - os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) - != 0)) { diff --git a/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch b/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch deleted file mode 100644 index bc4d60fcc1..0000000000 --- a/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Wed, 29 Apr 2015 02:21:53 +0300 -Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser - -The length of the WMM Action frame was not properly validated and the -length of the information elements (int left) could end up being -negative. This would result in reading significantly past the stack -buffer while parsing the IEs in ieee802_11_parse_elems() and while doing -so, resulting in segmentation fault. - -This can result in an invalid frame being used for a denial of service -attack (hostapd process killed) against an AP with a driver that uses -hostapd for management frame processing (e.g., all mac80211-based -drivers). - -Thanks to Kostya Kortchinsky of Google security team for discovering and -reporting this issue. - -Signed-off-by: Jouni Malinen ---- - src/ap/wmm.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/src/ap/wmm.c -+++ b/src/ap/wmm.c -@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_d - return; - } - -+ if (left < 0) -+ return; /* not a valid WMM Action frame */ -+ - /* extract the tspec info element */ - if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) { - hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, diff --git a/package/network/services/hostapd/patches/003-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch b/package/network/services/hostapd/patches/003-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch deleted file mode 100644 index 36b4ca2946..0000000000 --- a/package/network/services/hostapd/patches/003-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 5acd23f4581da58683f3cf5e36cb71bbe4070bd7 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Tue, 28 Apr 2015 17:08:33 +0300 -Subject: [PATCH] WPS: Fix HTTP chunked transfer encoding parser - -strtoul() return value may end up overflowing the int h->chunk_size and -resulting in a negative value to be stored as the chunk_size. This could -result in the following memcpy operation using a very large length -argument which would result in a buffer overflow and segmentation fault. - -This could have been used to cause a denial service by any device that -has been authorized for network access (either wireless or wired). This -would affect both the WPS UPnP functionality in a WPS AP (hostapd with -upnp_iface parameter set in the configuration) and WPS ER -(wpa_supplicant with WPS_ER_START control interface command used). - -Validate the parsed chunk length value to avoid this. In addition to -rejecting negative values, we can also reject chunk size that would be -larger than the maximum configured body length. - -Thanks to Kostya Kortchinsky of Google security team for discovering and -reporting this issue. - -Signed-off-by: Jouni Malinen ---- - src/wps/httpread.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/wps/httpread.c b/src/wps/httpread.c -index 2f08f37..d2855e3 100644 ---- a/src/wps/httpread.c -+++ b/src/wps/httpread.c -@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx) - if (!isxdigit(*cbp)) - goto bad; - h->chunk_size = strtoul(cbp, NULL, 16); -+ if (h->chunk_size < 0 || -+ h->chunk_size > h->max_bytes) { -+ wpa_printf(MSG_DEBUG, -+ "httpread: Invalid chunk size %d", -+ h->chunk_size); -+ goto bad; -+ } - /* throw away chunk header - * so we have only real data - */ --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/004-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch b/package/network/services/hostapd/patches/004-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch deleted file mode 100644 index 91627fb7b7..0000000000 --- a/package/network/services/hostapd/patches/004-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch +++ /dev/null @@ -1,73 +0,0 @@ -From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Fri, 1 May 2015 16:37:45 +0300 -Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit - and Confirm - -The length of the received Commit and Confirm message payloads was not -checked before reading them. This could result in a buffer read -overflow when processing an invalid message. - -Fix this by verifying that the payload is of expected length before -processing it. In addition, enforce correct state transition sequence to -make sure there is no unexpected behavior if receiving a Commit/Confirm -message before the previous exchanges have been completed. - -Thanks to Kostya Kortchinsky of Google security team for discovering and -reporting this issue. - -Signed-off-by: Jouni Malinen ---- - src/eap_peer/eap_pwd.c | 29 +++++++++++++++++++++++++++++ - 1 file changed, 29 insertions(+) - -diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c -index f2b0926..a629437 100644 ---- a/src/eap_peer/eap_pwd.c -+++ b/src/eap_peer/eap_pwd.c -@@ -355,6 +355,23 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data, - BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL; - u16 offset; - u8 *ptr, *scalar = NULL, *element = NULL; -+ size_t prime_len, order_len; -+ -+ if (data->state != PWD_Commit_Req) { -+ ret->ignore = TRUE; -+ goto fin; -+ } -+ -+ prime_len = BN_num_bytes(data->grp->prime); -+ order_len = BN_num_bytes(data->grp->order); -+ -+ if (payload_len != 2 * prime_len + order_len) { -+ wpa_printf(MSG_INFO, -+ "EAP-pwd: Unexpected Commit payload length %u (expected %u)", -+ (unsigned int) payload_len, -+ (unsigned int) (2 * prime_len + order_len)); -+ goto fin; -+ } - - if (((data->private_value = BN_new()) == NULL) || - ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) || -@@ -554,6 +571,18 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data, - u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr; - int offset; - -+ if (data->state != PWD_Confirm_Req) { -+ ret->ignore = TRUE; -+ goto fin; -+ } -+ -+ if (payload_len != SHA256_MAC_LEN) { -+ wpa_printf(MSG_INFO, -+ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)", -+ (unsigned int) payload_len, SHA256_MAC_LEN); -+ goto fin; -+ } -+ - /* - * first build up the ciphersuite which is group | random_function | - * prf --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/005-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch b/package/network/services/hostapd/patches/005-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch deleted file mode 100644 index 5dca20b277..0000000000 --- a/package/network/services/hostapd/patches/005-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch +++ /dev/null @@ -1,66 +0,0 @@ -From e28a58be26184c2a23f80b410e0997ef1bd5d578 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Fri, 1 May 2015 16:40:44 +0300 -Subject: [PATCH 2/5] EAP-pwd server: Fix payload length validation for Commit - and Confirm - -The length of the received Commit and Confirm message payloads was not -checked before reading them. This could result in a buffer read -overflow when processing an invalid message. - -Fix this by verifying that the payload is of expected length before -processing it. In addition, enforce correct state transition sequence to -make sure there is no unexpected behavior if receiving a Commit/Confirm -message before the previous exchanges have been completed. - -Thanks to Kostya Kortchinsky of Google security team for discovering and -reporting this issue. - -Signed-off-by: Jouni Malinen ---- - src/eap_server/eap_server_pwd.c | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c -index 66bd5d2..3189105 100644 ---- a/src/eap_server/eap_server_pwd.c -+++ b/src/eap_server/eap_server_pwd.c -@@ -656,9 +656,21 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data, - BIGNUM *x = NULL, *y = NULL, *cofactor = NULL; - EC_POINT *K = NULL, *point = NULL; - int res = 0; -+ size_t prime_len, order_len; - - wpa_printf(MSG_DEBUG, "EAP-pwd: Received commit response"); - -+ prime_len = BN_num_bytes(data->grp->prime); -+ order_len = BN_num_bytes(data->grp->order); -+ -+ if (payload_len != 2 * prime_len + order_len) { -+ wpa_printf(MSG_INFO, -+ "EAP-pwd: Unexpected Commit payload length %u (expected %u)", -+ (unsigned int) payload_len, -+ (unsigned int) (2 * prime_len + order_len)); -+ goto fin; -+ } -+ - if (((data->peer_scalar = BN_new()) == NULL) || - ((data->k = BN_new()) == NULL) || - ((cofactor = BN_new()) == NULL) || -@@ -774,6 +786,13 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data, - u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr; - int offset; - -+ if (payload_len != SHA256_MAC_LEN) { -+ wpa_printf(MSG_INFO, -+ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)", -+ (unsigned int) payload_len, SHA256_MAC_LEN); -+ goto fin; -+ } -+ - /* build up the ciphersuite: group | random_function | prf */ - grp = htons(data->group_num); - ptr = (u8 *) &cs; --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/006-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch b/package/network/services/hostapd/patches/006-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch deleted file mode 100644 index 4d2f9d8aef..0000000000 --- a/package/network/services/hostapd/patches/006-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 477c74395acd0123340457ba6f15ab345d42016e Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sat, 2 May 2015 19:23:04 +0300 -Subject: [PATCH 3/5] EAP-pwd peer: Fix Total-Length parsing for fragment - reassembly - -The remaining number of bytes in the message could be smaller than the -Total-Length field size, so the length needs to be explicitly checked -prior to reading the field and decrementing the len variable. This could -have resulted in the remaining length becoming negative and interpreted -as a huge positive integer. - -In addition, check that there is no already started fragment in progress -before allocating a new buffer for reassembling fragments. This avoid a -potential memory leak when processing invalid message. - -Signed-off-by: Jouni Malinen ---- - src/eap_peer/eap_pwd.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c -index a629437..1d2079b 100644 ---- a/src/eap_peer/eap_pwd.c -+++ b/src/eap_peer/eap_pwd.c -@@ -866,11 +866,23 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, - * if it's the first fragment there'll be a length field - */ - if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) { -+ if (len < 2) { -+ wpa_printf(MSG_DEBUG, -+ "EAP-pwd: Frame too short to contain Total-Length field"); -+ ret->ignore = TRUE; -+ return NULL; -+ } - tot_len = WPA_GET_BE16(pos); - wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose " - "total length = %d", tot_len); - if (tot_len > 15000) - return NULL; -+ if (data->inbuf) { -+ wpa_printf(MSG_DEBUG, -+ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use"); -+ ret->ignore = TRUE; -+ return NULL; -+ } - data->inbuf = wpabuf_alloc(tot_len); - if (data->inbuf == NULL) { - wpa_printf(MSG_INFO, "Out of memory to buffer " --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/007-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch b/package/network/services/hostapd/patches/007-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch deleted file mode 100644 index 7edef099eb..0000000000 --- a/package/network/services/hostapd/patches/007-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 3035cc2894e08319b905bd6561e8bddc8c2db9fa Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sat, 2 May 2015 19:26:06 +0300 -Subject: [PATCH 4/5] EAP-pwd server: Fix Total-Length parsing for fragment - reassembly - -The remaining number of bytes in the message could be smaller than the -Total-Length field size, so the length needs to be explicitly checked -prior to reading the field and decrementing the len variable. This could -have resulted in the remaining length becoming negative and interpreted -as a huge positive integer. - -In addition, check that there is no already started fragment in progress -before allocating a new buffer for reassembling fragments. This avoid a -potential memory leak when processing invalid message. - -Signed-off-by: Jouni Malinen ---- - src/eap_server/eap_server_pwd.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c -index 3189105..2bfc3c2 100644 ---- a/src/eap_server/eap_server_pwd.c -+++ b/src/eap_server/eap_server_pwd.c -@@ -942,11 +942,21 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv, - * the first fragment has a total length - */ - if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) { -+ if (len < 2) { -+ wpa_printf(MSG_DEBUG, -+ "EAP-pwd: Frame too short to contain Total-Length field"); -+ return; -+ } - tot_len = WPA_GET_BE16(pos); - wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments, total " - "length = %d", tot_len); - if (tot_len > 15000) - return; -+ if (data->inbuf) { -+ wpa_printf(MSG_DEBUG, -+ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use"); -+ return; -+ } - data->inbuf = wpabuf_alloc(tot_len); - if (data->inbuf == NULL) { - wpa_printf(MSG_INFO, "EAP-pwd: Out of memory to " --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/008-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch b/package/network/services/hostapd/patches/008-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch deleted file mode 100644 index a601323f14..0000000000 --- a/package/network/services/hostapd/patches/008-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 28a069a545b06b99eb55ad53f63f2c99e65a98f6 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sat, 2 May 2015 19:26:28 +0300 -Subject: [PATCH 5/5] EAP-pwd peer: Fix asymmetric fragmentation behavior - -The L (Length) and M (More) flags needs to be cleared before deciding -whether the locally generated response requires fragmentation. This -fixes an issue where these flags from the server could have been invalid -for the following message. In some cases, this could have resulted in -triggering the wpabuf security check that would terminate the process -due to invalid buffer allocation. - -Signed-off-by: Jouni Malinen ---- - src/eap_peer/eap_pwd.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c -index 1d2079b..e58b13a 100644 ---- a/src/eap_peer/eap_pwd.c -+++ b/src/eap_peer/eap_pwd.c -@@ -968,6 +968,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, - /* - * we have output! Do we need to fragment it? - */ -+ lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch); - len = wpabuf_len(data->outbuf); - if ((len + EAP_PWD_HDR_SIZE) > data->mtu) { - resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu, --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/009-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch b/package/network/services/hostapd/patches/009-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch deleted file mode 100644 index dd3462465e..0000000000 --- a/package/network/services/hostapd/patches/009-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch +++ /dev/null @@ -1,61 +0,0 @@ -From df9079e72760ceb7ebe7fb11538200c516bdd886 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Tue, 7 Jul 2015 21:57:28 +0300 -Subject: [PATCH] NFC: Fix payload length validation in NDEF record parser - -It was possible for the 32-bit record->total_length value to end up -wrapping around due to integer overflow if the longer form of payload -length field is used and record->payload_length gets a value close to -2^32. This could result in ndef_parse_record() accepting a too large -payload length value and the record type filter reading up to about 20 -bytes beyond the end of the buffer and potentially killing the process. -This could also result in an attempt to allocate close to 2^32 bytes of -heap memory and if that were to succeed, a buffer read overflow of the -same length which would most likely result in the process termination. -In case of record->total_length ending up getting the value 0, there -would be no buffer read overflow, but record parsing would result in an -infinite loop in ndef_parse_records(). - -Any of these error cases could potentially be used for denial of service -attacks over NFC by using a malformed NDEF record on an NFC Tag or -sending them during NFC connection handover if the application providing -the NDEF message to hostapd/wpa_supplicant did no validation of the -received records. While such validation is likely done in the NFC stack -that needs to parse the NFC messages before further processing, -hostapd/wpa_supplicant better be prepared for any data being included -here. - -Fix this by validating record->payload_length value in a way that -detects integer overflow. (CID 122668) - -Signed-off-by: Jouni Malinen ---- - src/wps/ndef.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/wps/ndef.c b/src/wps/ndef.c -index 5604b0a..50d018f 100644 ---- a/src/wps/ndef.c -+++ b/src/wps/ndef.c -@@ -48,6 +48,8 @@ static int ndef_parse_record(const u8 *data, u32 size, - if (size < 6) - return -1; - record->payload_length = ntohl(*(u32 *)pos); -+ if (record->payload_length > size - 6) -+ return -1; - pos += sizeof(u32); - } - -@@ -68,7 +70,8 @@ static int ndef_parse_record(const u8 *data, u32 size, - pos += record->payload_length; - - record->total_length = pos - data; -- if (record->total_length > size) -+ if (record->total_length > size || -+ record->total_length < record->payload_length) - return -1; - return 0; - } --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/010-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch b/package/network/services/hostapd/patches/010-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch deleted file mode 100644 index 00e5b7c771..0000000000 --- a/package/network/services/hostapd/patches/010-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6b12d93d2c7428a34bfd4b3813ba339ed57b698a Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sun, 25 Oct 2015 15:45:50 +0200 -Subject: [PATCH] WNM: Ignore Key Data in WNM Sleep Mode Response frame if no - PMF in use - -WNM Sleep Mode Response frame is used to update GTK/IGTK only if PMF is -enabled. Verify that PMF is in use before using this field on station -side to avoid accepting unauthenticated key updates. (CVE-2015-5310) - -Signed-off-by: Jouni Malinen ---- - wpa_supplicant/wnm_sta.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c -index 954de67..7d79499 100644 ---- a/wpa_supplicant/wnm_sta.c -+++ b/wpa_supplicant/wnm_sta.c -@@ -187,6 +187,12 @@ static void wnm_sleep_mode_exit_success(struct wpa_supplicant *wpa_s, - end = ptr + key_len_total; - wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total); - -+ if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) { -+ wpa_msg(wpa_s, MSG_INFO, -+ "WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled"); -+ return; -+ } -+ - while (ptr + 1 < end) { - if (ptr + 2 + ptr[1] > end) { - wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element " diff --git a/package/network/services/hostapd/patches/011-EAP-pwd-peer-Fix-last-fragment-length-validation.patch b/package/network/services/hostapd/patches/011-EAP-pwd-peer-Fix-last-fragment-length-validation.patch deleted file mode 100644 index 82c26398b6..0000000000 --- a/package/network/services/hostapd/patches/011-EAP-pwd-peer-Fix-last-fragment-length-validation.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 8057821706784608b828e769ccefbced95591e50 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sun, 1 Nov 2015 18:18:17 +0200 -Subject: [PATCH] EAP-pwd peer: Fix last fragment length validation - -All but the last fragment had their length checked against the remaining -room in the reassembly buffer. This allowed a suitably constructed last -fragment frame to try to add extra data that would go beyond the buffer. -The length validation code in wpabuf_put_data() prevents an actual -buffer write overflow from occurring, but this results in process -termination. (CVE-2015-5315) - -Signed-off-by: Jouni Malinen ---- - src/eap_peer/eap_pwd.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c -index 1f78544..75ceef1 100644 ---- a/src/eap_peer/eap_pwd.c -+++ b/src/eap_peer/eap_pwd.c -@@ -903,7 +903,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, - /* - * buffer and ACK the fragment - */ -- if (EAP_PWD_GET_MORE_BIT(lm_exch)) { -+ if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) { - data->in_frag_pos += len; - if (data->in_frag_pos > wpabuf_size(data->inbuf)) { - wpa_printf(MSG_INFO, "EAP-pwd: Buffer overflow attack " -@@ -916,7 +916,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, - return NULL; - } - wpabuf_put_data(data->inbuf, pos, len); -- -+ } -+ if (EAP_PWD_GET_MORE_BIT(lm_exch)) { - resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, - EAP_PWD_HDR_SIZE, - EAP_CODE_RESPONSE, eap_get_id(reqData)); -@@ -930,10 +931,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, - * we're buffering and this is the last fragment - */ - if (data->in_frag_pos) { -- wpabuf_put_data(data->inbuf, pos, len); - wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes", - (int) len); -- data->in_frag_pos += len; - pos = wpabuf_head_u8(data->inbuf); - len = data->in_frag_pos; - } --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/012-EAP-pwd-server-Fix-last-fragment-length-validation.patch b/package/network/services/hostapd/patches/012-EAP-pwd-server-Fix-last-fragment-length-validation.patch deleted file mode 100644 index bfc4c74e95..0000000000 --- a/package/network/services/hostapd/patches/012-EAP-pwd-server-Fix-last-fragment-length-validation.patch +++ /dev/null @@ -1,51 +0,0 @@ -From bef802ece03f9ae9d52a21f0cf4f1bc2c5a1f8aa Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sun, 1 Nov 2015 18:24:16 +0200 -Subject: [PATCH] EAP-pwd server: Fix last fragment length validation - -All but the last fragment had their length checked against the remaining -room in the reassembly buffer. This allowed a suitably constructed last -fragment frame to try to add extra data that would go beyond the buffer. -The length validation code in wpabuf_put_data() prevents an actual -buffer write overflow from occurring, but this results in process -termination. (CVE-2015-5314) - -Signed-off-by: Jouni Malinen ---- - src/eap_server/eap_server_pwd.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c -index cb83ff7..9f787ab 100644 ---- a/src/eap_server/eap_server_pwd.c -+++ b/src/eap_server/eap_server_pwd.c -@@ -970,7 +970,7 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv, - /* - * the first and all intermediate fragments have the M bit set - */ -- if (EAP_PWD_GET_MORE_BIT(lm_exch)) { -+ if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) { - if ((data->in_frag_pos + len) > wpabuf_size(data->inbuf)) { - wpa_printf(MSG_DEBUG, "EAP-pwd: Buffer overflow " - "attack detected! (%d+%d > %d)", -@@ -981,6 +981,8 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv, - } - wpabuf_put_data(data->inbuf, pos, len); - data->in_frag_pos += len; -+ } -+ if (EAP_PWD_GET_MORE_BIT(lm_exch)) { - wpa_printf(MSG_DEBUG, "EAP-pwd: Got a %d byte fragment", - (int) len); - return; -@@ -990,8 +992,6 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv, - * buffering fragments so that's how we know it's the last) - */ - if (data->in_frag_pos) { -- wpabuf_put_data(data->inbuf, pos, len); -- data->in_frag_pos += len; - pos = wpabuf_head_u8(data->inbuf); - len = data->in_frag_pos; - wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes", --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/013-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch b/package/network/services/hostapd/patches/013-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch deleted file mode 100644 index 3088f6a6dc..0000000000 --- a/package/network/services/hostapd/patches/013-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 95577884ca4fa76be91344ff7a8d5d1e6dc3da61 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sun, 1 Nov 2015 19:35:44 +0200 -Subject: [PATCH] EAP-pwd peer: Fix error path for unexpected Confirm message - -If the Confirm message is received from the server before the Identity -exchange has been completed, the group has not yet been determined and -data->grp is NULL. The error path in eap_pwd_perform_confirm_exchange() -did not take this corner case into account and could end up -dereferencing a NULL pointer and terminating the process if invalid -message sequence is received. (CVE-2015-5316) - -Signed-off-by: Jouni Malinen ---- - src/eap_peer/eap_pwd.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c -index 75ceef1..892b590 100644 ---- a/src/eap_peer/eap_pwd.c -+++ b/src/eap_peer/eap_pwd.c -@@ -774,7 +774,8 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data, - wpabuf_put_data(data->outbuf, conf, SHA256_MAC_LEN); - - fin: -- bin_clear_free(cruft, BN_num_bytes(data->grp->prime)); -+ if (data->grp) -+ bin_clear_free(cruft, BN_num_bytes(data->grp->prime)); - BN_clear_free(x); - BN_clear_free(y); - if (data->outbuf == NULL) { --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/014-nl80211-Try-running-without-mgmt-frame-subscription-.patch b/package/network/services/hostapd/patches/014-nl80211-Try-running-without-mgmt-frame-subscription-.patch deleted file mode 100644 index 25ba87d8d1..0000000000 --- a/package/network/services/hostapd/patches/014-nl80211-Try-running-without-mgmt-frame-subscription-.patch +++ /dev/null @@ -1,48 +0,0 @@ -From f4830bed661f4adff51f50a0d37c64ceb748e780 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Mon, 25 Apr 2016 17:10:47 +0200 -Subject: [PATCH] nl80211: Try running without mgmt frame subscription (driver - AP SME) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -One of supported code paths already allows this scenario. It is used if -driver doesn't report NL80211_ATTR_DEVICE_AP_SME and doesn't support -monitor interface. In such situation: -1) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails -2) We don't try subscribing for WLAN_FC_STYPE_ACTION -3) We fallback to AP SME mode after failing to create monitor interface -4) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails -Above scenario is used, e.g., with brcmfmac. As you can see - thanks to -events provided by cfg80211 - it's not really required to receive Probe -Request or action frames. - -However, the previous implementation did not allow using hostapd with -drivers that: -1) Report NL80211_ATTR_DEVICE_AP_SME -2) Don't support subscribing for PROBE_REQ and/or ACTION frames -In case of using such a driver hostapd will cancel setup after failing -to subscribe for WLAN_FC_STYPE_ACTION. I noticed it after setting flag -WIPHY_FLAG_HAVE_AP_SME in brcmfmac driver for my experiments. - -This patch allows working with such drivers with just a small warning -printed as debug message. - -Signed-off-by: Rafał Miłecki ---- - src/drivers/driver_nl80211.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/src/drivers/driver_nl80211.c -+++ b/src/drivers/driver_nl80211.c -@@ -4108,7 +4108,8 @@ static int nl80211_setup_ap(struct i802_ - - if (drv->device_ap_sme && !drv->use_monitor) - if (nl80211_mgmt_subscribe_ap_dev_sme(bss)) -- return -1; -+ wpa_printf(MSG_DEBUG, -+ "nl80211: Failed to subscribe for mgmt frames from SME driver - trying to run without it"); - - if (!drv->device_ap_sme && drv->use_monitor && - nl80211_create_monitor_interface(drv) && diff --git a/package/network/services/hostapd/patches/110-bool_fix.patch b/package/network/services/hostapd/patches/110-bool_fix.patch deleted file mode 100644 index 865c014ee3..0000000000 --- a/package/network/services/hostapd/patches/110-bool_fix.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- a/src/ap/ieee802_1x.c -+++ b/src/ap/ieee802_1x.c -@@ -2332,9 +2332,9 @@ void ieee802_1x_notify_pre_auth(struct e - } - - --static const char * bool_txt(Boolean bool) -+static const char * bool_txt(Boolean bool_val) - { -- return bool ? "TRUE" : "FALSE"; -+ return bool_val ? "TRUE" : "FALSE"; - } - - diff --git a/package/network/services/hostapd/patches/120-daemonize_fix.patch b/package/network/services/hostapd/patches/120-daemonize_fix.patch index 032e2072a3..fad84669a6 100644 --- a/package/network/services/hostapd/patches/120-daemonize_fix.patch +++ b/package/network/services/hostapd/patches/120-daemonize_fix.patch @@ -8,7 +8,7 @@ #ifdef ANDROID #include -@@ -155,59 +156,46 @@ int os_gmtime(os_time_t t, struct os_tm +@@ -179,59 +180,46 @@ int os_gmtime(os_time_t t, struct os_tm return 0; } diff --git a/package/network/services/hostapd/patches/130-no_eapol_fix.patch b/package/network/services/hostapd/patches/130-no_eapol_fix.patch index d23b47b03c..0c4114a515 100644 --- a/package/network/services/hostapd/patches/130-no_eapol_fix.patch +++ b/package/network/services/hostapd/patches/130-no_eapol_fix.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -252,9 +252,10 @@ void wpa_supplicant_cancel_auth_timeout( +@@ -253,9 +253,10 @@ void wpa_supplicant_cancel_auth_timeout( */ void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s) { diff --git a/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch b/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch index 6337d8d737..fdd5da9bf5 100644 --- a/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch +++ b/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch @@ -1,6 +1,6 @@ --- a/src/l2_packet/l2_packet_linux.c +++ b/src/l2_packet/l2_packet_linux.c -@@ -307,8 +307,7 @@ struct l2_packet_data * l2_packet_init_b +@@ -337,8 +337,7 @@ struct l2_packet_data * l2_packet_init_b l2 = l2_packet_init(br_ifname, own_addr, protocol, rx_callback, rx_callback_ctx, l2_hdr); @@ -8,5 +8,5 @@ - return NULL; + return l2; + #ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR /* - * The Linux packet socket behavior has changed over the years and there diff --git a/package/network/services/hostapd/patches/150-nl80211-Report-disassociated-STA-lost-peer-for-the-c.patch b/package/network/services/hostapd/patches/150-nl80211-Report-disassociated-STA-lost-peer-for-the-c.patch deleted file mode 100644 index 66c682fbd3..0000000000 --- a/package/network/services/hostapd/patches/150-nl80211-Report-disassociated-STA-lost-peer-for-the-c.patch +++ /dev/null @@ -1,67 +0,0 @@ -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Mon, 11 Jan 2016 19:18:06 +0100 -Subject: [PATCH] nl80211: Report disassociated STA / lost peer for the correct - BSS -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We shouldn't use drv->ctx as it always points to the first BSS. When -using FullMAC driver with multi-BSS support it resulted in incorrect -treating nl80211 events. I noticed with with brcmfmac and BCM43602. - -Before my change I was getting "disassociated" on a wrong interface: -wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated -wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN) -wlan0: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated - -With this patch it works as expected: -wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated -wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN) -wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated - -This doesn't apply to hostapd dealing with SoftMAC drivers when handling -AP SME & MLME is done it hostapd not the firmware. - -Signed-off-by: Rafał Miłecki ---- - src/drivers/driver_nl80211_event.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - ---- a/src/drivers/driver_nl80211_event.c -+++ b/src/drivers/driver_nl80211_event.c -@@ -1154,6 +1154,7 @@ static void nl80211_new_station_event(st - - - static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, -+ struct i802_bss *bss, - struct nlattr **tb) - { - u8 *addr; -@@ -1166,7 +1167,7 @@ static void nl80211_del_station_event(st - MAC2STR(addr)); - - if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { -- drv_event_disassoc(drv->ctx, addr); -+ drv_event_disassoc(bss->ctx, addr); - return; - } - -@@ -1175,7 +1176,7 @@ static void nl80211_del_station_event(st - - os_memset(&data, 0, sizeof(data)); - os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); -- wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); -+ wpa_supplicant_event(bss->ctx, EVENT_IBSS_PEER_LOST, &data); - } - - -@@ -1939,7 +1940,7 @@ static void do_process_drv_event(struct - nl80211_new_station_event(drv, bss, tb); - break; - case NL80211_CMD_DEL_STATION: -- nl80211_del_station_event(drv, tb); -+ nl80211_del_station_event(drv, bss, tb); - break; - case NL80211_CMD_SET_REKEY_OFFLOAD: - nl80211_rekey_offload_event(drv, tb); diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch index de4a3a8e7f..08f1e95a4f 100644 --- a/package/network/services/hostapd/patches/200-multicall.patch +++ b/package/network/services/hostapd/patches/200-multicall.patch @@ -1,14 +1,14 @@ --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -17,6 +17,7 @@ export BINDIR ?= /usr/local/bin/ +@@ -32,6 +32,7 @@ export BINDIR ?= /usr/local/bin/ # CFLAGS += -DUSE_KERNEL_HEADERS -I/usr/src/linux/include -include .config +-include $(if $(MULTICALL), ../wpa_supplicant/.config) - ifdef CONFIG_TESTING_OPTIONS - CFLAGS += -DCONFIG_TESTING_OPTIONS -@@ -242,10 +243,14 @@ ifdef CONFIG_IEEE80211AC + ifndef CONFIG_NO_GITVER + # Add VERSION_STR postfix for builds from a git repository +@@ -277,10 +278,14 @@ ifdef CONFIG_IEEE80211AC CFLAGS += -DCONFIG_IEEE80211AC endif @@ -26,7 +26,7 @@ LIBS += $(DRV_AP_LIBS) ifdef CONFIG_L2_PACKET -@@ -941,6 +946,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) +@@ -1019,6 +1024,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) BCHECK=../src/drivers/build.hostapd @@ -39,7 +39,7 @@ hostapd: $(BCHECK) $(OBJS) $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS) @$(E) " LD " $@ -@@ -980,6 +991,12 @@ HOBJS += ../src/crypto/aes-internal.o +@@ -1060,6 +1071,12 @@ HOBJS += ../src/crypto/aes-internal.o HOBJS += ../src/crypto/aes-internal-enc.o endif @@ -54,15 +54,15 @@ @$(E) " LD " $@ --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -15,6 +15,7 @@ CFLAGS += -I$(abspath ../src) +@@ -27,6 +27,7 @@ CFLAGS += -I$(abspath ../src) CFLAGS += -I$(abspath ../src/utils) -include .config +-include $(if $(MULTICALL),../hostapd/.config) - ifdef CONFIG_TESTING_OPTIONS - CFLAGS += -DCONFIG_TESTING_OPTIONS -@@ -773,6 +774,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS + ifndef CONFIG_NO_GITVER + # Add VERSION_STR postfix for builds from a git repository +@@ -794,6 +795,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS LIBS += -ldl -rdynamic endif @@ -73,7 +73,7 @@ endif ifdef CONFIG_MACSEC -@@ -793,9 +798,11 @@ NEED_EAP_COMMON=y +@@ -814,9 +819,11 @@ NEED_EAP_COMMON=y NEED_RSN_AUTHENTICATOR=y CFLAGS += -DCONFIG_AP OBJS += ap.o @@ -85,7 +85,7 @@ OBJS += ../src/ap/hostapd.o OBJS += ../src/ap/wpa_auth_glue.o OBJS += ../src/ap/utils.o -@@ -858,10 +865,18 @@ endif +@@ -879,10 +886,18 @@ endif ifdef CONFIG_HS20 OBJS += ../src/ap/hs20.o endif @@ -104,7 +104,7 @@ NEED_AES_WRAP=y OBJS += ../src/ap/wpa_auth.o OBJS += ../src/ap/wpa_auth_ie.o -@@ -1603,6 +1618,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv) +@@ -1657,6 +1672,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv) $(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config @@ -117,7 +117,7 @@ wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs) $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS) @$(E) " LD " $@ -@@ -1694,6 +1715,12 @@ endif +@@ -1757,6 +1778,12 @@ endif $(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@ @$(E) " sed" $< @@ -132,7 +132,7 @@ wpa_cli.exe: wpa_cli --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -4581,8 +4581,8 @@ union wpa_event_data { +@@ -4707,8 +4707,8 @@ union wpa_event_data { * Driver wrapper code should call this function whenever an event is received * from the driver. */ @@ -145,7 +145,7 @@ /* --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c -@@ -1075,8 +1075,8 @@ static void hostapd_event_dfs_cac_starte +@@ -1122,8 +1122,8 @@ static void hostapd_event_dfs_cac_starte #endif /* NEED_AP_MLME */ @@ -158,7 +158,7 @@ #ifndef CONFIG_NO_STDOUT_DEBUG --- a/wpa_supplicant/wpa_priv.c +++ b/wpa_supplicant/wpa_priv.c -@@ -819,8 +819,8 @@ static void wpa_priv_send_ft_response(st +@@ -932,8 +932,8 @@ static void wpa_priv_send_ft_response(st } @@ -169,7 +169,7 @@ { struct wpa_priv_interface *iface = ctx; -@@ -961,6 +961,7 @@ int main(int argc, char *argv[]) +@@ -1082,6 +1082,7 @@ int main(int argc, char *argv[]) if (os_program_init()) return -1; @@ -179,7 +179,7 @@ for (;;) { --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c -@@ -3138,8 +3138,8 @@ static void wpa_supplicant_event_assoc_a +@@ -3298,8 +3298,8 @@ static void wpa_supplicant_event_assoc_a } @@ -189,10 +189,19 @@ + union wpa_event_data *data) { struct wpa_supplicant *wpa_s = ctx; - + int resched; +@@ -3947,7 +3947,7 @@ void wpa_supplicant_event(void *ctx, enu + #endif /* CONFIG_AP */ + break; + case EVENT_ACS_CHANNEL_SELECTED: +-#ifdef CONFIG_ACS ++#if defined(CONFIG_ACS) && defined(CONFIG_AP) + if (!wpa_s->ap_iface) + break; + hostapd_acs_channel_selected(wpa_s->ap_iface->bss[0], --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -4300,6 +4300,9 @@ static void wpa_supplicant_deinit_iface( +@@ -4845,6 +4845,9 @@ static void wpa_supplicant_deinit_iface( os_free(wpa_s); } @@ -202,7 +211,7 @@ /** * wpa_supplicant_add_iface - Add a new network interface -@@ -4526,6 +4529,7 @@ struct wpa_global * wpa_supplicant_init( +@@ -5100,6 +5103,7 @@ struct wpa_global * wpa_supplicant_init( #ifndef CONFIG_NO_WPA_MSG wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb); #endif /* CONFIG_NO_WPA_MSG */ @@ -212,7 +221,7 @@ wpa_debug_open_file(params->wpa_debug_file_path); --- a/hostapd/main.c +++ b/hostapd/main.c -@@ -511,6 +511,9 @@ static int hostapd_get_ctrl_iface_group( +@@ -513,6 +513,9 @@ static int hostapd_get_ctrl_iface_group( return 0; } @@ -222,13 +231,13 @@ #ifdef CONFIG_WPS static int gen_uuid(const char *txt_addr) -@@ -562,6 +565,7 @@ int main(int argc, char *argv[]) - interfaces.global_iface_name = NULL; +@@ -588,6 +591,7 @@ int main(int argc, char *argv[]) interfaces.global_ctrl_sock = -1; + interfaces.global_ctrl_dst = NULL; + wpa_supplicant_event = hostapd_wpa_event; for (;;) { - c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:"); + c = getopt(argc, argv, "b:Bde:f:hKP:STtu:vg:G:"); if (c < 0) --- a/src/drivers/drivers.c +++ b/src/drivers/drivers.c @@ -244,20 +253,18 @@ #endif /* CONFIG_DRIVER_WEXT */ --- a/wpa_supplicant/eapol_test.c +++ b/wpa_supplicant/eapol_test.c -@@ -28,8 +28,12 @@ +@@ -29,7 +29,10 @@ #include "ctrl_iface.h" #include "pcsc_funcs.h" #include "wpas_glue.h" +#include "drivers/driver.h" - +void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); -+ - struct wpa_driver_ops *wpa_drivers[] = { NULL }; + const struct wpa_driver_ops *const wpa_drivers[] = { NULL }; -@@ -1203,6 +1207,8 @@ static void usage(void) +@@ -1288,6 +1291,8 @@ static void usage(void) "option several times.\n"); } @@ -266,7 +273,7 @@ int main(int argc, char *argv[]) { -@@ -1221,6 +1227,7 @@ int main(int argc, char *argv[]) +@@ -1308,6 +1313,7 @@ int main(int argc, char *argv[]) if (os_program_init()) return -1; diff --git a/package/network/services/hostapd/patches/300-noscan.patch b/package/network/services/hostapd/patches/300-noscan.patch index 57d8fe27bf..85dc0c1cce 100644 --- a/package/network/services/hostapd/patches/300-noscan.patch +++ b/package/network/services/hostapd/patches/300-noscan.patch @@ -1,6 +1,6 @@ --- a/hostapd/config_file.c +++ b/hostapd/config_file.c -@@ -2771,6 +2771,10 @@ static int hostapd_config_fill(struct ho +@@ -2852,6 +2852,10 @@ static int hostapd_config_fill(struct ho } #endif /* CONFIG_IEEE80211W */ #ifdef CONFIG_IEEE80211N @@ -13,7 +13,7 @@ } else if (os_strcmp(buf, "ht_capab") == 0) { --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h -@@ -619,6 +619,8 @@ struct hostapd_config { +@@ -639,6 +639,8 @@ struct hostapd_config { int ht_op_mode_fixed; u16 ht_capab; @@ -21,21 +21,22 @@ + int no_ht_coex; int ieee80211n; int secondary_channel; - int require_ht; + int no_pri_sec_switch; --- a/src/ap/hw_features.c +++ b/src/ap/hw_features.c -@@ -461,7 +461,7 @@ static int ieee80211n_check_40mhz(struct - struct wpa_driver_scan_params params; +@@ -473,7 +473,8 @@ static int ieee80211n_check_40mhz(struct int ret; -- if (!iface->conf->secondary_channel) -+ if (!iface->conf->secondary_channel || iface->conf->noscan) - return 0; /* HT40 not used */ + /* Check that HT40 is used and PRI / SEC switch is allowed */ +- if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch) ++ if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch || ++ iface->conf->noscan) + return 0; hostapd_set_state(iface, HAPD_IFACE_HT_SCAN); --- a/src/ap/ieee802_11_ht.c +++ b/src/ap/ieee802_11_ht.c -@@ -221,6 +221,9 @@ void hostapd_2040_coex_action(struct hos +@@ -244,6 +244,9 @@ void hostapd_2040_coex_action(struct hos if (!(iface->conf->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) return; @@ -45,7 +46,7 @@ if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) return; -@@ -346,6 +349,9 @@ void ht40_intolerant_add(struct hostapd_ +@@ -368,6 +371,9 @@ void ht40_intolerant_add(struct hostapd_ if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G) return; diff --git a/package/network/services/hostapd/patches/310-rescan_immediately.patch b/package/network/services/hostapd/patches/310-rescan_immediately.patch index 7be8c32e3b..3bcdd70e75 100644 --- a/package/network/services/hostapd/patches/310-rescan_immediately.patch +++ b/package/network/services/hostapd/patches/310-rescan_immediately.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -3249,7 +3249,7 @@ wpa_supplicant_alloc(struct wpa_supplica +@@ -3449,7 +3449,7 @@ wpa_supplicant_alloc(struct wpa_supplica if (wpa_s == NULL) return NULL; wpa_s->scan_req = INITIAL_SCAN_REQ; diff --git a/package/network/services/hostapd/patches/320-optional_rfkill.patch b/package/network/services/hostapd/patches/320-optional_rfkill.patch index 75b4b07f82..349af030b9 100644 --- a/package/network/services/hostapd/patches/320-optional_rfkill.patch +++ b/package/network/services/hostapd/patches/320-optional_rfkill.patch @@ -1,6 +1,6 @@ --- a/src/drivers/drivers.mak +++ b/src/drivers/drivers.mak -@@ -34,7 +34,6 @@ NEED_SME=y +@@ -37,7 +37,6 @@ NEED_SME=y NEED_AP_MLME=y NEED_NETLINK=y NEED_LINUX_IOCTL=y @@ -8,7 +8,7 @@ ifdef CONFIG_LIBNL32 DRV_LIBS += -lnl-3 -@@ -116,7 +115,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT +@@ -121,7 +120,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT CONFIG_WIRELESS_EXTENSION=y NEED_NETLINK=y NEED_LINUX_IOCTL=y @@ -16,7 +16,7 @@ endif ifdef CONFIG_DRIVER_NDIS -@@ -142,7 +140,6 @@ endif +@@ -147,7 +145,6 @@ endif ifdef CONFIG_WIRELESS_EXTENSION DRV_WPA_CFLAGS += -DCONFIG_WIRELESS_EXTENSION DRV_WPA_OBJS += ../src/drivers/driver_wext.o @@ -24,7 +24,7 @@ endif ifdef NEED_NETLINK -@@ -155,6 +152,7 @@ endif +@@ -160,6 +157,7 @@ endif ifdef NEED_RFKILL DRV_OBJS += ../src/drivers/rfkill.o diff --git a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch index dd90877e90..4738fcd632 100644 --- a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch +++ b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch @@ -1,6 +1,6 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -3616,7 +3616,7 @@ static int nl80211_set_channel(struct i8 +@@ -3708,7 +3708,7 @@ static int nl80211_set_channel(struct i8 freq->freq, freq->ht_enabled, freq->vht_enabled, freq->bandwidth, freq->center_freq1, freq->center_freq2); diff --git a/package/network/services/hostapd/patches/340-reload_freq_change.patch b/package/network/services/hostapd/patches/340-reload_freq_change.patch index 91b61964dd..a687a805fc 100644 --- a/package/network/services/hostapd/patches/340-reload_freq_change.patch +++ b/package/network/services/hostapd/patches/340-reload_freq_change.patch @@ -1,6 +1,6 @@ --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -76,6 +76,16 @@ static void hostapd_reload_bss(struct ho +@@ -78,6 +78,16 @@ static void hostapd_reload_bss(struct ho #endif /* CONFIG_NO_RADIUS */ ssid = &hapd->conf->ssid; @@ -17,7 +17,7 @@ if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next && ssid->wpa_passphrase_set && ssid->wpa_passphrase) { /* -@@ -175,21 +185,12 @@ int hostapd_reload_config(struct hostapd +@@ -177,21 +187,12 @@ int hostapd_reload_config(struct hostapd oldconf = hapd->iconf; iface->conf = newconf; diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch index a14fa03527..bc720230e4 100644 --- a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch +++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch @@ -1,6 +1,6 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -2254,13 +2254,18 @@ wpa_driver_nl80211_finish_drv_init(struc +@@ -2323,13 +2323,18 @@ wpa_driver_nl80211_finish_drv_init(struc } @@ -22,7 +22,7 @@ return send_and_recv_msgs(drv, msg, NULL, NULL); } -@@ -2311,7 +2316,7 @@ static void wpa_driver_nl80211_deinit(st +@@ -2380,7 +2385,7 @@ static void wpa_driver_nl80211_deinit(st nl80211_remove_monitor_interface(drv); if (is_ap_interface(drv->nlmode)) @@ -31,7 +31,7 @@ if (drv->eapol_sock >= 0) { eloop_unregister_read_sock(drv->eapol_sock); -@@ -4140,8 +4145,7 @@ static void nl80211_teardown_ap(struct i +@@ -4232,8 +4237,7 @@ static void nl80211_teardown_ap(struct i nl80211_remove_monitor_interface(drv); else nl80211_mgmt_unsubscribe(bss, "AP teardown"); @@ -41,7 +41,7 @@ } -@@ -6066,8 +6070,6 @@ static int wpa_driver_nl80211_if_remove( +@@ -6164,8 +6168,6 @@ static int wpa_driver_nl80211_if_remove( } else { wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); nl80211_teardown_ap(bss); @@ -50,7 +50,7 @@ nl80211_destroy_bss(bss); if (!bss->added_if) i802_set_iface_flags(bss, 0); -@@ -6389,8 +6391,7 @@ static int wpa_driver_nl80211_deinit_ap( +@@ -6527,8 +6529,7 @@ static int wpa_driver_nl80211_deinit_ap( struct wpa_driver_nl80211_data *drv = bss->drv; if (!is_ap_interface(drv->nlmode)) return -1; @@ -60,7 +60,7 @@ /* * If the P2P GO interface was dynamically added, then it is -@@ -6409,8 +6410,7 @@ static int wpa_driver_nl80211_stop_ap(vo +@@ -6547,8 +6548,7 @@ static int wpa_driver_nl80211_stop_ap(vo struct wpa_driver_nl80211_data *drv = bss->drv; if (!is_ap_interface(drv->nlmode)) return -1; diff --git a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch index 06b005ea3a..ebc63ab246 100644 --- a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch +++ b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch @@ -1,22 +1,22 @@ --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c -@@ -45,6 +45,7 @@ - #include "wps/wps.h" +@@ -47,6 +47,7 @@ + #include "fst/fst_ctrl_iface.h" #include "config_file.h" #include "ctrl_iface.h" +#include "config_file.h" - struct wpa_ctrl_dst { -@@ -55,6 +56,7 @@ struct wpa_ctrl_dst { + #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256 +@@ -59,6 +60,7 @@ struct wpa_ctrl_dst { int errors; }; +static char *reload_opts = NULL; static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level, - const char *buf, size_t len); -@@ -164,6 +166,61 @@ static int hostapd_ctrl_iface_new_sta(st + enum wpa_msg_type type, +@@ -169,6 +171,61 @@ static int hostapd_ctrl_iface_new_sta(st return 0; } @@ -78,7 +78,7 @@ #ifdef CONFIG_IEEE80211W #ifdef NEED_AP_MLME -@@ -2086,6 +2143,8 @@ static void hostapd_ctrl_iface_receive(i +@@ -2257,6 +2314,8 @@ static int hostapd_ctrl_iface_receive_pr } else if (os_strncmp(buf, "VENDOR ", 7) == 0) { reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply, reply_size); @@ -89,7 +89,7 @@ #ifdef RADIUS_SERVER --- a/src/ap/ctrl_iface_ap.c +++ b/src/ap/ctrl_iface_ap.c -@@ -541,5 +541,11 @@ int hostapd_parse_csa_settings(const cha +@@ -552,5 +552,11 @@ int hostapd_parse_csa_settings(const cha int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd) { diff --git a/package/network/services/hostapd/patches/370-ap_sta_support.patch b/package/network/services/hostapd/patches/370-ap_sta_support.patch index ea235e6778..716916a0f0 100644 --- a/package/network/services/hostapd/patches/370-ap_sta_support.patch +++ b/package/network/services/hostapd/patches/370-ap_sta_support.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h -@@ -110,6 +110,11 @@ struct wpa_interface { +@@ -99,6 +99,11 @@ struct wpa_interface { const char *ifname; /** @@ -12,7 +12,7 @@ * bridge_ifname - Optional bridge interface name * * If the driver interface (ifname) is included in a Linux bridge -@@ -442,6 +447,8 @@ struct wpa_supplicant { +@@ -465,6 +470,8 @@ struct wpa_supplicant { #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */ char bridge_ifname[16]; @@ -23,7 +23,7 @@ --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -14,6 +14,10 @@ CFLAGS += $(EXTRA_CFLAGS) +@@ -26,6 +26,10 @@ CFLAGS += $(EXTRA_CFLAGS) CFLAGS += -I$(abspath ../src) CFLAGS += -I$(abspath ../src/utils) @@ -34,7 +34,7 @@ -include .config -include $(if $(MULTICALL),../hostapd/.config) -@@ -84,6 +88,8 @@ OBJS_c += ../src/utils/wpa_debug.o +@@ -113,6 +117,8 @@ OBJS_c += ../src/utils/wpa_debug.o OBJS_c += ../src/utils/common.o OBJS += wmm_ac.o @@ -45,7 +45,7 @@ CONFIG_OS=win32 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -107,6 +107,55 @@ const char *wpa_supplicant_full_license5 +@@ -108,6 +108,55 @@ const char *const wpa_supplicant_full_li "\n"; #endif /* CONFIG_NO_STDOUT_DEBUG */ @@ -73,7 +73,7 @@ + int ret; + + if (!bss) -+ return; ++ return -1; + + if (bss->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) { + int sec = bss->ht_param & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK; @@ -101,7 +101,7 @@ /* Configure default/group WEP keys for static WEP */ int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) { -@@ -743,8 +792,12 @@ void wpa_supplicant_set_state(struct wpa +@@ -783,8 +832,12 @@ void wpa_supplicant_set_state(struct wpa wpas_p2p_completed(wpa_s); sme_sched_obss_scan(wpa_s, 1); @@ -114,7 +114,7 @@ wpa_s->new_connection = 1; wpa_drv_set_operstate(wpa_s, 0); #ifndef IEEE8021X_EAPOL -@@ -4038,6 +4091,20 @@ static int wpa_supplicant_init_iface(str +@@ -4537,6 +4590,20 @@ static int wpa_supplicant_init_iface(str sizeof(wpa_s->bridge_ifname)); } @@ -135,7 +135,7 @@ /* RSNA Supplicant Key Management - INITIALIZE */ eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); eapol_sm_notify_portValid(wpa_s->eapol, FALSE); -@@ -4280,6 +4347,11 @@ static void wpa_supplicant_deinit_iface( +@@ -4823,6 +4890,11 @@ static void wpa_supplicant_deinit_iface( if (terminate) wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING); @@ -157,7 +157,7 @@ #include "drivers/driver.h" #include "wpa_supplicant_i.h" #include "config.h" -@@ -277,6 +278,10 @@ static void calculate_update_time(const +@@ -287,6 +288,10 @@ static void calculate_update_time(const static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src, struct os_reltime *fetch_time) { @@ -168,7 +168,7 @@ dst->flags = src->flags; os_memcpy(dst->bssid, src->bssid, ETH_ALEN); dst->freq = src->freq; -@@ -289,6 +294,15 @@ static void wpa_bss_copy_res(struct wpa_ +@@ -299,6 +304,15 @@ static void wpa_bss_copy_res(struct wpa_ dst->est_throughput = src->est_throughput; dst->snr = src->snr; @@ -186,7 +186,7 @@ --- a/wpa_supplicant/main.c +++ b/wpa_supplicant/main.c -@@ -33,7 +33,7 @@ static void usage(void) +@@ -34,7 +34,7 @@ static void usage(void) "vW] [-P] " "[-g] \\\n" " [-G] \\\n" @@ -195,15 +195,15 @@ "[-p] \\\n" " [-b] [-e]" #ifdef CONFIG_DEBUG_FILE -@@ -84,6 +84,7 @@ static void usage(void) - #endif /* CONFIG_DEBUG_LINUX_TRACING */ - printf(" -t = include timestamp in debug messages\n" +@@ -74,6 +74,7 @@ static void usage(void) + " -g = global ctrl_interface\n" + " -G = global ctrl_interface group\n" " -h = show this help text\n" + " -H = connect to a hostapd instance to manage state changes\n" - " -L = show license (BSD)\n" - " -o = override driver parameter for new interfaces\n" - " -O = override ctrl_interface parameter for new interfaces\n" -@@ -175,7 +176,7 @@ int main(int argc, char *argv[]) + " -i = interface name\n" + " -I = additional configuration file\n" + " -K = include keys (passwords, etc.) in debug output\n" +@@ -176,7 +177,7 @@ int main(int argc, char *argv[]) for (;;) { c = getopt(argc, argv, @@ -212,7 +212,7 @@ if (c < 0) break; switch (c) { -@@ -222,6 +223,9 @@ int main(int argc, char *argv[]) +@@ -223,6 +224,9 @@ int main(int argc, char *argv[]) usage(); exitcode = 0; goto out; @@ -224,8 +224,8 @@ break; --- a/wpa_supplicant/bss.h +++ b/wpa_supplicant/bss.h -@@ -72,6 +72,10 @@ struct wpa_bss { - u8 ssid[32]; +@@ -79,6 +79,10 @@ struct wpa_bss { + u8 ssid[SSID_MAX_LEN]; /** Length of SSID */ size_t ssid_len; + /** HT caapbilities */ diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch index 3a41b8219e..1e1aa20730 100644 --- a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch +++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch @@ -1,6 +1,6 @@ --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -168,6 +168,9 @@ endif +@@ -202,6 +202,9 @@ endif ifdef CONFIG_NO_CTRL_IFACE CFLAGS += -DCONFIG_NO_CTRL_IFACE else @@ -12,7 +12,7 @@ endif --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c -@@ -1953,6 +1953,7 @@ static void hostapd_ctrl_iface_receive(i +@@ -2119,6 +2119,7 @@ static int hostapd_ctrl_iface_receive_pr reply_size); } else if (os_strcmp(buf, "STATUS-DRIVER") == 0) { reply_len = hostapd_drv_status(hapd, reply, reply_size); @@ -20,17 +20,17 @@ } else if (os_strcmp(buf, "MIB") == 0) { reply_len = ieee802_11_get_mib(hapd, reply, reply_size); if (reply_len >= 0) { -@@ -1994,6 +1995,7 @@ static void hostapd_ctrl_iface_receive(i +@@ -2160,6 +2161,7 @@ static int hostapd_ctrl_iface_receive_pr } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply, reply_size); +#endif } else if (os_strcmp(buf, "ATTACH") == 0) { - if (hostapd_ctrl_iface_attach(hapd, &from, fromlen)) + if (hostapd_ctrl_iface_attach(hapd, from, fromlen)) reply_len = -1; --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -837,6 +837,9 @@ ifdef CONFIG_WNM +@@ -858,6 +858,9 @@ ifdef CONFIG_WNM OBJS += ../src/ap/wnm_ap.o endif ifdef CONFIG_CTRL_IFACE @@ -42,7 +42,7 @@ --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c -@@ -1795,7 +1795,7 @@ static int wpa_supplicant_ctrl_iface_sta +@@ -1858,7 +1858,7 @@ static int wpa_supplicant_ctrl_iface_sta pos += ret; } @@ -51,7 +51,7 @@ if (wpa_s->ap_iface) { pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos, end - pos, -@@ -7896,6 +7896,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -8352,6 +8352,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = -1; } else if (os_strncmp(buf, "NOTE ", 5) == 0) { wpa_printf(MSG_INFO, "NOTE: %s", buf + 5); @@ -59,7 +59,7 @@ } else if (os_strcmp(buf, "MIB") == 0) { reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size); if (reply_len >= 0) { -@@ -7903,6 +7904,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -8359,6 +8360,7 @@ char * wpa_supplicant_ctrl_iface_process reply + reply_len, reply_size - reply_len); } @@ -67,7 +67,7 @@ } else if (os_strncmp(buf, "STATUS", 6) == 0) { reply_len = wpa_supplicant_ctrl_iface_status( wpa_s, buf + 6, reply, reply_size); -@@ -8353,6 +8355,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -8821,6 +8823,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = wpa_supplicant_ctrl_iface_bss( wpa_s, buf + 4, reply, reply_size); #ifdef CONFIG_AP @@ -75,7 +75,7 @@ } else if (os_strcmp(buf, "STA-FIRST") == 0) { reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size); } else if (os_strncmp(buf, "STA ", 4) == 0) { -@@ -8361,12 +8364,15 @@ char * wpa_supplicant_ctrl_iface_process +@@ -8829,12 +8832,15 @@ char * wpa_supplicant_ctrl_iface_process } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply, reply_size); @@ -93,7 +93,7 @@ reply_len = -1; --- a/src/ap/ctrl_iface_ap.c +++ b/src/ap/ctrl_iface_ap.c -@@ -22,6 +22,7 @@ +@@ -23,6 +23,7 @@ #include "ctrl_iface_ap.h" #include "ap_drv_ops.h" @@ -101,7 +101,7 @@ static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd, struct sta_info *sta, -@@ -224,6 +225,7 @@ int hostapd_ctrl_iface_sta_next(struct h +@@ -235,6 +236,7 @@ int hostapd_ctrl_iface_sta_next(struct h return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen); } @@ -111,33 +111,33 @@ static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype, --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c -@@ -2337,6 +2337,7 @@ static const char * bool_txt(Boolean boo - return bool_val ? "TRUE" : "FALSE"; +@@ -2359,6 +2359,7 @@ static const char * bool_txt(Boolean val + return val ? "TRUE" : "FALSE"; } +#ifdef CONFIG_CTRL_IFACE_MIB int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) { -@@ -2512,6 +2513,7 @@ int ieee802_1x_get_mib_sta(struct hostap +@@ -2534,6 +2535,7 @@ int ieee802_1x_get_mib_sta(struct hostap return len; } +#endif - static void ieee802_1x_finished(struct hostapd_data *hapd, - struct sta_info *sta, int success, + #ifdef CONFIG_HS20 + static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx) --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c -@@ -2999,6 +2999,7 @@ static const char * wpa_bool_txt(int boo - return bool ? "TRUE" : "FALSE"; +@@ -3069,6 +3069,7 @@ static const char * wpa_bool_txt(int val + return val ? "TRUE" : "FALSE"; } +#ifdef CONFIG_CTRL_IFACE_MIB #define RSN_SUITE "%02x-%02x-%02x-%d" #define RSN_SUITE_ARG(s) \ -@@ -3143,7 +3144,7 @@ int wpa_get_mib_sta(struct wpa_state_mac +@@ -3213,7 +3214,7 @@ int wpa_get_mib_sta(struct wpa_state_mac return len; } @@ -148,7 +148,7 @@ { --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c -@@ -2032,6 +2032,8 @@ static u32 wpa_key_mgmt_suite(struct wpa +@@ -2108,6 +2108,8 @@ static u32 wpa_key_mgmt_suite(struct wpa } @@ -157,7 +157,7 @@ #define RSN_SUITE "%02x-%02x-%02x-%d" #define RSN_SUITE_ARG(s) \ ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff -@@ -2115,6 +2117,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch +@@ -2191,6 +2193,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch return (int) len; } @@ -167,7 +167,7 @@ --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c -@@ -1015,7 +1015,7 @@ int wpas_ap_wps_nfc_report_handover(stru +@@ -1091,7 +1091,7 @@ int wpas_ap_wps_nfc_report_handover(stru #endif /* CONFIG_WPS */ diff --git a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch index 1065a7f125..0d752b0508 100644 --- a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch +++ b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch @@ -1,6 +1,6 @@ --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c -@@ -1228,6 +1228,31 @@ u32 wpa_akm_to_suite(int akm) +@@ -1242,6 +1242,31 @@ u32 wpa_akm_to_suite(int akm) } @@ -32,7 +32,7 @@ int wpa_compare_rsn_ie(int ft_initial_assoc, const u8 *ie1, size_t ie1len, const u8 *ie2, size_t ie2len) -@@ -1235,8 +1260,19 @@ int wpa_compare_rsn_ie(int ft_initial_as +@@ -1249,8 +1274,19 @@ int wpa_compare_rsn_ie(int ft_initial_as if (ie1 == NULL || ie2 == NULL) return -1; diff --git a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch index 083af5b450..f5872cd597 100644 --- a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch +++ b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch @@ -1,25 +1,22 @@ --- a/src/ap/wps_hostapd.c +++ b/src/ap/wps_hostapd.c -@@ -1052,11 +1052,9 @@ int hostapd_init_wps(struct hostapd_data - - if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) +@@ -352,8 +352,7 @@ static int hapd_wps_reconfig_in_memory(s + bss->wpa_pairwise |= WPA_CIPHER_GCMP; + else + bss->wpa_pairwise |= WPA_CIPHER_CCMP; +- } +- if (cred->encr_type & WPS_ENCR_TKIP) ++ } else if (cred->encr_type & WPS_ENCR_TKIP) + bss->wpa_pairwise |= WPA_CIPHER_TKIP; + bss->rsn_pairwise = bss->wpa_pairwise; + bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, +@@ -1073,8 +1072,7 @@ int hostapd_init_wps(struct hostapd_data + if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) { wps->encr_types |= WPS_ENCR_AES; -- if (conf->rsn_pairwise & WPA_CIPHER_TKIP) -+ else if (conf->rsn_pairwise & WPA_CIPHER_TKIP) + wps->encr_types_rsn |= WPS_ENCR_AES; +- } +- if (conf->rsn_pairwise & WPA_CIPHER_TKIP) { ++ } else if (conf->rsn_pairwise & WPA_CIPHER_TKIP) { wps->encr_types |= WPS_ENCR_TKIP; -- } -- -- if (conf->wpa & WPA_PROTO_WPA) { -+ } else if (conf->wpa & WPA_PROTO_WPA) { - if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) - wps->auth_types |= WPS_AUTH_WPAPSK; - if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) -@@ -1064,7 +1062,7 @@ int hostapd_init_wps(struct hostapd_data - - if (conf->wpa_pairwise & WPA_CIPHER_CCMP) - wps->encr_types |= WPS_ENCR_AES; -- if (conf->wpa_pairwise & WPA_CIPHER_TKIP) -+ else if (conf->wpa_pairwise & WPA_CIPHER_TKIP) - wps->encr_types |= WPS_ENCR_TKIP; - } - + wps->encr_types_rsn |= WPS_ENCR_TKIP; + } diff --git a/package/network/services/hostapd/patches/410-limit_debug_messages.patch b/package/network/services/hostapd/patches/410-limit_debug_messages.patch index da887321c6..a48b6962ee 100644 --- a/package/network/services/hostapd/patches/410-limit_debug_messages.patch +++ b/package/network/services/hostapd/patches/410-limit_debug_messages.patch @@ -64,7 +64,7 @@ #ifdef CONFIG_DEBUG_FILE static char *last_path = NULL; #endif /* CONFIG_DEBUG_FILE */ -@@ -602,7 +576,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_ +@@ -604,7 +578,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_ } @@ -73,7 +73,7 @@ { va_list ap; char *buf; -@@ -640,7 +614,7 @@ void wpa_msg(void *ctx, int level, const +@@ -642,7 +616,7 @@ void wpa_msg(void *ctx, int level, const } @@ -183,7 +183,7 @@ /* * wpa_dbg() behaves like wpa_msg(), but it can be removed from build to reduce -@@ -181,7 +222,12 @@ void wpa_hexdump_ascii_key(int level, co +@@ -182,7 +223,12 @@ void wpa_hexdump_ascii_key(int level, co * * Note: New line '\n' is added to the end of the text when printing to stdout. */ @@ -197,7 +197,7 @@ /** * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors -@@ -195,8 +241,13 @@ void wpa_msg(void *ctx, int level, const +@@ -196,8 +242,13 @@ void wpa_msg(void *ctx, int level, const * attached ctrl_iface monitors. In other words, it can be used for frequent * events that do not need to be sent to syslog. */ diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch index 64c92df6bb..234537a7bc 100644 --- a/package/network/services/hostapd/patches/420-indicate-features.patch +++ b/package/network/services/hostapd/patches/420-indicate-features.patch @@ -8,16 +8,16 @@ #include "crypto/random.h" #include "crypto/tls.h" #include "common/version.h" -@@ -567,7 +568,7 @@ int main(int argc, char *argv[]) +@@ -593,7 +594,7 @@ int main(int argc, char *argv[]) wpa_supplicant_event = hostapd_wpa_event; for (;;) { -- c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:"); -+ c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:g:G:v::"); +- c = getopt(argc, argv, "b:Bde:f:hKP:STtu:vg:G:"); ++ c = getopt(argc, argv, "b:Bde:f:hKP:STtu:g:G:v::"); if (c < 0) break; switch (c) { -@@ -604,6 +605,8 @@ int main(int argc, char *argv[]) +@@ -630,6 +631,8 @@ int main(int argc, char *argv[]) break; #endif /* CONFIG_DEBUG_LINUX_TRACING */ case 'v': @@ -33,10 +33,10 @@ #include "common.h" +#include "build_features.h" + #include "fst/fst.h" #include "wpa_supplicant_i.h" #include "driver_i.h" - #include "p2p_supplicant.h" -@@ -176,7 +177,7 @@ int main(int argc, char *argv[]) +@@ -177,7 +178,7 @@ int main(int argc, char *argv[]) for (;;) { c = getopt(argc, argv, @@ -45,7 +45,7 @@ if (c < 0) break; switch (c) { -@@ -279,8 +280,12 @@ int main(int argc, char *argv[]) +@@ -280,8 +281,12 @@ int main(int argc, char *argv[]) break; #endif /* CONFIG_DBUS */ case 'v': diff --git a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch index 85d2e1603b..9ecd78609b 100644 --- a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch +++ b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch @@ -1,6 +1,6 @@ --- a/hostapd/hostapd_cli.c +++ b/hostapd/hostapd_cli.c -@@ -67,7 +67,6 @@ static const char *commands_help = +@@ -68,7 +68,6 @@ static const char *const commands_help = #ifdef CONFIG_IEEE80211W " sa_query send SA Query to a station\n" #endif /* CONFIG_IEEE80211W */ @@ -8,7 +8,7 @@ " wps_pin [timeout] [addr] add WPS Enrollee PIN\n" " wps_check_pin verify PIN checksum\n" " wps_pbc indicate button pushed to initiate PBC\n" -@@ -80,7 +79,6 @@ static const char *commands_help = +@@ -81,7 +80,6 @@ static const char *const commands_help = " wps_ap_pin [params..] enable/disable AP PIN\n" " wps_config configure AP\n" " wps_get_status show current WPS status\n" @@ -16,7 +16,7 @@ " get_config show current configuration\n" " help show this usage help\n" " interface [ifname] show interfaces/select interface\n" -@@ -353,7 +351,6 @@ static int hostapd_cli_cmd_sa_query(stru +@@ -364,7 +362,6 @@ static int hostapd_cli_cmd_sa_query(stru #endif /* CONFIG_IEEE80211W */ @@ -24,7 +24,7 @@ static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc, char *argv[]) { -@@ -579,7 +576,6 @@ static int hostapd_cli_cmd_wps_config(st +@@ -590,7 +587,6 @@ static int hostapd_cli_cmd_wps_config(st ssid_hex, argv[1]); return wpa_ctrl_command(ctrl, buf); } @@ -32,7 +32,7 @@ static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc, -@@ -1027,7 +1023,6 @@ static struct hostapd_cli_cmd hostapd_cl +@@ -1086,7 +1082,6 @@ static const struct hostapd_cli_cmd host #ifdef CONFIG_IEEE80211W { "sa_query", hostapd_cli_cmd_sa_query }, #endif /* CONFIG_IEEE80211W */ @@ -40,7 +40,7 @@ { "wps_pin", hostapd_cli_cmd_wps_pin }, { "wps_check_pin", hostapd_cli_cmd_wps_check_pin }, { "wps_pbc", hostapd_cli_cmd_wps_pbc }, -@@ -1041,7 +1036,6 @@ static struct hostapd_cli_cmd hostapd_cl +@@ -1100,7 +1095,6 @@ static const struct hostapd_cli_cmd host { "wps_ap_pin", hostapd_cli_cmd_wps_ap_pin }, { "wps_config", hostapd_cli_cmd_wps_config }, { "wps_get_status", hostapd_cli_cmd_wps_get_status }, diff --git a/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch b/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch index 874ff4bccc..256f6b5977 100644 --- a/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch +++ b/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch @@ -1,13 +1,12 @@ --- a/wpa_supplicant/wpa_cli.c +++ b/wpa_supplicant/wpa_cli.c -@@ -26,6 +26,10 @@ +@@ -25,6 +25,9 @@ + #include #endif /* ANDROID */ - +#ifndef CONFIG_P2P +#define CONFIG_P2P +#endif -+ - static const char *wpa_cli_version = + + static const char *const wpa_cli_version = "wpa_cli v" VERSION_STR "\n" - "Copyright (c) 2004-2015, Jouni Malinen and contributors"; diff --git a/package/network/services/hostapd/patches/440-max_num_sta_probe.patch b/package/network/services/hostapd/patches/440-max_num_sta_probe.patch deleted file mode 100644 index 74aef26d64..0000000000 --- a/package/network/services/hostapd/patches/440-max_num_sta_probe.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- a/src/ap/beacon.c -+++ b/src/ap/beacon.c -@@ -664,6 +664,10 @@ void handle_probe_req(struct hostapd_dat - return; - } - -+ if (!sta && hapd->num_sta >= hapd->conf->max_num_sta) -+ wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " ignored," -+ " too many connected stations.", MAC2STR(mgmt->sa)); -+ - #ifdef CONFIG_INTERWORKING - if (hapd->conf->interworking && - elems.interworking && elems.interworking_len >= 1) { diff --git a/package/network/services/hostapd/patches/450-scan_wait.patch b/package/network/services/hostapd/patches/450-scan_wait.patch index 87ebd4552f..192006a872 100644 --- a/package/network/services/hostapd/patches/450-scan_wait.patch +++ b/package/network/services/hostapd/patches/450-scan_wait.patch @@ -1,6 +1,6 @@ --- a/hostapd/main.c +++ b/hostapd/main.c -@@ -36,6 +36,8 @@ struct hapd_global { +@@ -37,6 +37,8 @@ struct hapd_global { }; static struct hapd_global global; @@ -9,7 +9,7 @@ #ifndef CONFIG_NO_HOSTAPD_LOGGER -@@ -142,6 +144,14 @@ static void hostapd_logger_cb(void *ctx, +@@ -143,6 +145,14 @@ static void hostapd_logger_cb(void *ctx, } #endif /* CONFIG_NO_HOSTAPD_LOGGER */ @@ -24,7 +24,7 @@ /** * hostapd_driver_init - Preparate driver interface -@@ -160,6 +170,8 @@ static int hostapd_driver_init(struct ho +@@ -161,6 +171,8 @@ static int hostapd_driver_init(struct ho return -1; } @@ -33,7 +33,7 @@ /* Initialize the driver interface */ if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5])) b = NULL; -@@ -381,8 +393,6 @@ static void hostapd_global_deinit(const +@@ -382,8 +394,6 @@ static void hostapd_global_deinit(const #endif /* CONFIG_NATIVE_WINDOWS */ eap_server_unregister_methods(); @@ -42,7 +42,7 @@ } -@@ -408,11 +418,6 @@ static int hostapd_global_run(struct hap +@@ -409,11 +419,6 @@ static int hostapd_global_run(struct hap } #endif /* EAP_SERVER_TNC */ @@ -54,7 +54,7 @@ eloop_run(); return 0; -@@ -542,8 +547,7 @@ int main(int argc, char *argv[]) +@@ -566,8 +571,7 @@ int main(int argc, char *argv[]) struct hapd_interfaces interfaces; int ret = 1; size_t i, j; diff --git a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch index 217e701501..426ffc5148 100644 --- a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch +++ b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch @@ -20,9 +20,9 @@ Signed-hostap: Antonio Quartulli +#include "drivers/nl80211_copy.h" #include "common/defs.h" + #include "common/ieee802_11_defs.h" #include "utils/list.h" - -@@ -538,6 +539,9 @@ struct wpa_driver_associate_params { +@@ -570,6 +571,9 @@ struct wpa_driver_associate_params { * responsible for selecting with which BSS to associate. */ const u8 *bssid; @@ -34,15 +34,15 @@ Signed-hostap: Antonio Quartulli * --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c -@@ -15,6 +15,7 @@ - #include "rsn_supp/wpa.h" +@@ -16,6 +16,7 @@ #include "eap_peer/eap.h" #include "p2p/p2p.h" + #include "fst/fst.h" +#include "drivers/nl80211_copy.h" #include "config.h" -@@ -1722,6 +1723,97 @@ static char * wpa_config_write_mesh_basi +@@ -1742,6 +1743,97 @@ static char * wpa_config_write_mesh_basi #endif /* CONFIG_MESH */ @@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli /* Helper macros for network block parser */ #ifdef OFFSET -@@ -1947,6 +2039,9 @@ static const struct parse_data ssid_fiel +@@ -1973,6 +2065,9 @@ static const struct parse_data ssid_fiel { INT(ap_max_inactivity) }, { INT(dtim_period) }, { INT(beacon_int) }, @@ -158,9 +158,9 @@ Signed-hostap: Antonio Quartulli #include "eap_peer/eap_config.h" +#include "drivers/nl80211_copy.h" - #define MAX_SSID_LEN 32 -@@ -675,6 +676,9 @@ struct wpa_ssid { + #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1) +@@ -698,6 +699,9 @@ struct wpa_ssid { */ void *parent_cred; @@ -172,7 +172,7 @@ Signed-hostap: Antonio Quartulli * macsec_policy - Determines the policy for MACsec secure session --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -2266,6 +2266,13 @@ static void wpas_start_assoc_cb(struct w +@@ -2421,6 +2421,13 @@ static void wpas_start_assoc_cb(struct w params.beacon_int = ssid->beacon_int; else params.beacon_int = wpa_s->conf->beacon_int; diff --git a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch index 730cc31650..faff3225cf 100644 --- a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch +++ b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch @@ -10,7 +10,7 @@ Signed-hostap: Antonio Quartulli --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -4398,7 +4398,7 @@ static int wpa_driver_nl80211_ibss(struc +@@ -4491,7 +4491,7 @@ static int wpa_driver_nl80211_ibss(struc struct wpa_driver_associate_params *params) { struct nl_msg *msg; @@ -19,7 +19,7 @@ Signed-hostap: Antonio Quartulli int count = 0; wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); -@@ -4425,6 +4425,37 @@ retry: +@@ -4518,6 +4518,37 @@ retry: nl80211_put_beacon_int(msg, params->beacon_int)) goto fail; diff --git a/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch b/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch index 30bb2dc14c..62ce84e635 100644 --- a/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch +++ b/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch @@ -16,7 +16,7 @@ Signed-off-by: Antonio Quartulli --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -541,6 +541,8 @@ struct wpa_driver_associate_params { +@@ -573,6 +573,8 @@ struct wpa_driver_associate_params { unsigned char rates[NL80211_MAX_SUPP_RATES]; int mcast_rate; @@ -27,7 +27,7 @@ Signed-off-by: Antonio Quartulli * bssid_hint - BSSID of a proposed AP --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -4456,6 +4456,22 @@ retry: +@@ -4549,6 +4549,22 @@ retry: nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate); } @@ -52,7 +52,7 @@ Signed-off-by: Antonio Quartulli goto fail; --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c -@@ -1754,6 +1754,71 @@ static char * wpa_config_write_mcast_rat +@@ -1774,6 +1774,71 @@ static char * wpa_config_write_mcast_rat } #endif /* NO_CONFIG_WRITE */ @@ -124,7 +124,7 @@ Signed-off-by: Antonio Quartulli static int wpa_config_parse_rates(const struct parse_data *data, struct wpa_ssid *ssid, int line, const char *value) -@@ -2042,6 +2107,7 @@ static const struct parse_data ssid_fiel +@@ -2068,6 +2133,7 @@ static const struct parse_data ssid_fiel { INT_RANGE(fixed_freq, 0, 1) }, { FUNC(rates) }, { FUNC(mcast_rate) }, @@ -134,7 +134,7 @@ Signed-off-by: Antonio Quartulli #endif /* CONFIG_MACSEC */ --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h -@@ -678,6 +678,8 @@ struct wpa_ssid { +@@ -701,6 +701,8 @@ struct wpa_ssid { unsigned char rates[NL80211_MAX_SUPP_RATES]; double mcast_rate; @@ -145,7 +145,7 @@ Signed-off-by: Antonio Quartulli /** --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -2273,6 +2273,8 @@ static void wpas_start_assoc_cb(struct w +@@ -2428,6 +2428,8 @@ static void wpas_start_assoc_cb(struct w i++; } params.mcast_rate = ssid->mcast_rate; diff --git a/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch b/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch deleted file mode 100644 index e6bbdddc50..0000000000 --- a/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/ap/sta_info.h -+++ b/src/ap/sta_info.h -@@ -179,7 +179,7 @@ struct sta_info { - * AP_DISASSOC_DELAY seconds. Similarly, the station will be deauthenticated - * after AP_DEAUTH_DELAY seconds has passed after disassociation. */ - #define AP_MAX_INACTIVITY (5 * 60) --#define AP_DISASSOC_DELAY (1) -+#define AP_DISASSOC_DELAY (3) - #define AP_DEAUTH_DELAY (1) - /* Number of seconds to keep STA entry with Authenticated flag after it has - * been disassociated. */ diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch index df2eac873c..0a61aeff86 100644 --- a/package/network/services/hostapd/patches/600-ubus_support.patch +++ b/package/network/services/hostapd/patches/600-ubus_support.patch @@ -1,6 +1,6 @@ --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -121,6 +121,11 @@ OBJS += ../src/common/hw_features_common +@@ -155,6 +155,11 @@ OBJS += ../src/common/hw_features_common OBJS += ../src/eapol_auth/eapol_auth_sm.o @@ -22,7 +22,7 @@ struct wpa_ctrl_dst; struct radius_server_data; -@@ -103,6 +104,7 @@ struct hostapd_data { +@@ -107,6 +108,7 @@ struct hostapd_data { struct hostapd_iface *iface; struct hostapd_config *iconf; struct hostapd_bss_config *conf; @@ -30,7 +30,7 @@ int interface_added; /* virtual interface added for this BSS */ unsigned int started:1; unsigned int disabled:1; -@@ -286,6 +288,8 @@ struct hostapd_iface { +@@ -299,6 +301,8 @@ struct hostapd_iface { struct hostapd_config *conf; char phy[16]; /* Name of the PHY (radio) */ @@ -41,7 +41,7 @@ HAPD_IFACE_DISABLED, --- /dev/null +++ b/src/ap/ubus.c -@@ -0,0 +1,511 @@ +@@ -0,0 +1,536 @@ +/* + * hostapd / ubus support + * Copyright (c) 2013, Felix Fietkau @@ -58,6 +58,8 @@ +#include "wps_hostapd.h" +#include "sta_info.h" +#include "ubus.h" ++#include "ap_drv_ops.h" ++#include "beacon.h" + +static struct ubus_context *ctx; +static struct blob_buf b; @@ -417,6 +419,10 @@ +{ + struct blob_attr *tb[__VENDOR_ELEMENTS_MAX]; + struct hostapd_data *hapd = get_hapd_from_object(obj); ++ struct hostapd_bss_config *bss = hapd->conf; ++ struct wpabuf *elems; ++ const char *pos; ++ size_t len; + + blobmsg_parse(ve_policy, __VENDOR_ELEMENTS_MAX, tb, + blob_data(msg), blob_len(msg)); @@ -424,10 +430,29 @@ + if (!tb[VENDOR_ELEMENTS]) + return UBUS_STATUS_INVALID_ARGUMENT; + -+ const char *vendor_elements = blobmsg_data(tb[VENDOR_ELEMENTS]); -+ if (hostapd_set_iface(hapd->iconf, hapd->conf, "vendor_elements", -+ vendor_elements) != 0) -+ return UBUS_STATUS_NOT_SUPPORTED; ++ pos = blobmsg_data(tb[VENDOR_ELEMENTS]); ++ len = os_strlen(pos); ++ if (len & 0x01) ++ return UBUS_STATUS_INVALID_ARGUMENT; ++ ++ len /= 2; ++ if (len == 0) { ++ wpabuf_free(bss->vendor_elements); ++ bss->vendor_elements = NULL; ++ return 0; ++ } ++ ++ elems = wpabuf_alloc(len); ++ if (elems == NULL) ++ return 1; ++ ++ if (hexstr2bin(pos, wpabuf_put(elems, len), len)) { ++ wpabuf_free(elems); ++ return UBUS_STATUS_INVALID_ARGUMENT; ++ } ++ ++ wpabuf_free(bss->vendor_elements); ++ bss->vendor_elements = elems; + + /* update beacons if vendor elements were set successfully */ + if (ieee802_11_update_beacons(hapd->iface) != 0) @@ -636,7 +661,7 @@ +#endif --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -277,6 +277,7 @@ static void hostapd_free_hapd_data(struc +@@ -280,6 +280,7 @@ static void hostapd_free_hapd_data(struc hapd->started = 0; wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface); @@ -644,7 +669,7 @@ iapp_deinit(hapd->iapp); hapd->iapp = NULL; accounting_deinit(hapd); -@@ -1098,6 +1099,8 @@ static int hostapd_setup_bss(struct host +@@ -1118,6 +1119,8 @@ static int hostapd_setup_bss(struct host if (hapd->driver && hapd->driver->set_operstate) hapd->driver->set_operstate(hapd->drv_priv, 1); @@ -653,7 +678,7 @@ return 0; } -@@ -1384,6 +1387,7 @@ int hostapd_setup_interface_complete(str +@@ -1523,6 +1526,7 @@ static int hostapd_setup_interface_compl if (err) goto fail; @@ -661,15 +686,15 @@ wpa_printf(MSG_DEBUG, "Completing interface initialization"); if (iface->conf->channel) { #ifdef NEED_AP_MLME -@@ -1544,6 +1548,7 @@ dfs_offload: +@@ -1700,6 +1704,7 @@ dfs_offload: fail: wpa_printf(MSG_ERROR, "Interface initialization failed"); + hostapd_ubus_free_iface(iface); hostapd_set_state(iface, HAPD_IFACE_DISABLED); wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED); - if (iface->interfaces && iface->interfaces->terminate_on_error) -@@ -1873,6 +1878,7 @@ void hostapd_interface_deinit_free(struc + #ifdef CONFIG_FST +@@ -2125,6 +2130,7 @@ void hostapd_interface_deinit_free(struc (unsigned int) iface->conf->num_bss); driver = iface->bss[0]->driver; drv_priv = iface->bss[0]->drv_priv; @@ -679,7 +704,7 @@ __func__, driver, drv_priv); --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c -@@ -881,7 +881,8 @@ int auth_sae_init_committed(struct hosta +@@ -877,7 +877,8 @@ int auth_sae_init_committed(struct hosta static void handle_auth(struct hostapd_data *hapd, @@ -689,7 +714,7 @@ { u16 auth_alg, auth_transaction, status_code; u16 resp = WLAN_STATUS_SUCCESS; -@@ -897,6 +898,11 @@ static void handle_auth(struct hostapd_d +@@ -893,6 +894,11 @@ static void handle_auth(struct hostapd_d char *identity = NULL; char *radius_cui = NULL; u16 seq_ctrl; @@ -701,7 +726,7 @@ if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", -@@ -983,6 +989,14 @@ static void handle_auth(struct hostapd_d +@@ -1044,6 +1050,14 @@ static void handle_auth(struct hostapd_d resp = WLAN_STATUS_UNSPECIFIED_FAILURE; goto fail; } @@ -716,7 +741,7 @@ if (res == HOSTAPD_ACL_PENDING) { wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR " waiting for an external authentication", -@@ -1694,13 +1708,18 @@ static void send_assoc_resp(struct hosta +@@ -1776,13 +1790,18 @@ static void send_assoc_resp(struct hosta static void handle_assoc(struct hostapd_data *hapd, const struct ieee80211_mgmt *mgmt, size_t len, @@ -736,7 +761,7 @@ if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : sizeof(mgmt->u.assoc_req))) { -@@ -1820,6 +1839,13 @@ static void handle_assoc(struct hostapd_ +@@ -1902,6 +1921,13 @@ static void handle_assoc(struct hostapd_ goto fail; } @@ -750,7 +775,7 @@ sta->capability = capab_info; sta->listen_interval = listen_interval; -@@ -2236,7 +2262,7 @@ int ieee802_11_mgmt(struct hostapd_data +@@ -2328,7 +2354,7 @@ int ieee802_11_mgmt(struct hostapd_data if (stype == WLAN_FC_STYPE_PROBE_REQ) { @@ -759,7 +784,7 @@ return 1; } -@@ -2251,17 +2277,17 @@ int ieee802_11_mgmt(struct hostapd_data +@@ -2346,17 +2372,17 @@ int ieee802_11_mgmt(struct hostapd_data switch (stype) { case WLAN_FC_STYPE_AUTH: wpa_printf(MSG_DEBUG, "mgmt::auth"); @@ -782,7 +807,7 @@ case WLAN_FC_STYPE_DISASSOC: --- a/src/ap/beacon.c +++ b/src/ap/beacon.c -@@ -542,7 +542,7 @@ static enum ssid_match_result ssid_match +@@ -667,7 +667,7 @@ sta_track_seen_on(struct hostapd_iface * void handle_probe_req(struct hostapd_data *hapd, const struct ieee80211_mgmt *mgmt, size_t len, @@ -791,13 +816,14 @@ { u8 *resp; struct ieee802_11_elems elems; -@@ -550,8 +550,14 @@ void handle_probe_req(struct hostapd_dat - size_t ie_len; - struct sta_info *sta = NULL; +@@ -676,9 +676,15 @@ void handle_probe_req(struct hostapd_dat size_t i, resp_len; -+ int ssi_signal = fi->ssi_signal; int noack; enum ssid_match_result res; ++ int ssi_signal = fi->ssi_signal; + int ret; + u16 csa_offs[2]; + size_t csa_offs_len; + struct hostapd_ubus_request req = { + .type = HOSTAPD_UBUS_PROBE_REQ, + .mgmt_frame = mgmt, @@ -806,7 +832,7 @@ ie = mgmt->u.probe_req.variable; if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req)) -@@ -710,6 +716,12 @@ void handle_probe_req(struct hostapd_dat +@@ -830,6 +836,12 @@ void handle_probe_req(struct hostapd_dat } #endif /* CONFIG_P2P */ @@ -832,7 +858,7 @@ int ieee802_11_update_beacons(struct hostapd_iface *iface); --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c -@@ -49,6 +49,10 @@ int hostapd_notif_assoc(struct hostapd_d +@@ -51,6 +51,10 @@ int hostapd_notif_assoc(struct hostapd_d u16 reason = WLAN_REASON_UNSPECIFIED; u16 status = WLAN_STATUS_SUCCESS; const u8 *p2p_dev_addr = NULL; @@ -843,9 +869,9 @@ if (addr == NULL) { /* -@@ -113,6 +117,12 @@ int hostapd_notif_assoc(struct hostapd_d +@@ -123,6 +127,12 @@ int hostapd_notif_assoc(struct hostapd_d + goto fail; } - sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); + if (hostapd_ubus_handle_event(hapd, &req)) { + wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n", From 6b2ab1d36aad1d2d613bf075f844998f8bf0ef2f Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Fri, 11 Sep 2015 16:31:18 +0000 Subject: [PATCH 4/9] CC: hostapd: work around unconditional libopenssl build dependency As the OpenWrt build system only resolves build dependencies per directory, all hostapd variants were causing libopenssl to be downloaded and built, not only wpad-mesh. Fix this by applying the same workaround as in ustream-ssl. Signed-off-by: Matthias Schiffer SVN-Revision: 46851 --- package/network/services/hostapd/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 22964d5f12..1b8d083ba7 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -177,7 +177,7 @@ endef define Package/wpad-mesh $(call Package/wpad/Default) TITLE+= (with 802.11s mesh and SAE support) - DEPENDS:=$(DRV_DEPENDS) +libubus +libopenssl +@CONFIG_WPA_SUPPLICANT_OPENSSL @(!TARGET_uml||BROKEN) + DEPENDS:=$(DRV_DEPENDS) +libubus +PACKAGE_wpad-mesh:libopenssl +@CONFIG_WPA_SUPPLICANT_OPENSSL @(!TARGET_uml||BROKEN) CONFLICTS:=@WPA_SUPPLICANT_INTERNAL VARIANT:=wpad-mesh endef From 324f95d2a1174166dff97cae61ed3338eefd18bc Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Thu, 28 Jan 2016 17:19:48 +0000 Subject: [PATCH 5/9] CC: hostapd: fix wpad-mesh and wpa-supplicant-mesh configuration issues Signed-off-by: Felix Fietkau SVN-Revision: 48528 --- package/network/services/hostapd/Makefile | 19 +- .../hostapd/files/wpa_supplicant-mesh.config | 407 ------------------ 2 files changed, 9 insertions(+), 417 deletions(-) delete mode 100644 package/network/services/hostapd/files/wpa_supplicant-mesh.config diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 1b8d083ba7..4d83066ab1 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -40,6 +40,10 @@ LOCAL_TYPE=$(strip \ hostapd \ ))) LOCAL_VARIANT=$(patsubst wpad-%,%,$(patsubst supplicant-%,%,$(BUILD_VARIANT))) +CONFIG_VARIANT:=$(LOCAL_VARIANT) +ifeq ($(LOCAL_VARIANT),mesh) + CONFIG_VARIANT:=full +endif ifeq ($(LOCAL_TYPE),supplicant) ifeq ($(LOCAL_VARIANT),full) @@ -47,10 +51,6 @@ ifeq ($(LOCAL_TYPE),supplicant) CONFIG_WPA_SUPPLICANT_INTERNAL \ CONFIG_WPA_SUPPLICANT_OPENSSL endif - ifeq ($(LOCAL_VARIANT),mesh) - PKG_CONFIG_DEPENDS += \ - CONFIG_WPA_SUPPLICANT_OPENSSL - endif endif PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) @@ -82,7 +82,7 @@ ifneq ($(LOCAL_TYPE),hostapd) endif endif ifeq ($(LOCAL_VARIANT),mesh) - DRIVER_MAKEOPTS += CONFIG_TLS=openssl + DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_AP=y CONFIG_SAE=y CONFIG_MESH=y TARGET_LDFLAGS += -lcrypto -lssl endif ifdef CONFIG_WPA_SUPPLICANT_NO_TIMESTAMP_CHECK @@ -177,8 +177,7 @@ endef define Package/wpad-mesh $(call Package/wpad/Default) TITLE+= (with 802.11s mesh and SAE support) - DEPENDS:=$(DRV_DEPENDS) +libubus +PACKAGE_wpad-mesh:libopenssl +@CONFIG_WPA_SUPPLICANT_OPENSSL @(!TARGET_uml||BROKEN) - CONFLICTS:=@WPA_SUPPLICANT_INTERNAL + DEPENDS:=$(DRV_DEPENDS) +libubus +PACKAGE_wpad-mesh:libopenssl @(!TARGET_uml||BROKEN) VARIANT:=wpad-mesh endef @@ -284,10 +283,10 @@ endif define Build/Configure $(Build/Configure/rebuild) - $(if $(wildcard ./files/hostapd-$(LOCAL_VARIANT).config), \ - $(CP) ./files/hostapd-$(LOCAL_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \ + $(if $(wildcard ./files/hostapd-$(CONFIG_VARIANT).config), \ + $(CP) ./files/hostapd-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \ ) - $(CP) ./files/wpa_supplicant-$(LOCAL_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config + $(CP) ./files/wpa_supplicant-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config endef TARGET_CPPFLAGS := \ diff --git a/package/network/services/hostapd/files/wpa_supplicant-mesh.config b/package/network/services/hostapd/files/wpa_supplicant-mesh.config deleted file mode 100644 index 36e29088c4..0000000000 --- a/package/network/services/hostapd/files/wpa_supplicant-mesh.config +++ /dev/null @@ -1,407 +0,0 @@ -# Example wpa_supplicant build time configuration -# -# This file lists the configuration options that are used when building the -# hostapd binary. All lines starting with # are ignored. Configuration option -# lines must be commented out complete, if they are not to be included, i.e., -# just setting VARIABLE=n is not disabling that variable. -# -# This file is included in Makefile, so variables like CFLAGS and LIBS can also -# be modified from here. In most cases, these lines should use += in order not -# to override previous values of the variables. - - -# Uncomment following two lines and fix the paths if you have installed OpenSSL -# or GnuTLS in non-default location -#CFLAGS += -I/usr/local/openssl/include -#LIBS += -L/usr/local/openssl/lib - -# Some Red Hat versions seem to include kerberos header files from OpenSSL, but -# the kerberos files are not in the default include path. Following line can be -# used to fix build issues on such systems (krb5.h not found). -#CFLAGS += -I/usr/include/kerberos - -# Example configuration for various cross-compilation platforms - -#### sveasoft (e.g., for Linksys WRT54G) ###################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS += -I../src/include -I../../src/router/openssl/include -#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl -############################################################################### - -#### openwrt (e.g., for Linksys WRT54G) ####################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ -# -I../WRT54GS/release/src/include -#LIBS = -lssl -############################################################################### - - -# Driver interface for Host AP driver -CONFIG_DRIVER_HOSTAP=y - -# Driver interface for Agere driver -#CONFIG_DRIVER_HERMES=y -# Change include directories to match with the local setup -#CFLAGS += -I../../hcf -I../../include -I../../include/hcf -#CFLAGS += -I../../include/wireless - -# Driver interface for ndiswrapper -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_NDISWRAPPER=y - -# Driver interface for Atmel driver -# CONFIG_DRIVER_ATMEL=y - -# Driver interface for old Broadcom driver -# Please note that the newer Broadcom driver ("hybrid Linux driver") supports -# Linux wireless extensions and does not need (or even work) with the old -# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. -#CONFIG_DRIVER_BROADCOM=y -# Example path for wlioctl.h; change to match your configuration -#CFLAGS += -I/opt/WRT54GS/release/src/include - -# Driver interface for Intel ipw2100/2200 driver -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_IPW=y - -# Driver interface for Ralink driver -#CONFIG_DRIVER_RALINK=y - -# Driver interface for generic Linux wireless extensions -CONFIG_DRIVER_WEXT=y - -# Driver interface for Linux drivers using the nl80211 kernel interface -CONFIG_DRIVER_NL80211=y - -# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) -#CONFIG_DRIVER_BSD=y -#CFLAGS += -I/usr/local/include -#LIBS += -L/usr/local/lib -#LIBS_p += -L/usr/local/lib -#LIBS_c += -L/usr/local/lib - -# Driver interface for Windows NDIS -#CONFIG_DRIVER_NDIS=y -#CFLAGS += -I/usr/include/w32api/ddk -#LIBS += -L/usr/local/lib -# For native build using mingw -#CONFIG_NATIVE_WINDOWS=y -# Additional directories for cross-compilation on Linux host for mingw target -#CFLAGS += -I/opt/mingw/mingw32/include/ddk -#LIBS += -L/opt/mingw/mingw32/lib -#CC=mingw32-gcc -# By default, driver_ndis uses WinPcap for low-level operations. This can be -# replaced with the following option which replaces WinPcap calls with NDISUIO. -# However, this requires that WZC is disabled (net stop wzcsvc) before starting -# wpa_supplicant. -# CONFIG_USE_NDISUIO=y - -# Driver interface for development testing -#CONFIG_DRIVER_TEST=y - -# Include client MLME (management frame processing) for test driver -# This can be used to test MLME operations in hostapd with the test interface. -# space. -#CONFIG_CLIENT_MLME=y - -# Driver interface for wired Ethernet drivers -CONFIG_DRIVER_WIRED=y - -# Driver interface for the Broadcom RoboSwitch family -#CONFIG_DRIVER_ROBOSWITCH=y - -# Driver interface for no driver (e.g., WPS ER only) -#CONFIG_DRIVER_NONE=y - -# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is -# included) -CONFIG_IEEE8021X_EAPOL=y - -# EAP-MD5 -CONFIG_EAP_MD5=y - -# EAP-MSCHAPv2 -CONFIG_EAP_MSCHAPV2=y - -# EAP-TLS -CONFIG_EAP_TLS=y - -# EAL-PEAP -CONFIG_EAP_PEAP=y - -# EAP-TTLS -CONFIG_EAP_TTLS=y - -# EAP-FAST -# Note: Default OpenSSL package does not include support for all the -# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, -# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch) -# to add the needed functions. -#CONFIG_EAP_FAST=y - -# EAP-GTC -CONFIG_EAP_GTC=y - -# EAP-OTP -CONFIG_EAP_OTP=y - -# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) -#CONFIG_EAP_SIM=y - -# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) -#CONFIG_EAP_PSK=y - -# EAP-PAX -#CONFIG_EAP_PAX=y - -# LEAP -CONFIG_EAP_LEAP=y - -# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) -#CONFIG_EAP_AKA=y - -# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). -# This requires CONFIG_EAP_AKA to be enabled, too. -#CONFIG_EAP_AKA_PRIME=y - -# Enable USIM simulator (Milenage) for EAP-AKA -#CONFIG_USIM_SIMULATOR=y - -# EAP-SAKE -#CONFIG_EAP_SAKE=y - -# EAP-GPSK -#CONFIG_EAP_GPSK=y -# Include support for optional SHA256 cipher suite in EAP-GPSK -#CONFIG_EAP_GPSK_SHA256=y - -# EAP-TNC and related Trusted Network Connect support (experimental) -#CONFIG_EAP_TNC=y - -# Wi-Fi Protected Setup (WPS) -CONFIG_WPS=y - -# EAP-IKEv2 -#CONFIG_EAP_IKEV2=y - -# PKCS#12 (PFX) support (used to read private key and certificate file from -# a file that usually has extension .p12 or .pfx) -CONFIG_PKCS12=y - -# Smartcard support (i.e., private key on a smartcard), e.g., with openssl -# engine. -CONFIG_SMARTCARD=y - -# PC/SC interface for smartcards (USIM, GSM SIM) -# Enable this if EAP-SIM or EAP-AKA is included -#CONFIG_PCSC=y - -# Development testing -#CONFIG_EAPOL_TEST=y - -# Select control interface backend for external programs, e.g, wpa_cli: -# unix = UNIX domain sockets (default for Linux/*BSD) -# udp = UDP sockets using localhost (127.0.0.1) -# named_pipe = Windows Named Pipe (default for Windows) -# y = use default (backwards compatibility) -# If this option is commented out, control interface is not included in the -# build. -CONFIG_CTRL_IFACE=y - -# Include support for GNU Readline and History Libraries in wpa_cli. -# When building a wpa_cli binary for distribution, please note that these -# libraries are licensed under GPL and as such, BSD license may not apply for -# the resulting binary. -#CONFIG_READLINE=y - -# Remove debugging code that is printing out debug message to stdout. -# This can be used to reduce the size of the wpa_supplicant considerably -# if debugging code is not needed. The size reduction can be around 35% -# (e.g., 90 kB). -#CONFIG_NO_STDOUT_DEBUG=y - -# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save -# 35-50 kB in code size. -#CONFIG_NO_WPA=y - -# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to -# save about 1 kB in code size when building only WPA-Personal (no EAP support) -# or 6 kB if building for WPA-Enterprise. -#CONFIG_NO_WPA2=y - -# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support -# This option can be used to reduce code size by removing support for -# converting ASCII passphrases into PSK. If this functionality is removed, the -# PSK can only be configured as the 64-octet hexstring (e.g., from -# wpa_passphrase). This saves about 0.5 kB in code size. -#CONFIG_NO_WPA_PASSPHRASE=y - -# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. -# This can be used if ap_scan=1 mode is never enabled. -#CONFIG_NO_SCAN_PROCESSING=y - -# Select configuration backend: -# file = text file (e.g., wpa_supplicant.conf; note: the configuration file -# path is given on command line, not here; this option is just used to -# select the backend that allows configuration files to be used) -# winreg = Windows registry (see win_example.reg for an example) -CONFIG_BACKEND=file - -# Remove configuration write functionality (i.e., to allow the configuration -# file to be updated based on runtime configuration changes). The runtime -# configuration can still be changed, the changes are just not going to be -# persistent over restarts. This option can be used to reduce code size by -# about 3.5 kB. -#CONFIG_NO_CONFIG_WRITE=y - -# Remove support for configuration blobs to reduce code size by about 1.5 kB. -#CONFIG_NO_CONFIG_BLOBS=y - -# Select program entry point implementation: -# main = UNIX/POSIX like main() function (default) -# main_winsvc = Windows service (read parameters from registry) -# main_none = Very basic example (development use only) -#CONFIG_MAIN=main - -# Select wrapper for operatins system and C library specific functions -# unix = UNIX/POSIX like systems (default) -# win32 = Windows systems -# none = Empty template -#CONFIG_OS=unix - -# Select event loop implementation -# eloop = select() loop (default) -# eloop_win = Windows events and WaitForMultipleObject() loop -# eloop_none = Empty template -#CONFIG_ELOOP=eloop - -# Select layer 2 packet implementation -# linux = Linux packet socket (default) -# pcap = libpcap/libdnet/WinPcap -# freebsd = FreeBSD libpcap -# winpcap = WinPcap with receive thread -# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) -# none = Empty template -#CONFIG_L2_PACKET=linux - -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - -# IEEE 802.11w (management frame protection) -# This version is an experimental implementation based on IEEE 802.11w/D1.0 -# draft and is subject to change since the standard has not yet been finalized. -# Driver support is also needed for IEEE 802.11w. -CONFIG_IEEE80211W=y - -# Select TLS implementation -# openssl = OpenSSL (default) -# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) -# internal = Internal TLSv1 implementation (experimental) -# none = Empty template -CONFIG_TLS=internal - -# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. -# You need CONFIG_TLS=gnutls for this to have any effect. Please note that -# even though the core GnuTLS library is released under LGPL, this extra -# library uses GPL and as such, the terms of GPL apply to the combination -# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not -# apply for distribution of the resulting binary. -#CONFIG_GNUTLS_EXTRA=y - -# If CONFIG_TLS=internal is used, additional library and include paths are -# needed for LibTomMath. Alternatively, an integrated, minimal version of -# LibTomMath can be used. See beginning of libtommath.c for details on benefits -# and drawbacks of this option. -CONFIG_INTERNAL_LIBTOMMATH=y -#ifndef CONFIG_INTERNAL_LIBTOMMATH -#LTM_PATH=/usr/src/libtommath-0.39 -#CFLAGS += -I$(LTM_PATH) -#LIBS += -L$(LTM_PATH) -#LIBS_p += -L$(LTM_PATH) -#endif -# At the cost of about 4 kB of additional binary size, the internal LibTomMath -# can be configured to include faster routines for exptmod, sqr, and div to -# speed up DH and RSA calculation considerably -CONFIG_INTERNAL_LIBTOMMATH_FAST=y - -# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. -# This is only for Windows builds and requires WMI-related header files and -# WbemUuid.Lib from Platform SDK even when building with MinGW. -#CONFIG_NDIS_EVENTS_INTEGRATED=y -#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" - -# Add support for old DBus control interface -# (fi.epitest.hostap.WPASupplicant) -#CONFIG_CTRL_IFACE_DBUS=y - -# Add support for new DBus control interface -# (fi.w1.hostap.wpa_supplicant1) -#CONFIG_CTRL_IFACE_DBUS_NEW=y - -# Add introspection support for new DBus control interface -#CONFIG_CTRL_IFACE_DBUS_INTRO=y - -# Add support for loading EAP methods dynamically as shared libraries. -# When this option is enabled, each EAP method can be either included -# statically (CONFIG_EAP_=y) or dynamically (CONFIG_EAP_=dyn). -# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to -# be loaded in the beginning of the wpa_supplicant configuration file -# (see load_dynamic_eap parameter in the example file) before being used in -# the network blocks. -# -# Note that some shared parts of EAP methods are included in the main program -# and in order to be able to use dynamic EAP methods using these parts, the -# main program must have been build with the EAP method enabled (=y or =dyn). -# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries -# unless at least one of them was included in the main build to force inclusion -# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included -# in the main build to be able to load these methods dynamically. -# -# Please also note that using dynamic libraries will increase the total binary -# size. Thus, it may not be the best option for targets that have limited -# amount of memory/flash. -#CONFIG_DYNAMIC_EAP_METHODS=y - -# IEEE Std 802.11r-2008 (Fast BSS Transition) -#CONFIG_IEEE80211R=y - -# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) -#CONFIG_DEBUG_FILE=y - -# Enable privilege separation (see README 'Privilege separation' for details) -#CONFIG_PRIVSEP=y - -# Enable mitigation against certain attacks against TKIP by delaying Michael -# MIC error reports by a random amount of time between 0 and 60 seconds -#CONFIG_DELAYED_MIC_ERROR_REPORT=y - -# Enable tracing code for developer debugging -# This tracks use of memory allocations and other registrations and reports -# incorrect use with a backtrace of call (or allocation) location. -#CONFIG_WPA_TRACE=y -# For BSD, comment out these. -#LIBS += -lexecinfo -#LIBS_p += -lexecinfo -#LIBS_c += -lexecinfo - -# Use libbfd to get more details for developer debugging -# This enables use of libbfd to get more detailed symbols for the backtraces -# generated by CONFIG_WPA_TRACE=y. -#CONFIG_WPA_TRACE_BFD=y -# For BSD, comment out these. -#LIBS += -lbfd -liberty -lz -#LIBS_p += -lbfd -liberty -lz -#LIBS_c += -lbfd -liberty -lz - -CONFIG_NO_RANDOM_POOL=y -NEED_80211_COMMON=y - -CONFIG_IBSS_RSN=y - -CONFIG_MESH=y -CONFIG_SAE=y -CONFIG_AP=y From d04634f2b78323dbd47f390e8c38e459ff4b7f8c Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Thu, 28 Jan 2016 17:20:10 +0000 Subject: [PATCH 6/9] CC: hostapd: fix mesh interface bridge handling Signed-off-by: Felix Fietkau SVN-Revision: 48529 --- .../services/hostapd/patches/100-mesh_mode_fix.patch | 12 ++++++++++++ .../hostapd/patches/330-nl80211_fix_set_freq.patch | 2 +- .../hostapd/patches/350-nl80211_del_beacon_bss.patch | 12 ++++++------ ...nl80211-use-new-parameters-during-ibss-join.patch | 4 ++-- .../patches/462-wpa_s-support-htmode-param.patch | 2 +- 5 files changed, 22 insertions(+), 10 deletions(-) create mode 100644 package/network/services/hostapd/patches/100-mesh_mode_fix.patch diff --git a/package/network/services/hostapd/patches/100-mesh_mode_fix.patch b/package/network/services/hostapd/patches/100-mesh_mode_fix.patch new file mode 100644 index 0000000000..1be7559c4a --- /dev/null +++ b/package/network/services/hostapd/patches/100-mesh_mode_fix.patch @@ -0,0 +1,12 @@ +--- a/src/drivers/driver_nl80211.c ++++ b/src/drivers/driver_nl80211.c +@@ -2262,7 +2262,8 @@ wpa_driver_nl80211_finish_drv_init(struc + + if (drv->hostapd || bss->static_ap) + nlmode = NL80211_IFTYPE_AP; +- else if (bss->if_dynamic) ++ else if (bss->if_dynamic || ++ nl80211_get_ifmode(bss) == NL80211_IFTYPE_MESH_POINT) + nlmode = nl80211_get_ifmode(bss); + else + nlmode = NL80211_IFTYPE_STATION; diff --git a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch index 4738fcd632..54dec31333 100644 --- a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch +++ b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch @@ -1,6 +1,6 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -3708,7 +3708,7 @@ static int nl80211_set_channel(struct i8 +@@ -3709,7 +3709,7 @@ static int nl80211_set_channel(struct i8 freq->freq, freq->ht_enabled, freq->vht_enabled, freq->bandwidth, freq->center_freq1, freq->center_freq2); diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch index bc720230e4..2bcf49a7c6 100644 --- a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch +++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch @@ -1,6 +1,6 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -2323,13 +2323,18 @@ wpa_driver_nl80211_finish_drv_init(struc +@@ -2324,13 +2324,18 @@ wpa_driver_nl80211_finish_drv_init(struc } @@ -22,7 +22,7 @@ return send_and_recv_msgs(drv, msg, NULL, NULL); } -@@ -2380,7 +2385,7 @@ static void wpa_driver_nl80211_deinit(st +@@ -2381,7 +2386,7 @@ static void wpa_driver_nl80211_deinit(st nl80211_remove_monitor_interface(drv); if (is_ap_interface(drv->nlmode)) @@ -31,7 +31,7 @@ if (drv->eapol_sock >= 0) { eloop_unregister_read_sock(drv->eapol_sock); -@@ -4232,8 +4237,7 @@ static void nl80211_teardown_ap(struct i +@@ -4233,8 +4238,7 @@ static void nl80211_teardown_ap(struct i nl80211_remove_monitor_interface(drv); else nl80211_mgmt_unsubscribe(bss, "AP teardown"); @@ -41,7 +41,7 @@ } -@@ -6164,8 +6168,6 @@ static int wpa_driver_nl80211_if_remove( +@@ -6165,8 +6169,6 @@ static int wpa_driver_nl80211_if_remove( } else { wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); nl80211_teardown_ap(bss); @@ -50,7 +50,7 @@ nl80211_destroy_bss(bss); if (!bss->added_if) i802_set_iface_flags(bss, 0); -@@ -6527,8 +6529,7 @@ static int wpa_driver_nl80211_deinit_ap( +@@ -6528,8 +6530,7 @@ static int wpa_driver_nl80211_deinit_ap( struct wpa_driver_nl80211_data *drv = bss->drv; if (!is_ap_interface(drv->nlmode)) return -1; @@ -60,7 +60,7 @@ /* * If the P2P GO interface was dynamically added, then it is -@@ -6547,8 +6548,7 @@ static int wpa_driver_nl80211_stop_ap(vo +@@ -6548,8 +6549,7 @@ static int wpa_driver_nl80211_stop_ap(vo struct wpa_driver_nl80211_data *drv = bss->drv; if (!is_ap_interface(drv->nlmode)) return -1; diff --git a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch index faff3225cf..febbd14e21 100644 --- a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch +++ b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch @@ -10,7 +10,7 @@ Signed-hostap: Antonio Quartulli --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -4491,7 +4491,7 @@ static int wpa_driver_nl80211_ibss(struc +@@ -4492,7 +4492,7 @@ static int wpa_driver_nl80211_ibss(struc struct wpa_driver_associate_params *params) { struct nl_msg *msg; @@ -19,7 +19,7 @@ Signed-hostap: Antonio Quartulli int count = 0; wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); -@@ -4518,6 +4518,37 @@ retry: +@@ -4519,6 +4519,37 @@ retry: nl80211_put_beacon_int(msg, params->beacon_int)) goto fail; diff --git a/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch b/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch index 62ce84e635..aa2ac197e8 100644 --- a/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch +++ b/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch @@ -27,7 +27,7 @@ Signed-off-by: Antonio Quartulli * bssid_hint - BSSID of a proposed AP --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -4549,6 +4549,22 @@ retry: +@@ -4550,6 +4550,22 @@ retry: nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate); } From bb8a1d3adf9b21454869758565619b36376e8fcb Mon Sep 17 00:00:00 2001 From: Michal Hrusecky Date: Thu, 12 May 2016 14:07:15 +0200 Subject: [PATCH 7/9] CC: hostapd: Update to version 2016-05-05 Fixes CVE-2016-4476 and few possible memory leaks. Signed-off-by: Michal Hrusecky --- package/network/services/hostapd/Makefile | 4 +- .../hostapd/patches/200-multicall.patch | 116 +++++++++++++----- .../hostapd/patches/370-ap_sta_support.patch | 22 ++-- .../patches/380-disable_ctrl_iface_mib.patch | 38 +++--- .../patches/420-indicate-features.patch | 12 +- .../hostapd/patches/450-scan_wait.patch | 19 ++- .../hostapd/patches/600-ubus_support.patch | 58 ++++----- .../hostapd/patches/700-make-make-work.patch | 12 ++ 8 files changed, 179 insertions(+), 102 deletions(-) create mode 100644 package/network/services/hostapd/patches/700-make-make-work.patch diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 4d83066ab1..2465f6baa8 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -7,9 +7,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd -PKG_VERSION:=2016-01-15 +PKG_VERSION:=2016-05-05 PKG_RELEASE:=1 -PKG_REV:=e15dcf6d1bc2725388555523effca75b1ffab735 +PKG_REV:=9524e7e5a4a18539f0fb532544d2de63621b5f8b PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=git://w1.fi/srv/git/hostap.git diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch index 08f1e95a4f..49e7af74d8 100644 --- a/package/network/services/hostapd/patches/200-multicall.patch +++ b/package/network/services/hostapd/patches/200-multicall.patch @@ -1,15 +1,15 @@ --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -32,6 +32,7 @@ export BINDIR ?= /usr/local/bin/ - # CFLAGS += -DUSE_KERNEL_HEADERS -I/usr/src/linux/include +@@ -28,6 +28,7 @@ CFLAGS += -I$(abspath ../src/utils) + export BINDIR ?= /usr/local/bin/ -include .config +-include $(if $(MULTICALL), ../wpa_supplicant/.config) ifndef CONFIG_NO_GITVER # Add VERSION_STR postfix for builds from a git repository -@@ -277,10 +278,14 @@ ifdef CONFIG_IEEE80211AC - CFLAGS += -DCONFIG_IEEE80211AC +@@ -315,10 +316,14 @@ CFLAGS += -DCONFIG_MBO + OBJS += ../src/ap/mbo_ap.o endif +ifndef MULTICALL @@ -26,7 +26,7 @@ LIBS += $(DRV_AP_LIBS) ifdef CONFIG_L2_PACKET -@@ -1019,6 +1024,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) +@@ -1051,6 +1056,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) BCHECK=../src/drivers/build.hostapd @@ -39,7 +39,7 @@ hostapd: $(BCHECK) $(OBJS) $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS) @$(E) " LD " $@ -@@ -1060,6 +1071,12 @@ HOBJS += ../src/crypto/aes-internal.o +@@ -1092,6 +1103,12 @@ HOBJS += ../src/crypto/aes-internal.o HOBJS += ../src/crypto/aes-internal-enc.o endif @@ -62,7 +62,7 @@ ifndef CONFIG_NO_GITVER # Add VERSION_STR postfix for builds from a git repository -@@ -794,6 +795,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS +@@ -803,6 +804,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS LIBS += -ldl -rdynamic endif @@ -73,7 +73,7 @@ endif ifdef CONFIG_MACSEC -@@ -814,9 +819,11 @@ NEED_EAP_COMMON=y +@@ -823,9 +828,11 @@ NEED_EAP_COMMON=y NEED_RSN_AUTHENTICATOR=y CFLAGS += -DCONFIG_AP OBJS += ap.o @@ -85,7 +85,7 @@ OBJS += ../src/ap/hostapd.o OBJS += ../src/ap/wpa_auth_glue.o OBJS += ../src/ap/utils.o -@@ -879,10 +886,18 @@ endif +@@ -898,10 +905,18 @@ endif ifdef CONFIG_HS20 OBJS += ../src/ap/hs20.o endif @@ -104,7 +104,7 @@ NEED_AES_WRAP=y OBJS += ../src/ap/wpa_auth.o OBJS += ../src/ap/wpa_auth_ie.o -@@ -1657,6 +1672,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv) +@@ -1680,6 +1695,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv) $(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config @@ -117,8 +117,8 @@ wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs) $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS) @$(E) " LD " $@ -@@ -1757,6 +1778,12 @@ endif - $(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@ +@@ -1782,6 +1803,12 @@ endif + -e 's|\@DBUS_INTERFACE\@|$(DBUS_INTERFACE)|g' $< >$@ @$(E) " sed" $< +dump_cflags: @@ -132,7 +132,7 @@ wpa_cli.exe: wpa_cli --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -4707,8 +4707,8 @@ union wpa_event_data { +@@ -4775,8 +4775,8 @@ union wpa_event_data { * Driver wrapper code should call this function whenever an event is received * from the driver. */ @@ -141,11 +141,20 @@ +extern void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); + /** + * wpa_supplicant_event_global - Report a driver event for wpa_supplicant +@@ -4788,7 +4788,7 @@ void wpa_supplicant_event(void *ctx, enu + * Same as wpa_supplicant_event(), but we search for the interface in + * wpa_global. + */ +-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event, ++extern void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); /* --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c -@@ -1122,8 +1122,8 @@ static void hostapd_event_dfs_cac_starte +@@ -1144,8 +1144,8 @@ static void hostapd_event_dfs_cac_starte #endif /* NEED_AP_MLME */ @@ -156,9 +165,18 @@ { struct hostapd_data *hapd = ctx; #ifndef CONFIG_NO_STDOUT_DEBUG +@@ -1354,7 +1354,7 @@ void wpa_supplicant_event(void *ctx, enu + } + + +-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event, ++void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event, + union wpa_event_data *data) + { + struct hapd_interfaces *interfaces = ctx; --- a/wpa_supplicant/wpa_priv.c +++ b/wpa_supplicant/wpa_priv.c -@@ -932,8 +932,8 @@ static void wpa_priv_send_ft_response(st +@@ -940,8 +940,8 @@ static void wpa_priv_send_ft_response(st } @@ -169,17 +187,27 @@ { struct wpa_priv_interface *iface = ctx; -@@ -1082,6 +1082,7 @@ int main(int argc, char *argv[]) +@@ -1010,7 +1010,7 @@ void wpa_supplicant_event(void *ctx, enu + } + + +-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event, ++void supplicant_event_global(void *ctx, enum wpa_event_type event, + union wpa_event_data *data) + { + struct wpa_priv_global *global = ctx; +@@ -1122,6 +1122,8 @@ int main(int argc, char *argv[]) if (os_program_init()) return -1; + wpa_supplicant_event = supplicant_event; ++ wpa_supplicant_event_global = supplicant_event_global; wpa_priv_fd_workaround(); - for (;;) { + os_memset(&global, 0, sizeof(global)); --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c -@@ -3298,8 +3298,8 @@ static void wpa_supplicant_event_assoc_a +@@ -3375,8 +3375,8 @@ static void wpa_supplicant_event_assoc_a } @@ -190,7 +218,7 @@ { struct wpa_supplicant *wpa_s = ctx; int resched; -@@ -3947,7 +3947,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -4037,7 +4037,7 @@ void wpa_supplicant_event(void *ctx, enu #endif /* CONFIG_AP */ break; case EVENT_ACS_CHANNEL_SELECTED: @@ -199,85 +227,115 @@ if (!wpa_s->ap_iface) break; hostapd_acs_channel_selected(wpa_s->ap_iface->bss[0], +@@ -4051,7 +4051,7 @@ void wpa_supplicant_event(void *ctx, enu + } + + +-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event, ++void supplicant_event_global(void *ctx, enum wpa_event_type event, + union wpa_event_data *data) + { + struct wpa_supplicant *wpa_s; --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -4845,6 +4845,9 @@ static void wpa_supplicant_deinit_iface( - os_free(wpa_s); +@@ -4967,7 +4967,6 @@ struct wpa_interface * wpa_supplicant_ma + return NULL; } +- + /** + * wpa_supplicant_match_existing - Match existing interfaces + * @global: Pointer to global data from wpa_supplicant_init() +@@ -5004,6 +5003,11 @@ static int wpa_supplicant_match_existing + + #endif /* CONFIG_MATCH_IFACE */ + +extern void supplicant_event(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); + ++extern void supplicant_event_global(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); /** * wpa_supplicant_add_iface - Add a new network interface -@@ -5100,6 +5103,7 @@ struct wpa_global * wpa_supplicant_init( +@@ -5259,6 +5263,8 @@ struct wpa_global * wpa_supplicant_init( #ifndef CONFIG_NO_WPA_MSG wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb); #endif /* CONFIG_NO_WPA_MSG */ + wpa_supplicant_event = supplicant_event; ++ wpa_supplicant_event_global = supplicant_event_global; if (params->wpa_debug_file_path) wpa_debug_open_file(params->wpa_debug_file_path); --- a/hostapd/main.c +++ b/hostapd/main.c -@@ -513,6 +513,9 @@ static int hostapd_get_ctrl_iface_group( +@@ -526,6 +526,11 @@ static int hostapd_get_ctrl_iface_group( return 0; } +void hostapd_wpa_event(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); + ++void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); #ifdef CONFIG_WPS static int gen_uuid(const char *txt_addr) -@@ -588,6 +591,7 @@ int main(int argc, char *argv[]) +@@ -601,6 +606,8 @@ int main(int argc, char *argv[]) interfaces.global_ctrl_sock = -1; - interfaces.global_ctrl_dst = NULL; + dl_list_init(&interfaces.global_ctrl_dst); + wpa_supplicant_event = hostapd_wpa_event; ++ wpa_supplicant_event_global = hostapd_wpa_event_global; for (;;) { c = getopt(argc, argv, "b:Bde:f:hKP:STtu:vg:G:"); if (c < 0) --- a/src/drivers/drivers.c +++ b/src/drivers/drivers.c -@@ -10,6 +10,9 @@ +@@ -10,6 +10,11 @@ #include "utils/common.h" #include "driver.h" +void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); ++void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); + #ifdef CONFIG_DRIVER_WEXT extern struct wpa_driver_ops wpa_driver_wext_ops; /* driver_wext.c */ #endif /* CONFIG_DRIVER_WEXT */ --- a/wpa_supplicant/eapol_test.c +++ b/wpa_supplicant/eapol_test.c -@@ -29,7 +29,10 @@ +@@ -29,7 +29,12 @@ #include "ctrl_iface.h" #include "pcsc_funcs.h" #include "wpas_glue.h" +#include "drivers/driver.h" +void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); ++void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); const struct wpa_driver_ops *const wpa_drivers[] = { NULL }; -@@ -1288,6 +1291,8 @@ static void usage(void) +@@ -1295,6 +1300,10 @@ static void usage(void) "option several times.\n"); } +extern void supplicant_event(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); ++extern void supplicant_event_global(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); int main(int argc, char *argv[]) { -@@ -1308,6 +1313,7 @@ int main(int argc, char *argv[]) +@@ -1315,6 +1324,8 @@ int main(int argc, char *argv[]) if (os_program_init()) return -1; + wpa_supplicant_event = supplicant_event; ++ wpa_supplicant_event_global = supplicant_event_global; hostapd_logger_register_cb(hostapd_logger_cb); os_memset(&eapol_test, 0, sizeof(eapol_test)); diff --git a/package/network/services/hostapd/patches/370-ap_sta_support.patch b/package/network/services/hostapd/patches/370-ap_sta_support.patch index 716916a0f0..04c52a2b5c 100644 --- a/package/network/services/hostapd/patches/370-ap_sta_support.patch +++ b/package/network/services/hostapd/patches/370-ap_sta_support.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h -@@ -99,6 +99,11 @@ struct wpa_interface { +@@ -100,6 +100,11 @@ struct wpa_interface { const char *ifname; /** @@ -12,8 +12,8 @@ * bridge_ifname - Optional bridge interface name * * If the driver interface (ifname) is included in a Linux bridge -@@ -465,6 +470,8 @@ struct wpa_supplicant { - #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */ +@@ -484,6 +489,8 @@ struct wpa_supplicant { + #endif /* CONFIG_CTRL_IFACE_BINDER */ char bridge_ifname[16]; + struct wpa_ctrl *hostapd; @@ -45,7 +45,7 @@ CONFIG_OS=win32 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -108,6 +108,55 @@ const char *const wpa_supplicant_full_li +@@ -112,6 +112,55 @@ const char *const wpa_supplicant_full_li "\n"; #endif /* CONFIG_NO_STDOUT_DEBUG */ @@ -101,7 +101,7 @@ /* Configure default/group WEP keys for static WEP */ int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) { -@@ -783,8 +832,12 @@ void wpa_supplicant_set_state(struct wpa +@@ -812,8 +861,12 @@ void wpa_supplicant_set_state(struct wpa wpas_p2p_completed(wpa_s); sme_sched_obss_scan(wpa_s, 1); @@ -114,7 +114,7 @@ wpa_s->new_connection = 1; wpa_drv_set_operstate(wpa_s, 0); #ifndef IEEE8021X_EAPOL -@@ -4537,6 +4590,20 @@ static int wpa_supplicant_init_iface(str +@@ -4623,6 +4676,20 @@ static int wpa_supplicant_init_iface(str sizeof(wpa_s->bridge_ifname)); } @@ -135,7 +135,7 @@ /* RSNA Supplicant Key Management - INITIALIZE */ eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); eapol_sm_notify_portValid(wpa_s->eapol, FALSE); -@@ -4823,6 +4890,11 @@ static void wpa_supplicant_deinit_iface( +@@ -4914,6 +4981,11 @@ static void wpa_supplicant_deinit_iface( if (terminate) wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING); @@ -203,16 +203,16 @@ " -i = interface name\n" " -I = additional configuration file\n" " -K = include keys (passwords, etc.) in debug output\n" -@@ -176,7 +177,7 @@ int main(int argc, char *argv[]) +@@ -201,7 +202,7 @@ int main(int argc, char *argv[]) for (;;) { c = getopt(argc, argv, -- "b:Bc:C:D:de:f:g:G:hi:I:KLm:No:O:p:P:qsTtuvW"); -+ "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuvW"); +- "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW"); ++ "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuvW"); if (c < 0) break; switch (c) { -@@ -223,6 +224,9 @@ int main(int argc, char *argv[]) +@@ -248,6 +249,9 @@ int main(int argc, char *argv[]) usage(); exitcode = 0; goto out; diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch index 1e1aa20730..282577e639 100644 --- a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch +++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch @@ -1,18 +1,18 @@ --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -202,6 +202,9 @@ endif +@@ -211,6 +211,9 @@ endif ifdef CONFIG_NO_CTRL_IFACE CFLAGS += -DCONFIG_NO_CTRL_IFACE else +ifdef CONFIG_CTRL_IFACE_MIB +CFLAGS += -DCONFIG_CTRL_IFACE_MIB +endif - OBJS += ctrl_iface.o - OBJS += ../src/ap/ctrl_iface_ap.o - endif + ifeq ($(CONFIG_CTRL_IFACE), udp) + CFLAGS += -DCONFIG_CTRL_IFACE_UDP + else --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c -@@ -2119,6 +2119,7 @@ static int hostapd_ctrl_iface_receive_pr +@@ -2342,6 +2342,7 @@ static int hostapd_ctrl_iface_receive_pr reply_size); } else if (os_strcmp(buf, "STATUS-DRIVER") == 0) { reply_len = hostapd_drv_status(hapd, reply, reply_size); @@ -20,7 +20,7 @@ } else if (os_strcmp(buf, "MIB") == 0) { reply_len = ieee802_11_get_mib(hapd, reply, reply_size); if (reply_len >= 0) { -@@ -2160,6 +2161,7 @@ static int hostapd_ctrl_iface_receive_pr +@@ -2383,6 +2384,7 @@ static int hostapd_ctrl_iface_receive_pr } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply, reply_size); @@ -30,8 +30,8 @@ reply_len = -1; --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -858,6 +858,9 @@ ifdef CONFIG_WNM - OBJS += ../src/ap/wnm_ap.o +@@ -872,6 +872,9 @@ ifdef CONFIG_MBO + OBJS += ../src/ap/mbo_ap.o endif ifdef CONFIG_CTRL_IFACE +ifdef CONFIG_CTRL_IFACE_MIB @@ -42,7 +42,7 @@ --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c -@@ -1858,7 +1858,7 @@ static int wpa_supplicant_ctrl_iface_sta +@@ -1895,7 +1895,7 @@ static int wpa_supplicant_ctrl_iface_sta pos += ret; } @@ -51,7 +51,7 @@ if (wpa_s->ap_iface) { pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos, end - pos, -@@ -8352,6 +8352,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -8610,6 +8610,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = -1; } else if (os_strncmp(buf, "NOTE ", 5) == 0) { wpa_printf(MSG_INFO, "NOTE: %s", buf + 5); @@ -59,7 +59,7 @@ } else if (os_strcmp(buf, "MIB") == 0) { reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size); if (reply_len >= 0) { -@@ -8359,6 +8360,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -8617,6 +8618,7 @@ char * wpa_supplicant_ctrl_iface_process reply + reply_len, reply_size - reply_len); } @@ -67,7 +67,7 @@ } else if (os_strncmp(buf, "STATUS", 6) == 0) { reply_len = wpa_supplicant_ctrl_iface_status( wpa_s, buf + 6, reply, reply_size); -@@ -8821,6 +8823,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -9087,6 +9089,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = wpa_supplicant_ctrl_iface_bss( wpa_s, buf + 4, reply, reply_size); #ifdef CONFIG_AP @@ -75,7 +75,7 @@ } else if (os_strcmp(buf, "STA-FIRST") == 0) { reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size); } else if (os_strncmp(buf, "STA ", 4) == 0) { -@@ -8829,12 +8832,15 @@ char * wpa_supplicant_ctrl_iface_process +@@ -9095,12 +9098,15 @@ char * wpa_supplicant_ctrl_iface_process } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply, reply_size); @@ -93,15 +93,15 @@ reply_len = -1; --- a/src/ap/ctrl_iface_ap.c +++ b/src/ap/ctrl_iface_ap.c -@@ -23,6 +23,7 @@ - #include "ctrl_iface_ap.h" +@@ -24,6 +24,7 @@ #include "ap_drv_ops.h" + #include "mbo_ap.h" +#ifdef CONFIG_CTRL_IFACE_MIB static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd, struct sta_info *sta, -@@ -235,6 +236,7 @@ int hostapd_ctrl_iface_sta_next(struct h +@@ -249,6 +250,7 @@ int hostapd_ctrl_iface_sta_next(struct h return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen); } @@ -111,7 +111,7 @@ static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype, --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c -@@ -2359,6 +2359,7 @@ static const char * bool_txt(Boolean val +@@ -2441,6 +2441,7 @@ static const char * bool_txt(Boolean val return val ? "TRUE" : "FALSE"; } @@ -119,7 +119,7 @@ int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) { -@@ -2534,6 +2535,7 @@ int ieee802_1x_get_mib_sta(struct hostap +@@ -2616,6 +2617,7 @@ int ieee802_1x_get_mib_sta(struct hostap return len; } @@ -167,7 +167,7 @@ --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c -@@ -1091,7 +1091,7 @@ int wpas_ap_wps_nfc_report_handover(stru +@@ -1103,7 +1103,7 @@ int wpas_ap_wps_nfc_report_handover(stru #endif /* CONFIG_WPS */ diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch index 234537a7bc..f2dff789ed 100644 --- a/package/network/services/hostapd/patches/420-indicate-features.patch +++ b/package/network/services/hostapd/patches/420-indicate-features.patch @@ -8,7 +8,7 @@ #include "crypto/random.h" #include "crypto/tls.h" #include "common/version.h" -@@ -593,7 +594,7 @@ int main(int argc, char *argv[]) +@@ -606,7 +607,7 @@ int main(int argc, char *argv[]) wpa_supplicant_event = hostapd_wpa_event; for (;;) { @@ -17,7 +17,7 @@ if (c < 0) break; switch (c) { -@@ -630,6 +631,8 @@ int main(int argc, char *argv[]) +@@ -643,6 +644,8 @@ int main(int argc, char *argv[]) break; #endif /* CONFIG_DEBUG_LINUX_TRACING */ case 'v': @@ -36,16 +36,16 @@ #include "fst/fst.h" #include "wpa_supplicant_i.h" #include "driver_i.h" -@@ -177,7 +178,7 @@ int main(int argc, char *argv[]) +@@ -202,7 +203,7 @@ int main(int argc, char *argv[]) for (;;) { c = getopt(argc, argv, -- "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuvW"); -+ "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuv::W"); +- "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuvW"); ++ "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuv::W"); if (c < 0) break; switch (c) { -@@ -280,8 +281,12 @@ int main(int argc, char *argv[]) +@@ -305,8 +306,12 @@ int main(int argc, char *argv[]) break; #endif /* CONFIG_DBUS */ case 'v': diff --git a/package/network/services/hostapd/patches/450-scan_wait.patch b/package/network/services/hostapd/patches/450-scan_wait.patch index 192006a872..3a787e324e 100644 --- a/package/network/services/hostapd/patches/450-scan_wait.patch +++ b/package/network/services/hostapd/patches/450-scan_wait.patch @@ -33,7 +33,7 @@ /* Initialize the driver interface */ if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5])) b = NULL; -@@ -382,8 +394,6 @@ static void hostapd_global_deinit(const +@@ -383,8 +395,6 @@ static void hostapd_global_deinit(const #endif /* CONFIG_NATIVE_WINDOWS */ eap_server_unregister_methods(); @@ -42,19 +42,26 @@ } -@@ -409,11 +419,6 @@ static int hostapd_global_run(struct hap +@@ -410,18 +420,6 @@ static int hostapd_global_run(struct hap } #endif /* EAP_SERVER_TNC */ -- if (daemonize && os_daemonize(pid_file)) { -- wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno)); -- return -1; +- if (daemonize) { +- if (os_daemonize(pid_file)) { +- wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno)); +- return -1; +- } +- if (eloop_sock_requeue()) { +- wpa_printf(MSG_ERROR, "eloop_sock_requeue: %s", +- strerror(errno)); +- return -1; +- } - } - eloop_run(); return 0; -@@ -566,8 +571,7 @@ int main(int argc, char *argv[]) +@@ -579,8 +577,7 @@ int main(int argc, char *argv[]) struct hapd_interfaces interfaces; int ret = 1; size_t i, j; diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch index 0a61aeff86..081b9588b3 100644 --- a/package/network/services/hostapd/patches/600-ubus_support.patch +++ b/package/network/services/hostapd/patches/600-ubus_support.patch @@ -1,6 +1,6 @@ --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -155,6 +155,11 @@ OBJS += ../src/common/hw_features_common +@@ -157,6 +157,11 @@ OBJS += ../src/common/hw_features_common OBJS += ../src/eapol_auth/eapol_auth_sm.o @@ -22,7 +22,7 @@ struct wpa_ctrl_dst; struct radius_server_data; -@@ -107,6 +108,7 @@ struct hostapd_data { +@@ -117,6 +118,7 @@ struct hostapd_data { struct hostapd_iface *iface; struct hostapd_config *iconf; struct hostapd_bss_config *conf; @@ -30,7 +30,7 @@ int interface_added; /* virtual interface added for this BSS */ unsigned int started:1; unsigned int disabled:1; -@@ -299,6 +301,8 @@ struct hostapd_iface { +@@ -322,6 +324,8 @@ struct hostapd_iface { struct hostapd_config *conf; char phy[16]; /* Name of the PHY (radio) */ @@ -661,7 +661,7 @@ +#endif --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -280,6 +280,7 @@ static void hostapd_free_hapd_data(struc +@@ -282,6 +282,7 @@ static void hostapd_free_hapd_data(struc hapd->started = 0; wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface); @@ -669,7 +669,7 @@ iapp_deinit(hapd->iapp); hapd->iapp = NULL; accounting_deinit(hapd); -@@ -1118,6 +1119,8 @@ static int hostapd_setup_bss(struct host +@@ -1137,6 +1138,8 @@ static int hostapd_setup_bss(struct host if (hapd->driver && hapd->driver->set_operstate) hapd->driver->set_operstate(hapd->drv_priv, 1); @@ -678,7 +678,7 @@ return 0; } -@@ -1523,6 +1526,7 @@ static int hostapd_setup_interface_compl +@@ -1662,6 +1665,7 @@ static int hostapd_setup_interface_compl if (err) goto fail; @@ -686,7 +686,7 @@ wpa_printf(MSG_DEBUG, "Completing interface initialization"); if (iface->conf->channel) { #ifdef NEED_AP_MLME -@@ -1700,6 +1704,7 @@ dfs_offload: +@@ -1842,6 +1846,7 @@ dfs_offload: fail: wpa_printf(MSG_ERROR, "Interface initialization failed"); @@ -694,7 +694,7 @@ hostapd_set_state(iface, HAPD_IFACE_DISABLED); wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED); #ifdef CONFIG_FST -@@ -2125,6 +2130,7 @@ void hostapd_interface_deinit_free(struc +@@ -2268,6 +2273,7 @@ void hostapd_interface_deinit_free(struc (unsigned int) iface->conf->num_bss); driver = iface->bss[0]->driver; drv_priv = iface->bss[0]->drv_priv; @@ -704,7 +704,7 @@ __func__, driver, drv_priv); --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c -@@ -877,7 +877,8 @@ int auth_sae_init_committed(struct hosta +@@ -929,7 +929,8 @@ int auth_sae_init_committed(struct hosta static void handle_auth(struct hostapd_data *hapd, @@ -714,7 +714,7 @@ { u16 auth_alg, auth_transaction, status_code; u16 resp = WLAN_STATUS_SUCCESS; -@@ -893,6 +894,11 @@ static void handle_auth(struct hostapd_d +@@ -945,6 +946,11 @@ static void handle_auth(struct hostapd_d char *identity = NULL; char *radius_cui = NULL; u16 seq_ctrl; @@ -724,9 +724,9 @@ + .frame_info = fi, + }; - if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { - wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", -@@ -1044,6 +1050,14 @@ static void handle_auth(struct hostapd_d + os_memset(&vlan_id, 0, sizeof(vlan_id)); + +@@ -1098,6 +1104,14 @@ static void handle_auth(struct hostapd_d resp = WLAN_STATUS_UNSPECIFIED_FAILURE; goto fail; } @@ -741,7 +741,7 @@ if (res == HOSTAPD_ACL_PENDING) { wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR " waiting for an external authentication", -@@ -1776,13 +1790,18 @@ static void send_assoc_resp(struct hosta +@@ -1982,13 +1996,18 @@ static u16 send_assoc_resp(struct hostap static void handle_assoc(struct hostapd_data *hapd, const struct ieee80211_mgmt *mgmt, size_t len, @@ -749,7 +749,7 @@ + int reassoc, struct hostapd_frame_info *fi) { u16 capab_info, listen_interval, seq_ctrl, fc; - u16 resp = WLAN_STATUS_SUCCESS; + u16 resp = WLAN_STATUS_SUCCESS, reply_res; const u8 *pos; int left, i; struct sta_info *sta; @@ -761,9 +761,9 @@ if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : sizeof(mgmt->u.assoc_req))) { -@@ -1902,6 +1921,13 @@ static void handle_assoc(struct hostapd_ - goto fail; +@@ -2108,6 +2127,13 @@ static void handle_assoc(struct hostapd_ } + #endif /* CONFIG_MBO */ + if (hostapd_ubus_handle_event(hapd, &req)) { + wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n", @@ -772,10 +772,10 @@ + goto fail; + } + - sta->capability = capab_info; - sta->listen_interval = listen_interval; - -@@ -2328,7 +2354,7 @@ int ieee802_11_mgmt(struct hostapd_data + /* + * sta->capability is used in check_assoc_ies() for RRM enabled + * capability element. +@@ -2588,7 +2614,7 @@ int ieee802_11_mgmt(struct hostapd_data if (stype == WLAN_FC_STYPE_PROBE_REQ) { @@ -784,7 +784,7 @@ return 1; } -@@ -2346,17 +2372,17 @@ int ieee802_11_mgmt(struct hostapd_data +@@ -2606,17 +2632,17 @@ int ieee802_11_mgmt(struct hostapd_data switch (stype) { case WLAN_FC_STYPE_AUTH: wpa_printf(MSG_DEBUG, "mgmt::auth"); @@ -807,7 +807,7 @@ case WLAN_FC_STYPE_DISASSOC: --- a/src/ap/beacon.c +++ b/src/ap/beacon.c -@@ -667,7 +667,7 @@ sta_track_seen_on(struct hostapd_iface * +@@ -675,7 +675,7 @@ sta_track_seen_on(struct hostapd_iface * void handle_probe_req(struct hostapd_data *hapd, const struct ieee80211_mgmt *mgmt, size_t len, @@ -816,7 +816,7 @@ { u8 *resp; struct ieee802_11_elems elems; -@@ -676,9 +676,15 @@ void handle_probe_req(struct hostapd_dat +@@ -684,9 +684,15 @@ void handle_probe_req(struct hostapd_dat size_t i, resp_len; int noack; enum ssid_match_result res; @@ -830,9 +830,9 @@ + .frame_info = fi, + }; - ie = mgmt->u.probe_req.variable; - if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req)) -@@ -830,6 +836,12 @@ void handle_probe_req(struct hostapd_dat + if (len < IEEE80211_HDRLEN) + return; +@@ -838,6 +844,12 @@ void handle_probe_req(struct hostapd_dat } #endif /* CONFIG_P2P */ @@ -858,7 +858,7 @@ int ieee802_11_update_beacons(struct hostapd_iface *iface); --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c -@@ -51,6 +51,10 @@ int hostapd_notif_assoc(struct hostapd_d +@@ -52,6 +52,10 @@ int hostapd_notif_assoc(struct hostapd_d u16 reason = WLAN_REASON_UNSPECIFIED; u16 status = WLAN_STATUS_SUCCESS; const u8 *p2p_dev_addr = NULL; @@ -869,7 +869,7 @@ if (addr == NULL) { /* -@@ -123,6 +127,12 @@ int hostapd_notif_assoc(struct hostapd_d +@@ -124,6 +128,12 @@ int hostapd_notif_assoc(struct hostapd_d goto fail; } diff --git a/package/network/services/hostapd/patches/700-make-make-work.patch b/package/network/services/hostapd/patches/700-make-make-work.patch new file mode 100644 index 0000000000..643061ab5b --- /dev/null +++ b/package/network/services/hostapd/patches/700-make-make-work.patch @@ -0,0 +1,12 @@ +--- a/hostapd/Makefile ++++ b/hostapd/Makefile +@@ -196,7 +196,8 @@ endif + + ifdef CONFIG_NO_VLAN + CFLAGS += -DCONFIG_NO_VLAN +-else ++endif ++ifneq ($(findstring CONFIG_NO_VLAN,$(CFLAGS)), CONFIG_NO_VLAN) + OBJS += ../src/ap/vlan_init.o + OBJS += ../src/ap/vlan_ifconfig.o + OBJS += ../src/ap/vlan.o From a4f8825e0ff5066a7c978f65a1b48407abba7a81 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Wed, 15 Jun 2016 17:11:43 +0200 Subject: [PATCH 8/9] CC: hostapd: update to version 2016-06-15 Signed-off-by: Felix Fietkau --- package/network/services/hostapd/Makefile | 4 +- .../hostapd/patches/100-mesh_mode_fix.patch | 2 +- .../hostapd/patches/120-daemonize_fix.patch | 4 +- .../hostapd/patches/130-no_eapol_fix.patch | 2 +- .../hostapd/patches/200-multicall.patch | 44 ++++++++++++------- .../services/hostapd/patches/300-noscan.patch | 6 +-- .../patches/310-rescan_immediately.patch | 4 +- .../hostapd/patches/320-optional_rfkill.patch | 12 ++--- .../patches/330-nl80211_fix_set_freq.patch | 2 +- .../patches/340-reload_freq_change.patch | 4 +- .../patches/350-nl80211_del_beacon_bss.patch | 12 ++--- .../patches/360-ctrl_iface_reload.patch | 20 +++++---- .../hostapd/patches/370-ap_sta_support.patch | 4 +- .../patches/380-disable_ctrl_iface_mib.patch | 12 ++--- .../patches/390-wpa_ie_cap_workaround.patch | 4 +- .../patches/420-indicate-features.patch | 10 ++--- .../patches/430-hostapd_cli_ifdef.patch | 12 ++--- .../hostapd/patches/450-scan_wait.patch | 6 +-- ...dd-new-config-params-to-be-used-with.patch | 10 ++--- ...-use-new-parameters-during-ibss-join.patch | 4 +- .../462-wpa_s-support-htmode-param.patch | 12 ++--- .../hostapd/patches/600-ubus_support.patch | 28 ++++++------ .../hostapd/patches/700-make-make-work.patch | 12 ----- 23 files changed, 115 insertions(+), 115 deletions(-) delete mode 100644 package/network/services/hostapd/patches/700-make-make-work.patch diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 2465f6baa8..9c9b0e9ee8 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -7,9 +7,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd -PKG_VERSION:=2016-05-05 +PKG_VERSION:=2016-06-15 PKG_RELEASE:=1 -PKG_REV:=9524e7e5a4a18539f0fb532544d2de63621b5f8b +PKG_REV:=31d3692fe5d56c05753ed4a70c7943979e1d29e7 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=git://w1.fi/srv/git/hostap.git diff --git a/package/network/services/hostapd/patches/100-mesh_mode_fix.patch b/package/network/services/hostapd/patches/100-mesh_mode_fix.patch index 1be7559c4a..ceb4c53afa 100644 --- a/package/network/services/hostapd/patches/100-mesh_mode_fix.patch +++ b/package/network/services/hostapd/patches/100-mesh_mode_fix.patch @@ -1,6 +1,6 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -2262,7 +2262,8 @@ wpa_driver_nl80211_finish_drv_init(struc +@@ -2332,7 +2332,8 @@ wpa_driver_nl80211_finish_drv_init(struc if (drv->hostapd || bss->static_ap) nlmode = NL80211_IFTYPE_AP; diff --git a/package/network/services/hostapd/patches/120-daemonize_fix.patch b/package/network/services/hostapd/patches/120-daemonize_fix.patch index fad84669a6..0389406a98 100644 --- a/package/network/services/hostapd/patches/120-daemonize_fix.patch +++ b/package/network/services/hostapd/patches/120-daemonize_fix.patch @@ -60,13 +60,13 @@ + if (chdir("/") < 0) return -1; - } -- + - return 0; -} -#else /* __APPLE__ */ -#define os_daemon daemon -#endif /* __APPLE__ */ - +- - -int os_daemonize(const char *pid_file) -{ diff --git a/package/network/services/hostapd/patches/130-no_eapol_fix.patch b/package/network/services/hostapd/patches/130-no_eapol_fix.patch index 0c4114a515..5aee3d07f1 100644 --- a/package/network/services/hostapd/patches/130-no_eapol_fix.patch +++ b/package/network/services/hostapd/patches/130-no_eapol_fix.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -253,9 +253,10 @@ void wpa_supplicant_cancel_auth_timeout( +@@ -257,9 +257,10 @@ void wpa_supplicant_cancel_auth_timeout( */ void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s) { diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch index 49e7af74d8..e9d49d40fa 100644 --- a/package/network/services/hostapd/patches/200-multicall.patch +++ b/package/network/services/hostapd/patches/200-multicall.patch @@ -8,7 +8,17 @@ ifndef CONFIG_NO_GITVER # Add VERSION_STR postfix for builds from a git repository -@@ -315,10 +316,14 @@ CFLAGS += -DCONFIG_MBO +@@ -190,7 +191,8 @@ endif + + ifdef CONFIG_NO_VLAN + CFLAGS += -DCONFIG_NO_VLAN +-else ++endif ++ifneq ($(findstring CONFIG_NO_VLAN,$(CFLAGS)), CONFIG_NO_VLAN) + OBJS += ../src/ap/vlan_init.o + OBJS += ../src/ap/vlan_ifconfig.o + OBJS += ../src/ap/vlan.o +@@ -315,10 +317,14 @@ CFLAGS += -DCONFIG_MBO OBJS += ../src/ap/mbo_ap.o endif @@ -26,7 +36,7 @@ LIBS += $(DRV_AP_LIBS) ifdef CONFIG_L2_PACKET -@@ -1051,6 +1056,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) +@@ -1051,6 +1057,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) BCHECK=../src/drivers/build.hostapd @@ -39,7 +49,7 @@ hostapd: $(BCHECK) $(OBJS) $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS) @$(E) " LD " $@ -@@ -1092,6 +1103,12 @@ HOBJS += ../src/crypto/aes-internal.o +@@ -1092,6 +1104,12 @@ HOBJS += ../src/crypto/aes-internal.o HOBJS += ../src/crypto/aes-internal-enc.o endif @@ -132,7 +142,7 @@ wpa_cli.exe: wpa_cli --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -4775,8 +4775,8 @@ union wpa_event_data { +@@ -4794,8 +4794,8 @@ union wpa_event_data { * Driver wrapper code should call this function whenever an event is received * from the driver. */ @@ -143,7 +153,7 @@ /** * wpa_supplicant_event_global - Report a driver event for wpa_supplicant -@@ -4788,7 +4788,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -4807,7 +4807,7 @@ void wpa_supplicant_event(void *ctx, enu * Same as wpa_supplicant_event(), but we search for the interface in * wpa_global. */ @@ -154,7 +164,7 @@ /* --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c -@@ -1144,8 +1144,8 @@ static void hostapd_event_dfs_cac_starte +@@ -1157,8 +1157,8 @@ static void hostapd_event_dfs_cac_starte #endif /* NEED_AP_MLME */ @@ -165,7 +175,7 @@ { struct hostapd_data *hapd = ctx; #ifndef CONFIG_NO_STDOUT_DEBUG -@@ -1354,7 +1354,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -1367,7 +1367,7 @@ void wpa_supplicant_event(void *ctx, enu } @@ -207,7 +217,7 @@ os_memset(&global, 0, sizeof(global)); --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c -@@ -3375,8 +3375,8 @@ static void wpa_supplicant_event_assoc_a +@@ -3384,8 +3384,8 @@ static void wpa_supplicant_event_assoc_a } @@ -218,7 +228,7 @@ { struct wpa_supplicant *wpa_s = ctx; int resched; -@@ -4037,7 +4037,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -4051,7 +4051,7 @@ void wpa_supplicant_event(void *ctx, enu #endif /* CONFIG_AP */ break; case EVENT_ACS_CHANNEL_SELECTED: @@ -227,7 +237,7 @@ if (!wpa_s->ap_iface) break; hostapd_acs_channel_selected(wpa_s->ap_iface->bss[0], -@@ -4051,7 +4051,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -4065,7 +4065,7 @@ void wpa_supplicant_event(void *ctx, enu } @@ -238,7 +248,7 @@ struct wpa_supplicant *wpa_s; --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -4967,7 +4967,6 @@ struct wpa_interface * wpa_supplicant_ma +@@ -4982,7 +4982,6 @@ struct wpa_interface * wpa_supplicant_ma return NULL; } @@ -246,7 +256,7 @@ /** * wpa_supplicant_match_existing - Match existing interfaces * @global: Pointer to global data from wpa_supplicant_init() -@@ -5004,6 +5003,11 @@ static int wpa_supplicant_match_existing +@@ -5019,6 +5018,11 @@ static int wpa_supplicant_match_existing #endif /* CONFIG_MATCH_IFACE */ @@ -258,7 +268,7 @@ /** * wpa_supplicant_add_iface - Add a new network interface -@@ -5259,6 +5263,8 @@ struct wpa_global * wpa_supplicant_init( +@@ -5274,6 +5278,8 @@ struct wpa_global * wpa_supplicant_init( #ifndef CONFIG_NO_WPA_MSG wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb); #endif /* CONFIG_NO_WPA_MSG */ @@ -269,8 +279,8 @@ wpa_debug_open_file(params->wpa_debug_file_path); --- a/hostapd/main.c +++ b/hostapd/main.c -@@ -526,6 +526,11 @@ static int hostapd_get_ctrl_iface_group( - return 0; +@@ -583,6 +583,11 @@ fail: + return -1; } +void hostapd_wpa_event(void *ctx, enum wpa_event_type event, @@ -281,14 +291,14 @@ #ifdef CONFIG_WPS static int gen_uuid(const char *txt_addr) -@@ -601,6 +606,8 @@ int main(int argc, char *argv[]) +@@ -660,6 +665,8 @@ int main(int argc, char *argv[]) interfaces.global_ctrl_sock = -1; dl_list_init(&interfaces.global_ctrl_dst); + wpa_supplicant_event = hostapd_wpa_event; + wpa_supplicant_event_global = hostapd_wpa_event_global; for (;;) { - c = getopt(argc, argv, "b:Bde:f:hKP:STtu:vg:G:"); + c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:"); if (c < 0) --- a/src/drivers/drivers.c +++ b/src/drivers/drivers.c diff --git a/package/network/services/hostapd/patches/300-noscan.patch b/package/network/services/hostapd/patches/300-noscan.patch index 85dc0c1cce..bb3d57b0ea 100644 --- a/package/network/services/hostapd/patches/300-noscan.patch +++ b/package/network/services/hostapd/patches/300-noscan.patch @@ -1,6 +1,6 @@ --- a/hostapd/config_file.c +++ b/hostapd/config_file.c -@@ -2852,6 +2852,10 @@ static int hostapd_config_fill(struct ho +@@ -2861,6 +2861,10 @@ static int hostapd_config_fill(struct ho } #endif /* CONFIG_IEEE80211W */ #ifdef CONFIG_IEEE80211N @@ -13,7 +13,7 @@ } else if (os_strcmp(buf, "ht_capab") == 0) { --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h -@@ -639,6 +639,8 @@ struct hostapd_config { +@@ -655,6 +655,8 @@ struct hostapd_config { int ht_op_mode_fixed; u16 ht_capab; @@ -24,7 +24,7 @@ int no_pri_sec_switch; --- a/src/ap/hw_features.c +++ b/src/ap/hw_features.c -@@ -473,7 +473,8 @@ static int ieee80211n_check_40mhz(struct +@@ -474,7 +474,8 @@ static int ieee80211n_check_40mhz(struct int ret; /* Check that HT40 is used and PRI / SEC switch is allowed */ diff --git a/package/network/services/hostapd/patches/310-rescan_immediately.patch b/package/network/services/hostapd/patches/310-rescan_immediately.patch index 3bcdd70e75..d9486ed405 100644 --- a/package/network/services/hostapd/patches/310-rescan_immediately.patch +++ b/package/network/services/hostapd/patches/310-rescan_immediately.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -3449,7 +3449,7 @@ wpa_supplicant_alloc(struct wpa_supplica +@@ -3548,7 +3548,7 @@ wpa_supplicant_alloc(struct wpa_supplica if (wpa_s == NULL) return NULL; wpa_s->scan_req = INITIAL_SCAN_REQ; @@ -8,4 +8,4 @@ + wpa_s->scan_interval = 1; wpa_s->new_connection = 1; wpa_s->parent = parent ? parent : wpa_s; - wpa_s->sched_scanning = 0; + wpa_s->p2pdev = wpa_s->parent; diff --git a/package/network/services/hostapd/patches/320-optional_rfkill.patch b/package/network/services/hostapd/patches/320-optional_rfkill.patch index 349af030b9..cf2a2c108b 100644 --- a/package/network/services/hostapd/patches/320-optional_rfkill.patch +++ b/package/network/services/hostapd/patches/320-optional_rfkill.patch @@ -1,14 +1,14 @@ --- a/src/drivers/drivers.mak +++ b/src/drivers/drivers.mak -@@ -37,7 +37,6 @@ NEED_SME=y +@@ -36,7 +36,6 @@ NEED_SME=y NEED_AP_MLME=y NEED_NETLINK=y NEED_LINUX_IOCTL=y -NEED_RFKILL=y + NEED_RADIOTAP=y ifdef CONFIG_LIBNL32 - DRV_LIBS += -lnl-3 -@@ -121,7 +120,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT +@@ -123,7 +122,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT CONFIG_WIRELESS_EXTENSION=y NEED_NETLINK=y NEED_LINUX_IOCTL=y @@ -16,7 +16,7 @@ endif ifdef CONFIG_DRIVER_NDIS -@@ -147,7 +145,6 @@ endif +@@ -149,7 +147,6 @@ endif ifdef CONFIG_WIRELESS_EXTENSION DRV_WPA_CFLAGS += -DCONFIG_WIRELESS_EXTENSION DRV_WPA_OBJS += ../src/drivers/driver_wext.o @@ -24,14 +24,14 @@ endif ifdef NEED_NETLINK -@@ -160,6 +157,7 @@ endif +@@ -162,6 +159,7 @@ endif ifdef NEED_RFKILL DRV_OBJS += ../src/drivers/rfkill.o +DRV_WPA_CFLAGS += -DCONFIG_RFKILL endif - ifdef CONFIG_VLAN_NETLINK + ifdef NEED_RADIOTAP --- a/src/drivers/rfkill.h +++ b/src/drivers/rfkill.h @@ -18,8 +18,24 @@ struct rfkill_config { diff --git a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch index 54dec31333..ca4601247b 100644 --- a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch +++ b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch @@ -1,6 +1,6 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -3709,7 +3709,7 @@ static int nl80211_set_channel(struct i8 +@@ -3795,7 +3795,7 @@ static int nl80211_set_channel(struct i8 freq->freq, freq->ht_enabled, freq->vht_enabled, freq->bandwidth, freq->center_freq1, freq->center_freq2); diff --git a/package/network/services/hostapd/patches/340-reload_freq_change.patch b/package/network/services/hostapd/patches/340-reload_freq_change.patch index a687a805fc..086ade9ced 100644 --- a/package/network/services/hostapd/patches/340-reload_freq_change.patch +++ b/package/network/services/hostapd/patches/340-reload_freq_change.patch @@ -1,6 +1,6 @@ --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -78,6 +78,16 @@ static void hostapd_reload_bss(struct ho +@@ -80,6 +80,16 @@ static void hostapd_reload_bss(struct ho #endif /* CONFIG_NO_RADIUS */ ssid = &hapd->conf->ssid; @@ -17,7 +17,7 @@ if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next && ssid->wpa_passphrase_set && ssid->wpa_passphrase) { /* -@@ -177,21 +187,12 @@ int hostapd_reload_config(struct hostapd +@@ -179,21 +189,12 @@ int hostapd_reload_config(struct hostapd oldconf = hapd->iconf; iface->conf = newconf; diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch index 2bcf49a7c6..247f154e30 100644 --- a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch +++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch @@ -1,6 +1,6 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -2324,13 +2324,18 @@ wpa_driver_nl80211_finish_drv_init(struc +@@ -2394,13 +2394,18 @@ wpa_driver_nl80211_finish_drv_init(struc } @@ -22,7 +22,7 @@ return send_and_recv_msgs(drv, msg, NULL, NULL); } -@@ -2381,7 +2386,7 @@ static void wpa_driver_nl80211_deinit(st +@@ -2452,7 +2457,7 @@ static void wpa_driver_nl80211_deinit(st nl80211_remove_monitor_interface(drv); if (is_ap_interface(drv->nlmode)) @@ -31,7 +31,7 @@ if (drv->eapol_sock >= 0) { eloop_unregister_read_sock(drv->eapol_sock); -@@ -4233,8 +4238,7 @@ static void nl80211_teardown_ap(struct i +@@ -4385,8 +4390,7 @@ static void nl80211_teardown_ap(struct i nl80211_remove_monitor_interface(drv); else nl80211_mgmt_unsubscribe(bss, "AP teardown"); @@ -41,7 +41,7 @@ } -@@ -6165,8 +6169,6 @@ static int wpa_driver_nl80211_if_remove( +@@ -6387,8 +6391,6 @@ static int wpa_driver_nl80211_if_remove( } else { wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); nl80211_teardown_ap(bss); @@ -50,7 +50,7 @@ nl80211_destroy_bss(bss); if (!bss->added_if) i802_set_iface_flags(bss, 0); -@@ -6528,8 +6530,7 @@ static int wpa_driver_nl80211_deinit_ap( +@@ -6750,8 +6752,7 @@ static int wpa_driver_nl80211_deinit_ap( struct wpa_driver_nl80211_data *drv = bss->drv; if (!is_ap_interface(drv->nlmode)) return -1; @@ -60,7 +60,7 @@ /* * If the P2P GO interface was dynamically added, then it is -@@ -6548,8 +6549,7 @@ static int wpa_driver_nl80211_stop_ap(vo +@@ -6770,8 +6771,7 @@ static int wpa_driver_nl80211_stop_ap(vo struct wpa_driver_nl80211_data *drv = bss->drv; if (!is_ap_interface(drv->nlmode)) return -1; diff --git a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch index ebc63ab246..1e405cbf0e 100644 --- a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch +++ b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch @@ -1,6 +1,6 @@ --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c -@@ -47,6 +47,7 @@ +@@ -54,6 +54,7 @@ #include "fst/fst_ctrl_iface.h" #include "config_file.h" #include "ctrl_iface.h" @@ -8,15 +8,15 @@ #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256 -@@ -59,6 +60,7 @@ struct wpa_ctrl_dst { - int errors; - }; +@@ -72,6 +73,7 @@ static void hostapd_ctrl_iface_send(stru + enum wpa_msg_type type, + const char *buf, size_t len); +static char *reload_opts = NULL; - static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level, - enum wpa_msg_type type, -@@ -169,6 +171,61 @@ static int hostapd_ctrl_iface_new_sta(st + static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd, + struct sockaddr_storage *from, +@@ -123,6 +125,61 @@ static int hostapd_ctrl_iface_new_sta(st return 0; } @@ -78,7 +78,7 @@ #ifdef CONFIG_IEEE80211W #ifdef NEED_AP_MLME -@@ -2257,6 +2314,8 @@ static int hostapd_ctrl_iface_receive_pr +@@ -2483,6 +2540,8 @@ static int hostapd_ctrl_iface_receive_pr } else if (os_strncmp(buf, "VENDOR ", 7) == 0) { reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply, reply_size); @@ -89,7 +89,7 @@ #ifdef RADIUS_SERVER --- a/src/ap/ctrl_iface_ap.c +++ b/src/ap/ctrl_iface_ap.c -@@ -552,5 +552,11 @@ int hostapd_parse_csa_settings(const cha +@@ -593,7 +593,13 @@ int hostapd_parse_csa_settings(const cha int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd) { @@ -102,3 +102,5 @@ + + return 0; } + + diff --git a/package/network/services/hostapd/patches/370-ap_sta_support.patch b/package/network/services/hostapd/patches/370-ap_sta_support.patch index 04c52a2b5c..6b70215c43 100644 --- a/package/network/services/hostapd/patches/370-ap_sta_support.patch +++ b/package/network/services/hostapd/patches/370-ap_sta_support.patch @@ -114,7 +114,7 @@ wpa_s->new_connection = 1; wpa_drv_set_operstate(wpa_s, 0); #ifndef IEEE8021X_EAPOL -@@ -4623,6 +4676,20 @@ static int wpa_supplicant_init_iface(str +@@ -4638,6 +4691,20 @@ static int wpa_supplicant_init_iface(str sizeof(wpa_s->bridge_ifname)); } @@ -135,7 +135,7 @@ /* RSNA Supplicant Key Management - INITIALIZE */ eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); eapol_sm_notify_portValid(wpa_s->eapol, FALSE); -@@ -4914,6 +4981,11 @@ static void wpa_supplicant_deinit_iface( +@@ -4929,6 +4996,11 @@ static void wpa_supplicant_deinit_iface( if (terminate) wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING); diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch index 282577e639..ef9c9db9a5 100644 --- a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch +++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch @@ -1,6 +1,6 @@ --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -211,6 +211,9 @@ endif +@@ -212,6 +212,9 @@ endif ifdef CONFIG_NO_CTRL_IFACE CFLAGS += -DCONFIG_NO_CTRL_IFACE else @@ -51,7 +51,7 @@ if (wpa_s->ap_iface) { pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos, end - pos, -@@ -8610,6 +8610,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -8687,6 +8687,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = -1; } else if (os_strncmp(buf, "NOTE ", 5) == 0) { wpa_printf(MSG_INFO, "NOTE: %s", buf + 5); @@ -59,7 +59,7 @@ } else if (os_strcmp(buf, "MIB") == 0) { reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size); if (reply_len >= 0) { -@@ -8617,6 +8618,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -8694,6 +8695,7 @@ char * wpa_supplicant_ctrl_iface_process reply + reply_len, reply_size - reply_len); } @@ -67,7 +67,7 @@ } else if (os_strncmp(buf, "STATUS", 6) == 0) { reply_len = wpa_supplicant_ctrl_iface_status( wpa_s, buf + 6, reply, reply_size); -@@ -9087,6 +9089,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -9164,6 +9166,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = wpa_supplicant_ctrl_iface_bss( wpa_s, buf + 4, reply, reply_size); #ifdef CONFIG_AP @@ -75,7 +75,7 @@ } else if (os_strcmp(buf, "STA-FIRST") == 0) { reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size); } else if (os_strncmp(buf, "STA ", 4) == 0) { -@@ -9095,12 +9098,15 @@ char * wpa_supplicant_ctrl_iface_process +@@ -9172,12 +9175,15 @@ char * wpa_supplicant_ctrl_iface_process } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply, reply_size); @@ -167,7 +167,7 @@ --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c -@@ -1103,7 +1103,7 @@ int wpas_ap_wps_nfc_report_handover(stru +@@ -1114,7 +1114,7 @@ int wpas_ap_wps_nfc_report_handover(stru #endif /* CONFIG_WPS */ diff --git a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch index 0d752b0508..c9e7bf4209 100644 --- a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch +++ b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch @@ -1,6 +1,6 @@ --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c -@@ -1242,6 +1242,31 @@ u32 wpa_akm_to_suite(int akm) +@@ -1244,6 +1244,31 @@ u32 wpa_akm_to_suite(int akm) } @@ -32,7 +32,7 @@ int wpa_compare_rsn_ie(int ft_initial_assoc, const u8 *ie1, size_t ie1len, const u8 *ie2, size_t ie2len) -@@ -1249,8 +1274,19 @@ int wpa_compare_rsn_ie(int ft_initial_as +@@ -1251,8 +1276,19 @@ int wpa_compare_rsn_ie(int ft_initial_as if (ie1 == NULL || ie2 == NULL) return -1; diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch index f2dff789ed..335e71eb51 100644 --- a/package/network/services/hostapd/patches/420-indicate-features.patch +++ b/package/network/services/hostapd/patches/420-indicate-features.patch @@ -8,16 +8,16 @@ #include "crypto/random.h" #include "crypto/tls.h" #include "common/version.h" -@@ -606,7 +607,7 @@ int main(int argc, char *argv[]) - +@@ -668,7 +669,7 @@ int main(int argc, char *argv[]) wpa_supplicant_event = hostapd_wpa_event; + wpa_supplicant_event_global = hostapd_wpa_event_global; for (;;) { -- c = getopt(argc, argv, "b:Bde:f:hKP:STtu:vg:G:"); -+ c = getopt(argc, argv, "b:Bde:f:hKP:STtu:g:G:v::"); +- c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:"); ++ c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:g:G:v::"); if (c < 0) break; switch (c) { -@@ -643,6 +644,8 @@ int main(int argc, char *argv[]) +@@ -705,6 +706,8 @@ int main(int argc, char *argv[]) break; #endif /* CONFIG_DEBUG_LINUX_TRACING */ case 'v': diff --git a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch index 9ecd78609b..d07b747c3d 100644 --- a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch +++ b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch @@ -1,6 +1,6 @@ --- a/hostapd/hostapd_cli.c +++ b/hostapd/hostapd_cli.c -@@ -68,7 +68,6 @@ static const char *const commands_help = +@@ -69,7 +69,6 @@ static const char *const commands_help = #ifdef CONFIG_IEEE80211W " sa_query send SA Query to a station\n" #endif /* CONFIG_IEEE80211W */ @@ -8,7 +8,7 @@ " wps_pin [timeout] [addr] add WPS Enrollee PIN\n" " wps_check_pin verify PIN checksum\n" " wps_pbc indicate button pushed to initiate PBC\n" -@@ -81,7 +80,6 @@ static const char *const commands_help = +@@ -82,7 +81,6 @@ static const char *const commands_help = " wps_ap_pin [params..] enable/disable AP PIN\n" " wps_config configure AP\n" " wps_get_status show current WPS status\n" @@ -16,7 +16,7 @@ " get_config show current configuration\n" " help show this usage help\n" " interface [ifname] show interfaces/select interface\n" -@@ -364,7 +362,6 @@ static int hostapd_cli_cmd_sa_query(stru +@@ -418,7 +416,6 @@ static int hostapd_cli_cmd_sa_query(stru #endif /* CONFIG_IEEE80211W */ @@ -24,7 +24,7 @@ static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc, char *argv[]) { -@@ -590,7 +587,6 @@ static int hostapd_cli_cmd_wps_config(st +@@ -644,7 +641,6 @@ static int hostapd_cli_cmd_wps_config(st ssid_hex, argv[1]); return wpa_ctrl_command(ctrl, buf); } @@ -32,7 +32,7 @@ static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc, -@@ -1086,7 +1082,6 @@ static const struct hostapd_cli_cmd host +@@ -1236,7 +1232,6 @@ static const struct hostapd_cli_cmd host #ifdef CONFIG_IEEE80211W { "sa_query", hostapd_cli_cmd_sa_query }, #endif /* CONFIG_IEEE80211W */ @@ -40,7 +40,7 @@ { "wps_pin", hostapd_cli_cmd_wps_pin }, { "wps_check_pin", hostapd_cli_cmd_wps_check_pin }, { "wps_pbc", hostapd_cli_cmd_wps_pbc }, -@@ -1100,7 +1095,6 @@ static const struct hostapd_cli_cmd host +@@ -1250,7 +1245,6 @@ static const struct hostapd_cli_cmd host { "wps_ap_pin", hostapd_cli_cmd_wps_ap_pin }, { "wps_config", hostapd_cli_cmd_wps_config }, { "wps_get_status", hostapd_cli_cmd_wps_get_status }, diff --git a/package/network/services/hostapd/patches/450-scan_wait.patch b/package/network/services/hostapd/patches/450-scan_wait.patch index 3a787e324e..78cf3064fa 100644 --- a/package/network/services/hostapd/patches/450-scan_wait.patch +++ b/package/network/services/hostapd/patches/450-scan_wait.patch @@ -33,7 +33,7 @@ /* Initialize the driver interface */ if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5])) b = NULL; -@@ -383,8 +395,6 @@ static void hostapd_global_deinit(const +@@ -401,8 +413,6 @@ static void hostapd_global_deinit(const #endif /* CONFIG_NATIVE_WINDOWS */ eap_server_unregister_methods(); @@ -42,7 +42,7 @@ } -@@ -410,18 +420,6 @@ static int hostapd_global_run(struct hap +@@ -428,18 +438,6 @@ static int hostapd_global_run(struct hap } #endif /* EAP_SERVER_TNC */ @@ -61,7 +61,7 @@ eloop_run(); return 0; -@@ -579,8 +577,7 @@ int main(int argc, char *argv[]) +@@ -638,8 +636,7 @@ int main(int argc, char *argv[]) struct hapd_interfaces interfaces; int ret = 1; size_t i, j; diff --git a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch index 426ffc5148..ec84b9a4b2 100644 --- a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch +++ b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch @@ -22,7 +22,7 @@ Signed-hostap: Antonio Quartulli #include "common/defs.h" #include "common/ieee802_11_defs.h" #include "utils/list.h" -@@ -570,6 +571,9 @@ struct wpa_driver_associate_params { +@@ -587,6 +588,9 @@ struct wpa_driver_associate_params { * responsible for selecting with which BSS to associate. */ const u8 *bssid; @@ -42,7 +42,7 @@ Signed-hostap: Antonio Quartulli #include "config.h" -@@ -1742,6 +1743,97 @@ static char * wpa_config_write_mesh_basi +@@ -1816,6 +1817,97 @@ static char * wpa_config_write_mesh_basi #endif /* CONFIG_MESH */ @@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli /* Helper macros for network block parser */ #ifdef OFFSET -@@ -1973,6 +2065,9 @@ static const struct parse_data ssid_fiel +@@ -2047,6 +2139,9 @@ static const struct parse_data ssid_fiel { INT(ap_max_inactivity) }, { INT(dtim_period) }, { INT(beacon_int) }, @@ -160,7 +160,7 @@ Signed-hostap: Antonio Quartulli #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1) -@@ -698,6 +699,9 @@ struct wpa_ssid { +@@ -711,6 +712,9 @@ struct wpa_ssid { */ void *parent_cred; @@ -172,7 +172,7 @@ Signed-hostap: Antonio Quartulli * macsec_policy - Determines the policy for MACsec secure session --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -2421,6 +2421,13 @@ static void wpas_start_assoc_cb(struct w +@@ -2510,6 +2510,13 @@ static void wpas_start_assoc_cb(struct w params.beacon_int = ssid->beacon_int; else params.beacon_int = wpa_s->conf->beacon_int; diff --git a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch index febbd14e21..459bdb944a 100644 --- a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch +++ b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch @@ -10,7 +10,7 @@ Signed-hostap: Antonio Quartulli --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -4492,7 +4492,7 @@ static int wpa_driver_nl80211_ibss(struc +@@ -4644,7 +4644,7 @@ static int wpa_driver_nl80211_ibss(struc struct wpa_driver_associate_params *params) { struct nl_msg *msg; @@ -19,7 +19,7 @@ Signed-hostap: Antonio Quartulli int count = 0; wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); -@@ -4519,6 +4519,37 @@ retry: +@@ -4671,6 +4671,37 @@ retry: nl80211_put_beacon_int(msg, params->beacon_int)) goto fail; diff --git a/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch b/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch index aa2ac197e8..e2bd37d7a5 100644 --- a/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch +++ b/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch @@ -16,7 +16,7 @@ Signed-off-by: Antonio Quartulli --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -573,6 +573,8 @@ struct wpa_driver_associate_params { +@@ -590,6 +590,8 @@ struct wpa_driver_associate_params { unsigned char rates[NL80211_MAX_SUPP_RATES]; int mcast_rate; @@ -27,7 +27,7 @@ Signed-off-by: Antonio Quartulli * bssid_hint - BSSID of a proposed AP --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -4550,6 +4550,22 @@ retry: +@@ -4702,6 +4702,22 @@ retry: nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate); } @@ -52,7 +52,7 @@ Signed-off-by: Antonio Quartulli goto fail; --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c -@@ -1774,6 +1774,71 @@ static char * wpa_config_write_mcast_rat +@@ -1848,6 +1848,71 @@ static char * wpa_config_write_mcast_rat } #endif /* NO_CONFIG_WRITE */ @@ -124,7 +124,7 @@ Signed-off-by: Antonio Quartulli static int wpa_config_parse_rates(const struct parse_data *data, struct wpa_ssid *ssid, int line, const char *value) -@@ -2068,6 +2133,7 @@ static const struct parse_data ssid_fiel +@@ -2142,6 +2207,7 @@ static const struct parse_data ssid_fiel { INT_RANGE(fixed_freq, 0, 1) }, { FUNC(rates) }, { FUNC(mcast_rate) }, @@ -134,7 +134,7 @@ Signed-off-by: Antonio Quartulli #endif /* CONFIG_MACSEC */ --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h -@@ -701,6 +701,8 @@ struct wpa_ssid { +@@ -714,6 +714,8 @@ struct wpa_ssid { unsigned char rates[NL80211_MAX_SUPP_RATES]; double mcast_rate; @@ -145,7 +145,7 @@ Signed-off-by: Antonio Quartulli /** --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -2428,6 +2428,8 @@ static void wpas_start_assoc_cb(struct w +@@ -2517,6 +2517,8 @@ static void wpas_start_assoc_cb(struct w i++; } params.mcast_rate = ssid->mcast_rate; diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch index 081b9588b3..55da4b678d 100644 --- a/package/network/services/hostapd/patches/600-ubus_support.patch +++ b/package/network/services/hostapd/patches/600-ubus_support.patch @@ -22,7 +22,7 @@ struct wpa_ctrl_dst; struct radius_server_data; -@@ -117,6 +118,7 @@ struct hostapd_data { +@@ -118,6 +119,7 @@ struct hostapd_data { struct hostapd_iface *iface; struct hostapd_config *iconf; struct hostapd_bss_config *conf; @@ -30,7 +30,7 @@ int interface_added; /* virtual interface added for this BSS */ unsigned int started:1; unsigned int disabled:1; -@@ -322,6 +324,8 @@ struct hostapd_iface { +@@ -323,6 +325,8 @@ struct hostapd_iface { struct hostapd_config *conf; char phy[16]; /* Name of the PHY (radio) */ @@ -661,7 +661,7 @@ +#endif --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -282,6 +282,7 @@ static void hostapd_free_hapd_data(struc +@@ -284,6 +284,7 @@ static void hostapd_free_hapd_data(struc hapd->started = 0; wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface); @@ -669,7 +669,7 @@ iapp_deinit(hapd->iapp); hapd->iapp = NULL; accounting_deinit(hapd); -@@ -1137,6 +1138,8 @@ static int hostapd_setup_bss(struct host +@@ -1139,6 +1140,8 @@ static int hostapd_setup_bss(struct host if (hapd->driver && hapd->driver->set_operstate) hapd->driver->set_operstate(hapd->drv_priv, 1); @@ -678,7 +678,7 @@ return 0; } -@@ -1662,6 +1665,7 @@ static int hostapd_setup_interface_compl +@@ -1664,6 +1667,7 @@ static int hostapd_setup_interface_compl if (err) goto fail; @@ -686,7 +686,7 @@ wpa_printf(MSG_DEBUG, "Completing interface initialization"); if (iface->conf->channel) { #ifdef NEED_AP_MLME -@@ -1842,6 +1846,7 @@ dfs_offload: +@@ -1844,6 +1848,7 @@ dfs_offload: fail: wpa_printf(MSG_ERROR, "Interface initialization failed"); @@ -694,7 +694,7 @@ hostapd_set_state(iface, HAPD_IFACE_DISABLED); wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED); #ifdef CONFIG_FST -@@ -2268,6 +2273,7 @@ void hostapd_interface_deinit_free(struc +@@ -2277,6 +2282,7 @@ void hostapd_interface_deinit_free(struc (unsigned int) iface->conf->num_bss); driver = iface->bss[0]->driver; drv_priv = iface->bss[0]->drv_priv; @@ -704,7 +704,7 @@ __func__, driver, drv_priv); --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c -@@ -929,7 +929,8 @@ int auth_sae_init_committed(struct hosta +@@ -980,7 +980,8 @@ int auth_sae_init_committed(struct hosta static void handle_auth(struct hostapd_data *hapd, @@ -714,7 +714,7 @@ { u16 auth_alg, auth_transaction, status_code; u16 resp = WLAN_STATUS_SUCCESS; -@@ -945,6 +946,11 @@ static void handle_auth(struct hostapd_d +@@ -996,6 +997,11 @@ static void handle_auth(struct hostapd_d char *identity = NULL; char *radius_cui = NULL; u16 seq_ctrl; @@ -726,7 +726,7 @@ os_memset(&vlan_id, 0, sizeof(vlan_id)); -@@ -1098,6 +1104,14 @@ static void handle_auth(struct hostapd_d +@@ -1149,6 +1155,14 @@ static void handle_auth(struct hostapd_d resp = WLAN_STATUS_UNSPECIFIED_FAILURE; goto fail; } @@ -741,7 +741,7 @@ if (res == HOSTAPD_ACL_PENDING) { wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR " waiting for an external authentication", -@@ -1982,13 +1996,18 @@ static u16 send_assoc_resp(struct hostap +@@ -2033,13 +2047,18 @@ static u16 send_assoc_resp(struct hostap static void handle_assoc(struct hostapd_data *hapd, const struct ieee80211_mgmt *mgmt, size_t len, @@ -761,7 +761,7 @@ if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : sizeof(mgmt->u.assoc_req))) { -@@ -2108,6 +2127,13 @@ static void handle_assoc(struct hostapd_ +@@ -2159,6 +2178,13 @@ static void handle_assoc(struct hostapd_ } #endif /* CONFIG_MBO */ @@ -775,7 +775,7 @@ /* * sta->capability is used in check_assoc_ies() for RRM enabled * capability element. -@@ -2588,7 +2614,7 @@ int ieee802_11_mgmt(struct hostapd_data +@@ -2639,7 +2665,7 @@ int ieee802_11_mgmt(struct hostapd_data if (stype == WLAN_FC_STYPE_PROBE_REQ) { @@ -784,7 +784,7 @@ return 1; } -@@ -2606,17 +2632,17 @@ int ieee802_11_mgmt(struct hostapd_data +@@ -2657,17 +2683,17 @@ int ieee802_11_mgmt(struct hostapd_data switch (stype) { case WLAN_FC_STYPE_AUTH: wpa_printf(MSG_DEBUG, "mgmt::auth"); diff --git a/package/network/services/hostapd/patches/700-make-make-work.patch b/package/network/services/hostapd/patches/700-make-make-work.patch deleted file mode 100644 index 643061ab5b..0000000000 --- a/package/network/services/hostapd/patches/700-make-make-work.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/hostapd/Makefile -+++ b/hostapd/Makefile -@@ -196,7 +196,8 @@ endif - - ifdef CONFIG_NO_VLAN - CFLAGS += -DCONFIG_NO_VLAN --else -+endif -+ifneq ($(findstring CONFIG_NO_VLAN,$(CFLAGS)), CONFIG_NO_VLAN) - OBJS += ../src/ap/vlan_init.o - OBJS += ../src/ap/vlan_ifconfig.o - OBJS += ../src/ap/vlan.o From a1524efd13c52797d0f7492b9835a91598c073dd Mon Sep 17 00:00:00 2001 From: Zoltan HERPAI Date: Mon, 16 Oct 2017 14:38:45 +0200 Subject: [PATCH 9/9] CC: hostapd: fix WPA packet number reuse with replayed messages and key reinstallation Fixes: - CERT case ID: VU#228519 - CVE-2017-13077 - CVE-2017-13078 - CVE-2017-13079 - CVE-2017-13080 - CVE-2017-13081 - CVE-2017-13082 - CVE-2017-13086 - CVE-2017-13087 - CVE-2017-13088 For more information, please refer to: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt Signed-off-by: Zoltan HERPAI --- ...d-key-reinstallation-in-FT-handshake.patch | 174 ++++++++++++ ...lation-of-an-already-in-use-group-ke.patch | 250 ++++++++++++++++++ ...n-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 +++++++++++++ ...event-installation-of-an-all-zero-TK.patch | 79 ++++++ ...TK-rekeying-to-generate-a-new-ANonce.patch | 64 +++++ ...6-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 +++++++++ ...leep-Mode-Response-without-pending-r.patch | 43 +++ ...multiple-Reassociation-Response-fram.patch | 82 ++++++ 8 files changed, 1008 insertions(+) create mode 100644 package/network/services/hostapd/patches/901-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch create mode 100644 package/network/services/hostapd/patches/902-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch create mode 100644 package/network/services/hostapd/patches/903-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch create mode 100644 package/network/services/hostapd/patches/904-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch create mode 100644 package/network/services/hostapd/patches/905-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch create mode 100644 package/network/services/hostapd/patches/906-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch create mode 100644 package/network/services/hostapd/patches/907-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch create mode 100644 package/network/services/hostapd/patches/908-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch diff --git a/package/network/services/hostapd/patches/901-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/package/network/services/hostapd/patches/901-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch new file mode 100644 index 0000000000..727684865d --- /dev/null +++ b/package/network/services/hostapd/patches/901-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +++++++++++++--- + src/ap/wpa_auth.c | 11 +++++++++++ + src/ap/wpa_auth.h | 3 ++- + src/ap/wpa_auth_ft.c | 10 ++++++++++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* + * Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, + * FT-over-the-DS, where a station re-associates back to the same AP but + * skips the authentication flow, or if working with a driver that + * does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. + */ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, + sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, + sta->flags | WLAN_STA_ASSOC, sta->qosinfo, + sta->vht_opmode, sta->p2p_ie ? 1 : 0, +- sta->added_unassoc)) { ++ set)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, + "Could not %s STA to kernel driver", +- sta->added_unassoc ? "set" : "add"); ++ set ? "set" : "add"); + + if (sta->added_unassoc) { + hostapd_drv_sta_remove(hapd, sta->addr); +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 3587086..707971d 100644 +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) + #else /* CONFIG_IEEE80211R */ + break; + #endif /* CONFIG_IEEE80211R */ ++ case WPA_DRV_STA_REMOVED: ++ sm->tk_already_set = FALSE; ++ return 0; + } + + #ifdef CONFIG_IEEE80211R +@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) + } + + ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) ++{ ++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) ++ return 0; ++ return sm->tk_already_set; ++} ++ ++ + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry) + { +diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h +index 0de8d97..97461b0 100644 +--- a/src/ap/wpa_auth.h ++++ b/src/ap/wpa_auth.h +@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, + u8 *data, size_t data_len); + enum wpa_event { + WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, +- WPA_REAUTH_EAPOL, WPA_ASSOC_FT ++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED + }; + void wpa_remove_ptk(struct wpa_state_machine *sm); + int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); +@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm); + int wpa_auth_get_pairwise(struct wpa_state_machine *sm); + int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); + int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry); + struct rsn_pmksa_cache_entry * +diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c +index 42242a5..e63b99a 100644 +--- a/src/ap/wpa_auth_ft.c ++++ b/src/ap/wpa_auth_ft.c +@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) + return; + } + ++ if (sm->tk_already_set) { ++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX ++ * PN in the driver */ ++ wpa_printf(MSG_DEBUG, ++ "FT: Do not re-install same PTK to the driver"); ++ return; ++ } ++ + /* FIX: add STA entry to kernel/driver here? The set_key will fail + * most likely without this.. At the moment, STA entry is added only + * after association has been completed. This function will be called +@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) + + /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ + sm->pairwise_set = TRUE; ++ sm->tk_already_set = TRUE; + } + + +@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, + + sm->pairwise = pairwise; + sm->PTK_valid = TRUE; ++ sm->tk_already_set = FALSE; + wpa_ft_install_ptk(sm); + + buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + +diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h +index 72b7eb3..7fd8f05 100644 +--- a/src/ap/wpa_auth_i.h ++++ b/src/ap/wpa_auth_i.h +@@ -65,6 +65,7 @@ struct wpa_state_machine { + struct wpa_ptk PTK; + Boolean PTK_valid; + Boolean pairwise_set; ++ Boolean tk_already_set; + int keycount; + Boolean Pair; + struct wpa_key_replay_counter { +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/902-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/package/network/services/hostapd/patches/902-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch new file mode 100644 index 0000000000..1802d664ad --- /dev/null +++ b/package/network/services/hostapd/patches/902-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch @@ -0,0 +1,250 @@ +From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Wed, 12 Jul 2017 16:03:24 +0200 +Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key + +Track the current GTK and IGTK that is in use and when receiving a +(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do +not install the given key if it is already in use. This prevents an +attacker from trying to trick the client into resetting or lowering the +sequence counter associated to the group key. + +Signed-off-by: Mathy Vanhoef +--- + src/common/wpa_common.h | 11 +++++ + src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------ + src/rsn_supp/wpa_i.h | 4 ++ + 3 files changed, 87 insertions(+), 44 deletions(-) + +diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h +index af1d0f0..d200285 100644 +--- a/src/common/wpa_common.h ++++ b/src/common/wpa_common.h +@@ -217,6 +217,17 @@ struct wpa_ptk { + size_t tk_len; + }; + ++struct wpa_gtk { ++ u8 gtk[WPA_GTK_MAX_LEN]; ++ size_t gtk_len; ++}; ++ ++#ifdef CONFIG_IEEE80211W ++struct wpa_igtk { ++ u8 igtk[WPA_IGTK_MAX_LEN]; ++ size_t igtk_len; ++}; ++#endif /* CONFIG_IEEE80211W */ + + /* WPA IE version 1 + * 00-50-f2:1 (OUI:OUI type) +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 3c47879..95bd7be 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + const u8 *_gtk = gd->gtk; + u8 gtk_buf[32]; + ++ /* Detect possible key reinstallation */ ++ if (sm->gtk.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", ++ gd->keyidx, gd->tx, gd->gtk_len); ++ return 0; ++ } ++ + wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", +@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + } + os_memset(gtk_buf, 0, sizeof(gtk_buf)); + ++ sm->gtk.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ + return 0; + } + +@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, + } + + ++#ifdef CONFIG_IEEE80211W ++static int wpa_supplicant_install_igtk(struct wpa_sm *sm, ++ const struct wpa_igtk_kde *igtk) ++{ ++ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); ++ u16 keyidx = WPA_GET_LE16(igtk->keyid); ++ ++ /* Detect possible key reinstallation */ ++ if (sm->igtk.igtk_len == len && ++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", ++ keyidx); ++ return 0; ++ } ++ ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", ++ keyidx, MAC2STR(igtk->pn)); ++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); ++ if (keyidx > 4095) { ++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ++ "WPA: Invalid IGTK KeyID %d", keyidx); ++ return -1; ++ } ++ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), ++ broadcast_ether_addr, ++ keyidx, 0, igtk->pn, sizeof(igtk->pn), ++ igtk->igtk, len) < 0) { ++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ++ "WPA: Failed to configure IGTK to the driver"); ++ return -1; ++ } ++ ++ sm->igtk.igtk_len = len; ++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ ++ return 0; ++} ++#endif /* CONFIG_IEEE80211W */ ++ ++ + static int ieee80211w_set_keys(struct wpa_sm *sm, + struct wpa_eapol_ie_parse *ie) + { +@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, + if (ie->igtk) { + size_t len; + const struct wpa_igtk_kde *igtk; +- u16 keyidx; ++ + len = wpa_cipher_key_len(sm->mgmt_group_cipher); + if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) + return -1; ++ + igtk = (const struct wpa_igtk_kde *) ie->igtk; +- keyidx = WPA_GET_LE16(igtk->keyid); +- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " +- "pn %02x%02x%02x%02x%02x%02x", +- keyidx, MAC2STR(igtk->pn)); +- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", +- igtk->igtk, len); +- if (keyidx > 4095) { +- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, +- "WPA: Invalid IGTK KeyID %d", keyidx); +- return -1; +- } +- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), +- broadcast_ether_addr, +- keyidx, 0, igtk->pn, sizeof(igtk->pn), +- igtk->igtk, len) < 0) { +- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, +- "WPA: Failed to configure IGTK to the driver"); ++ if (wpa_supplicant_install_igtk(sm, igtk) < 0) + return -1; +- } + } + + return 0; +@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) + */ + void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + { +- int clear_ptk = 1; ++ int clear_keys = 1; + + if (sm == NULL) + return; +@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + /* Prepare for the next transition */ + wpa_ft_prepare_auth_request(sm, NULL); + +- clear_ptk = 0; ++ clear_keys = 0; + } + #endif /* CONFIG_IEEE80211R */ + +- if (clear_ptk) { ++ if (clear_keys) { + /* + * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if + * this is not part of a Fast BSS Transition. +@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + sm->tptk_set = 0; + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); ++ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++#ifdef CONFIG_IEEE80211W ++ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++#endif /* CONFIG_IEEE80211W */ + } + + #ifdef CONFIG_TDLS +@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) + os_memset(sm->pmk, 0, sizeof(sm->pmk)); + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); ++ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++#ifdef CONFIG_IEEE80211W ++ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++#endif /* CONFIG_IEEE80211W */ + #ifdef CONFIG_IEEE80211R + os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); + os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); +@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) + os_memset(&gd, 0, sizeof(gd)); + #ifdef CONFIG_IEEE80211W + } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { +- struct wpa_igtk_kde igd; +- u16 keyidx; +- +- os_memset(&igd, 0, sizeof(igd)); +- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); +- os_memcpy(igd.keyid, buf + 2, 2); +- os_memcpy(igd.pn, buf + 4, 6); +- +- keyidx = WPA_GET_LE16(igd.keyid); +- os_memcpy(igd.igtk, buf + 10, keylen); +- +- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", +- igd.igtk, keylen); +- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), +- broadcast_ether_addr, +- keyidx, 0, igd.pn, sizeof(igd.pn), +- igd.igtk, keylen) < 0) { +- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " +- "WNM mode"); +- os_memset(&igd, 0, sizeof(igd)); ++ const struct wpa_igtk_kde *igtk; ++ ++ igtk = (const struct wpa_igtk_kde *) (buf + 2); ++ if (wpa_supplicant_install_igtk(sm, igtk) < 0) + return -1; +- } +- os_memset(&igd, 0, sizeof(igd)); + #endif /* CONFIG_IEEE80211W */ + } else { + wpa_printf(MSG_DEBUG, "Unknown element id"); +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index f653ba6..afc9e37 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -31,6 +31,10 @@ struct wpa_sm { + u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; + int rx_replay_counter_set; + u8 request_counter[WPA_REPLAY_COUNTER_LEN]; ++ struct wpa_gtk gtk; ++#ifdef CONFIG_IEEE80211W ++ struct wpa_igtk igtk; ++#endif /* CONFIG_IEEE80211W */ + + struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ + +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/903-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/package/network/services/hostapd/patches/903-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch new file mode 100644 index 0000000000..e2937b851a --- /dev/null +++ b/package/network/services/hostapd/patches/903-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch @@ -0,0 +1,184 @@ +From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Sun, 1 Oct 2017 12:12:24 +0300 +Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep + Mode cases + +This extends the protection to track last configured GTK/IGTK value +separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a +corner case where these two different mechanisms may get used when the +GTK/IGTK has changed and tracking a single value is not sufficient to +detect a possible key reconfiguration. + +Signed-off-by: Jouni Malinen +--- + src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++--------------- + src/rsn_supp/wpa_i.h | 2 ++ + 2 files changed, 40 insertions(+), 15 deletions(-) + +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 95bd7be..7a2c68d 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -709,14 +709,17 @@ struct wpa_gtk_data { + + static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + const struct wpa_gtk_data *gd, +- const u8 *key_rsc) ++ const u8 *key_rsc, int wnm_sleep) + { + const u8 *_gtk = gd->gtk; + u8 gtk_buf[32]; + + /* Detect possible key reinstallation */ +- if (sm->gtk.gtk_len == (size_t) gd->gtk_len && +- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { ++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || ++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, ++ sm->gtk_wnm_sleep.gtk_len) == 0)) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", + gd->keyidx, gd->tx, gd->gtk_len); +@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + } + os_memset(gtk_buf, 0, sizeof(gtk_buf)); + +- sm->gtk.gtk_len = gd->gtk_len; +- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ if (wnm_sleep) { ++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, ++ sm->gtk_wnm_sleep.gtk_len); ++ } else { ++ sm->gtk.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ } + + return 0; + } +@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, + (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, + gtk_len, gtk_len, + &gd.key_rsc_len, &gd.alg) || +- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { ++ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "RSN: Failed to install GTK"); + os_memset(&gd, 0, sizeof(gd)); +@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, + + #ifdef CONFIG_IEEE80211W + static int wpa_supplicant_install_igtk(struct wpa_sm *sm, +- const struct wpa_igtk_kde *igtk) ++ const struct wpa_igtk_kde *igtk, ++ int wnm_sleep) + { + size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); + u16 keyidx = WPA_GET_LE16(igtk->keyid); + + /* Detect possible key reinstallation */ +- if (sm->igtk.igtk_len == len && +- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { ++ if ((sm->igtk.igtk_len == len && ++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || ++ (sm->igtk_wnm_sleep.igtk_len == len && ++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, ++ sm->igtk_wnm_sleep.igtk_len) == 0)) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", + keyidx); +@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm, + return -1; + } + +- sm->igtk.igtk_len = len; +- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ if (wnm_sleep) { ++ sm->igtk_wnm_sleep.igtk_len = len; ++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, ++ sm->igtk_wnm_sleep.igtk_len); ++ } else { ++ sm->igtk.igtk_len = len; ++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ } + + return 0; + } +@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, + return -1; + + igtk = (const struct wpa_igtk_kde *) ie->igtk; +- if (wpa_supplicant_install_igtk(sm, igtk) < 0) ++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) + return -1; + } + +@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, + if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) + key_rsc = null_rsc; + +- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || ++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || + wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) + goto failed; + os_memset(&gd, 0, sizeof(gd)); +@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + sm->tptk_set = 0; + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); + #ifdef CONFIG_IEEE80211W + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); + #endif /* CONFIG_IEEE80211W */ + } + +@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); + #ifdef CONFIG_IEEE80211W + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); + #endif /* CONFIG_IEEE80211W */ + #ifdef CONFIG_IEEE80211R + os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); +@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) + + wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", + gd.gtk, gd.gtk_len); +- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { ++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { + os_memset(&gd, 0, sizeof(gd)); + wpa_printf(MSG_DEBUG, "Failed to install the GTK in " + "WNM mode"); +@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) + const struct wpa_igtk_kde *igtk; + + igtk = (const struct wpa_igtk_kde *) (buf + 2); +- if (wpa_supplicant_install_igtk(sm, igtk) < 0) ++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) + return -1; + #endif /* CONFIG_IEEE80211W */ + } else { +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index afc9e37..9a54631 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -32,8 +32,10 @@ struct wpa_sm { + int rx_replay_counter_set; + u8 request_counter[WPA_REPLAY_COUNTER_LEN]; + struct wpa_gtk gtk; ++ struct wpa_gtk gtk_wnm_sleep; + #ifdef CONFIG_IEEE80211W + struct wpa_igtk igtk; ++ struct wpa_igtk igtk_wnm_sleep; + #endif /* CONFIG_IEEE80211W */ + + struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/904-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch b/package/network/services/hostapd/patches/904-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch new file mode 100644 index 0000000000..22ee217947 --- /dev/null +++ b/package/network/services/hostapd/patches/904-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch @@ -0,0 +1,79 @@ +From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 29 Sep 2017 04:22:51 +0200 +Subject: [PATCH 4/8] Prevent installation of an all-zero TK + +Properly track whether a PTK has already been installed to the driver +and the TK part cleared from memory. This prevents an attacker from +trying to trick the client into installing an all-zero TK. + +This fixes the earlier fix in commit +ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the +driver in EAPOL-Key 3/4 retry case') which did not take into account +possibility of an extra message 1/4 showing up between retries of +message 3/4. + +Signed-off-by: Mathy Vanhoef +--- + src/common/wpa_common.h | 1 + + src/rsn_supp/wpa.c | 5 ++--- + src/rsn_supp/wpa_i.h | 1 - + 3 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h +index d200285..1021ccb 100644 +--- a/src/common/wpa_common.h ++++ b/src/common/wpa_common.h +@@ -215,6 +215,7 @@ struct wpa_ptk { + size_t kck_len; + size_t kek_len; + size_t tk_len; ++ int installed; /* 1 if key has already been installed to driver */ + }; + + struct wpa_gtk { +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 7a2c68d..0550a41 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, + os_memset(buf, 0, sizeof(buf)); + } + sm->tptk_set = 1; +- sm->tk_to_set = 1; + + kde = sm->assoc_wpa_ie; + kde_len = sm->assoc_wpa_ie_len; +@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, + enum wpa_alg alg; + const u8 *key_rsc; + +- if (!sm->tk_to_set) { ++ if (sm->ptk.installed) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Do not re-install same PTK to the driver"); + return 0; +@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, + + /* TK is not needed anymore in supplicant */ + os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); +- sm->tk_to_set = 0; ++ sm->ptk.installed = 1; + + if (sm->wpa_ptk_rekey) { + eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index 9a54631..41f371f 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -24,7 +24,6 @@ struct wpa_sm { + struct wpa_ptk ptk, tptk; + int ptk_set, tptk_set; + unsigned int msg_3_of_4_ok:1; +- unsigned int tk_to_set:1; + u8 snonce[WPA_NONCE_LEN]; + u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ + int renew_snonce; +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/905-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/package/network/services/hostapd/patches/905-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch new file mode 100644 index 0000000000..c19c4c7102 --- /dev/null +++ b/package/network/services/hostapd/patches/905-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch @@ -0,0 +1,64 @@ +From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Sun, 1 Oct 2017 12:32:57 +0300 +Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce + +The Authenticator state machine path for PTK rekeying ended up bypassing +the AUTHENTICATION2 state where a new ANonce is generated when going +directly to the PTKSTART state since there is no need to try to +determine the PMK again in such a case. This is far from ideal since the +new PTK would depend on a new nonce only from the supplicant. + +Fix this by generating a new ANonce when moving to the PTKSTART state +for the purpose of starting new 4-way handshake to rekey PTK. + +Signed-off-by: Jouni Malinen +--- + src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- + 1 file changed, 21 insertions(+), 3 deletions(-) + +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 707971d..bf10cc1 100644 +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) + } + + ++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) ++{ ++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { ++ wpa_printf(MSG_ERROR, ++ "WPA: Failed to get random data for ANonce"); ++ sm->Disconnect = TRUE; ++ return -1; ++ } ++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, ++ WPA_NONCE_LEN); ++ sm->TimeoutCtr = 0; ++ return 0; ++} ++ ++ + SM_STATE(WPA_PTK, INITPMK) + { + u8 msk[2 * PMK_LEN]; +@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) + SM_ENTER(WPA_PTK, AUTHENTICATION); + else if (sm->ReAuthenticationRequest) + SM_ENTER(WPA_PTK, AUTHENTICATION2); +- else if (sm->PTKRequest) +- SM_ENTER(WPA_PTK, PTKSTART); +- else switch (sm->wpa_ptk_state) { ++ else if (sm->PTKRequest) { ++ if (wpa_auth_sm_ptk_update(sm) < 0) ++ SM_ENTER(WPA_PTK, DISCONNECTED); ++ else ++ SM_ENTER(WPA_PTK, PTKSTART); ++ } else switch (sm->wpa_ptk_state) { + case WPA_PTK_INITIALIZE: + break; + case WPA_PTK_DISCONNECT: +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/906-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch b/package/network/services/hostapd/patches/906-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch new file mode 100644 index 0000000000..e1bd5a5726 --- /dev/null +++ b/package/network/services/hostapd/patches/906-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch @@ -0,0 +1,132 @@ +From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 22 Sep 2017 11:03:15 +0300 +Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration + +Do not try to reconfigure the same TPK-TK to the driver after it has +been successfully configured. This is an explicit check to avoid issues +related to resetting the TX/RX packet number. There was already a check +for this for TPK M2 (retries of that message are ignored completely), so +that behavior does not get modified. + +For TPK M3, the TPK-TK could have been reconfigured, but that was +followed by immediate teardown of the link due to an issue in updating +the STA entry. Furthermore, for TDLS with any real security (i.e., +ignoring open/WEP), the TPK message exchange is protected on the AP path +and simple replay attacks are not feasible. + +As an additional corner case, make sure the local nonce gets updated if +the peer uses a very unlikely "random nonce" of all zeros. + +Signed-off-by: Jouni Malinen +--- + src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++-- + 1 file changed, 36 insertions(+), 2 deletions(-) + +diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c +index e424168..9eb9738 100644 +--- a/src/rsn_supp/tdls.c ++++ b/src/rsn_supp/tdls.c +@@ -112,6 +112,7 @@ struct wpa_tdls_peer { + u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ + } tpk; + int tpk_set; ++ int tk_set; /* TPK-TK configured to the driver */ + int tpk_success; + int tpk_in_progress; + +@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) + u8 rsc[6]; + enum wpa_alg alg; + ++ if (peer->tk_set) { ++ /* ++ * This same TPK-TK has already been configured to the driver ++ * and this new configuration attempt (likely due to an ++ * unexpected retransmitted frame) would result in clearing ++ * the TX/RX sequence number which can break security, so must ++ * not allow that to happen. ++ */ ++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR ++ " has already been configured to the driver - do not reconfigure", ++ MAC2STR(peer->addr)); ++ return -1; ++ } ++ + os_memset(rsc, 0, 6); + + switch (peer->cipher) { +@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) + return -1; + } + ++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, ++ MAC2STR(peer->addr)); + if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, + rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { + wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " + "driver"); + return -1; + } ++ peer->tk_set = 1; + return 0; + } + +@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer) + peer->cipher = 0; + peer->qos_info = 0; + peer->wmm_capable = 0; +- peer->tpk_set = peer->tpk_success = 0; ++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0; + peer->chan_switch_enabled = 0; + os_memset(&peer->tpk, 0, sizeof(peer->tpk)); + os_memset(peer->inonce, 0, WPA_NONCE_LEN); +@@ -1159,6 +1177,7 @@ skip_rsnie: + wpa_tdls_peer_free(sm, peer); + return -1; + } ++ peer->tk_set = 0; /* A new nonce results in a new TK */ + wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", + peer->inonce, WPA_NONCE_LEN); + os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); +@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer, + } + + ++static int tdls_nonce_set(const u8 *nonce) ++{ ++ int i; ++ ++ for (i = 0; i < WPA_NONCE_LEN; i++) { ++ if (nonce[i]) ++ return 1; ++ } ++ ++ return 0; ++} ++ ++ + static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, + const u8 *buf, size_t len) + { +@@ -2004,7 +2036,8 @@ skip_rsn: + peer->rsnie_i_len = kde.rsn_ie_len; + peer->cipher = cipher; + +- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { ++ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || ++ !tdls_nonce_set(peer->inonce)) { + /* + * There is no point in updating the RNonce for every obtained + * TPK M1 frame (e.g., retransmission due to timeout) with the +@@ -2020,6 +2053,7 @@ skip_rsn: + "TDLS: Failed to get random data for responder nonce"); + goto error; + } ++ peer->tk_set = 0; /* A new nonce results in a new TK */ + } + + #if 0 +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/907-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch b/package/network/services/hostapd/patches/907-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch new file mode 100644 index 0000000000..85ea1d62bc --- /dev/null +++ b/package/network/services/hostapd/patches/907-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch @@ -0,0 +1,43 @@ +From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 22 Sep 2017 11:25:02 +0300 +Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending + request + +Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep +Mode Response if WNM-Sleep Mode has not been used') started ignoring the +response when no WNM-Sleep Mode Request had been used during the +association. This can be made tighter by clearing the used flag when +successfully processing a response. This adds an additional layer of +protection against unexpected retransmissions of the response frame. + +Signed-off-by: Jouni Malinen +--- + wpa_supplicant/wnm_sta.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c +index 1b3409c..67a07ff 100644 +--- a/wpa_supplicant/wnm_sta.c ++++ b/wpa_supplicant/wnm_sta.c +@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, + + if (!wpa_s->wnmsleep_used) { + wpa_printf(MSG_DEBUG, +- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association"); ++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); + return; + } + +@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, + return; + } + ++ wpa_s->wnmsleep_used = 0; ++ + if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || + wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { + wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/908-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/package/network/services/hostapd/patches/908-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch new file mode 100644 index 0000000000..b9678f6815 --- /dev/null +++ b/package/network/services/hostapd/patches/908-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch @@ -0,0 +1,82 @@ +From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 22 Sep 2017 12:06:37 +0300 +Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames + +The driver is expected to not report a second association event without +the station having explicitly request a new association. As such, this +case should not be reachable. However, since reconfiguring the same +pairwise or group keys to the driver could result in nonce reuse issues, +be extra careful here and do an additional state check to avoid this +even if the local driver ends up somehow accepting an unexpected +Reassociation Response frame. + +Signed-off-by: Jouni Malinen +--- + src/rsn_supp/wpa.c | 3 +++ + src/rsn_supp/wpa_ft.c | 8 ++++++++ + src/rsn_supp/wpa_i.h | 1 + + 3 files changed, 12 insertions(+) + +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 0550a41..2a53c6f 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) + #ifdef CONFIG_TDLS + wpa_tdls_disassoc(sm); + #endif /* CONFIG_TDLS */ ++#ifdef CONFIG_IEEE80211R ++ sm->ft_reassoc_completed = 0; ++#endif /* CONFIG_IEEE80211R */ + + /* Keys are not needed in the WPA state machine anymore */ + wpa_sm_drop_sa(sm); +diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c +index 205793e..d45bb45 100644 +--- a/src/rsn_supp/wpa_ft.c ++++ b/src/rsn_supp/wpa_ft.c +@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, + u16 capab; + + sm->ft_completed = 0; ++ sm->ft_reassoc_completed = 0; + + buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + + 2 + sm->r0kh_id_len + ric_ies_len + 100; +@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, + return -1; + } + ++ if (sm->ft_reassoc_completed) { ++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); ++ return 0; ++ } ++ + if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { + wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); + return -1; +@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, + return -1; + } + ++ sm->ft_reassoc_completed = 1; ++ + if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) + return -1; + +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index 41f371f..56f88dc 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -128,6 +128,7 @@ struct wpa_sm { + size_t r0kh_id_len; + u8 r1kh_id[FT_R1KH_ID_LEN]; + int ft_completed; ++ int ft_reassoc_completed; + int over_the_ds_in_progress; + u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ + int set_ptk_after_assoc; +-- +2.7.4 +