openwrt/package/network/services/hostapd/patches/004-mesh-use-setup-completion-callback-to-complete-mesh-.patch
Petr Štetiar df6a33a8d4 hostapd: update to latest Git hostap_2_9-1331-g5a8b366233f5
Bump to latest Git and refresh all patches in order to get fix for "UPnP
SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695).

 General security vulnerability in the way the callback URLs in the UPnP
 SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
 Some of the described issues may be applicable to the use of UPnP in WPS
 AP mode functionality for supporting external registrars.

Ref: https://w1.fi/security/2020-1/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-09 16:59:33 +02:00

125 lines
3.9 KiB
Diff

From c05ace7510ead96e72b97ce47b33f7b5865d6d36 Mon Sep 17 00:00:00 2001
From: Peter Oh <peter.oh@bowerswilkins.com>
Date: Mon, 27 Aug 2018 14:28:38 -0700
Subject: [PATCH 1/7] mesh: use setup completion callback to complete mesh join
mesh join function is the last function to be called during
mesh join process, but it's been called a bit earlier than
it's supposed to be, so that some mesh parameter values
such as VHT capabilities not applied correct when mesh join
is in process.
Moreover current design of mesh join that is called directly
after mesh initialization isn't suitable for DFS channels to use,
since mesh join process should be paused until DFS CAC is
done and resumed after it's done.
The callback will be called by hostapd_setup_interface_complete_sync.
There is possiblity that completing mesh init fails, so add error
handle codes.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
---
src/ap/hostapd.c | 11 ++++++++++-
wpa_supplicant/mesh.c | 13 +++++++------
2 files changed, 17 insertions(+), 7 deletions(-)
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -434,6 +434,8 @@ static void hostapd_free_hapd_data(struc
#ifdef CONFIG_MESH
wpabuf_free(hapd->mesh_pending_auth);
hapd->mesh_pending_auth = NULL;
+ /* handling setup failure is already done */
+ hapd->setup_complete_cb = NULL;
#endif /* CONFIG_MESH */
hostapd_clean_rrm(hapd);
@@ -2156,6 +2158,13 @@ dfs_offload:
if (hapd->setup_complete_cb)
hapd->setup_complete_cb(hapd->setup_complete_cb_ctx);
+#ifdef CONFIG_MESH
+ if (delay_apply_cfg && !iface->mconf) {
+ wpa_printf(MSG_ERROR, "Error while completing mesh init");
+ goto fail;
+ }
+#endif /* CONFIG_MESH */
+
wpa_printf(MSG_DEBUG, "%s: Setup of interface done.",
iface->bss[0]->conf->iface);
if (iface->interfaces && iface->interfaces->terminate_on_error > 0)
@@ -2299,7 +2308,7 @@ int hostapd_setup_interface(struct hosta
ret = setup_interface(iface);
if (ret) {
wpa_printf(MSG_ERROR, "%s: Unable to setup interface.",
- iface->bss[0]->conf->iface);
+ iface->conf ? iface->conf->bss[0]->iface : "N/A");
return -1;
}
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -194,8 +194,9 @@ static int wpas_mesh_init_rsn(struct wpa
}
-static int wpas_mesh_complete(struct wpa_supplicant *wpa_s)
+static void wpas_mesh_complete_cb(void *ctx)
{
+ struct wpa_supplicant *wpa_s = ctx;
struct hostapd_iface *ifmsh = wpa_s->ifmsh;
struct wpa_driver_mesh_join_params *params = wpa_s->mesh_params;
struct wpa_ssid *ssid = wpa_s->current_ssid;
@@ -204,7 +205,7 @@ static int wpas_mesh_complete(struct wpa
if (!params || !ssid || !ifmsh) {
wpa_printf(MSG_ERROR, "mesh: %s called without active mesh",
__func__);
- return -1;
+ return;
}
if (ifmsh->mconf->security != MESH_CONF_SEC_NONE &&
@@ -213,7 +214,7 @@ static int wpas_mesh_complete(struct wpa
"mesh: RSN initialization failed - deinit mesh");
wpa_supplicant_mesh_deinit(wpa_s);
wpa_drv_leave_mesh(wpa_s);
- return -1;
+ return;
}
if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
@@ -239,8 +240,6 @@ static int wpas_mesh_complete(struct wpa
if (!ret)
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-
- return ret;
}
@@ -267,6 +266,7 @@ static int wpa_supplicant_mesh_init(stru
if (!ifmsh)
return -ENOMEM;
+ ifmsh->owner = wpa_s;
ifmsh->drv_flags = wpa_s->drv_flags;
ifmsh->drv_flags2 = wpa_s->drv_flags2;
ifmsh->num_bss = 1;
@@ -285,6 +285,8 @@ static int wpa_supplicant_mesh_init(stru
bss->drv_priv = wpa_s->drv_priv;
bss->iface = ifmsh;
bss->mesh_sta_free_cb = mesh_mpm_free_sta;
+ bss->setup_complete_cb = wpas_mesh_complete_cb;
+ bss->setup_complete_cb_ctx = wpa_s;
frequency = ssid->frequency;
if (frequency != freq->freq &&
frequency == freq->freq + freq->sec_channel_offset * 20) {
@@ -526,7 +528,6 @@ int wpa_supplicant_join_mesh(struct wpa_
goto out;
}
- ret = wpas_mesh_complete(wpa_s);
out:
return ret;
}