mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-07 06:18:54 +00:00
df6a33a8d4
Bump to latest Git and refresh all patches in order to get fix for "UPnP SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695). General security vulnerability in the way the callback URLs in the UPnP SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695). Some of the described issues may be applicable to the use of UPnP in WPS AP mode functionality for supporting external registrars. Ref: https://w1.fi/security/2020-1/ Signed-off-by: Petr Štetiar <ynezz@true.cz>
59 lines
1.8 KiB
Diff
59 lines
1.8 KiB
Diff
--- a/hostapd/config_file.c
|
|
+++ b/hostapd/config_file.c
|
|
@@ -3493,6 +3493,10 @@ static int hostapd_config_fill(struct ho
|
|
if (bss->ocv && !bss->ieee80211w)
|
|
bss->ieee80211w = 1;
|
|
#endif /* CONFIG_OCV */
|
|
+ } else if (os_strcmp(buf, "noscan") == 0) {
|
|
+ conf->noscan = atoi(pos);
|
|
+ } else if (os_strcmp(buf, "ht_coex") == 0) {
|
|
+ conf->no_ht_coex = !atoi(pos);
|
|
} else if (os_strcmp(buf, "ieee80211n") == 0) {
|
|
conf->ieee80211n = atoi(pos);
|
|
} else if (os_strcmp(buf, "ht_capab") == 0) {
|
|
--- a/src/ap/ap_config.h
|
|
+++ b/src/ap/ap_config.h
|
|
@@ -984,6 +984,8 @@ struct hostapd_config {
|
|
|
|
int ht_op_mode_fixed;
|
|
u16 ht_capab;
|
|
+ int noscan;
|
|
+ int no_ht_coex;
|
|
int ieee80211n;
|
|
int secondary_channel;
|
|
int no_pri_sec_switch;
|
|
--- a/src/ap/hw_features.c
|
|
+++ b/src/ap/hw_features.c
|
|
@@ -500,7 +500,8 @@ static int ieee80211n_check_40mhz(struct
|
|
int ret;
|
|
|
|
/* Check that HT40 is used and PRI / SEC switch is allowed */
|
|
- if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch)
|
|
+ if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch ||
|
|
+ iface->conf->noscan)
|
|
return 0;
|
|
|
|
hostapd_set_state(iface, HAPD_IFACE_HT_SCAN);
|
|
--- a/src/ap/ieee802_11_ht.c
|
|
+++ b/src/ap/ieee802_11_ht.c
|
|
@@ -230,6 +230,9 @@ void hostapd_2040_coex_action(struct hos
|
|
return;
|
|
}
|
|
|
|
+ if (iface->conf->noscan || iface->conf->no_ht_coex)
|
|
+ return;
|
|
+
|
|
if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) {
|
|
wpa_printf(MSG_DEBUG,
|
|
"Ignore too short 20/40 BSS Coexistence Management frame");
|
|
@@ -390,6 +393,9 @@ void ht40_intolerant_add(struct hostapd_
|
|
if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
|
|
return;
|
|
|
|
+ if (iface->conf->noscan || iface->conf->no_ht_coex)
|
|
+ return;
|
|
+
|
|
wpa_printf(MSG_INFO, "HT: Forty MHz Intolerant is set by STA " MACSTR
|
|
" in Association Request", MAC2STR(sta->addr));
|
|
|