mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-01 11:36:49 +00:00
26c0bec13b
This fixes
* CVE-2019-16275 AP mode PMF disconnection protection bypass
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a6981604b3
)
356 lines
10 KiB
Diff
356 lines
10 KiB
Diff
--- a/hostapd/Makefile
|
|
+++ b/hostapd/Makefile
|
|
@@ -28,6 +28,7 @@ CFLAGS += -I$(abspath ../src/utils)
|
|
export BINDIR ?= /usr/local/bin/
|
|
|
|
-include .config
|
|
+-include $(if $(MULTICALL), ../wpa_supplicant/.config)
|
|
|
|
ifndef CONFIG_NO_GITVER
|
|
# Add VERSION_STR postfix for builds from a git repository
|
|
@@ -198,7 +199,8 @@ endif
|
|
|
|
ifdef CONFIG_NO_VLAN
|
|
CFLAGS += -DCONFIG_NO_VLAN
|
|
-else
|
|
+endif
|
|
+ifneq ($(findstring CONFIG_NO_VLAN,$(CFLAGS)), CONFIG_NO_VLAN)
|
|
OBJS += ../src/ap/vlan_init.o
|
|
OBJS += ../src/ap/vlan_ifconfig.o
|
|
OBJS += ../src/ap/vlan.o
|
|
@@ -354,10 +356,14 @@ CFLAGS += -DCONFIG_MBO
|
|
OBJS += ../src/ap/mbo_ap.o
|
|
endif
|
|
|
|
+ifndef MULTICALL
|
|
+CFLAGS += -DNO_SUPPLICANT
|
|
+endif
|
|
+
|
|
include ../src/drivers/drivers.mak
|
|
-OBJS += $(DRV_AP_OBJS)
|
|
-CFLAGS += $(DRV_AP_CFLAGS)
|
|
-LDFLAGS += $(DRV_AP_LDFLAGS)
|
|
+OBJS += $(sort $(DRV_AP_OBJS) $(if $(MULTICALL),$(DRV_WPA_OBJS)))
|
|
+CFLAGS += $(DRV_AP_CFLAGS) $(if $(MULTICALL),$(DRV_WPA_CFLAGS))
|
|
+LDFLAGS += $(DRV_AP_LDFLAGS) $(if $(MULTICALL),$(DRV_WPA_LDFLAGS))
|
|
LIBS += $(DRV_AP_LIBS)
|
|
|
|
ifdef CONFIG_L2_PACKET
|
|
@@ -1274,6 +1280,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
|
|
|
|
BCHECK=../src/drivers/build.hostapd
|
|
|
|
+hostapd_multi.a: $(BCHECK) $(OBJS)
|
|
+ $(Q)$(CC) -c -o hostapd_multi.o -Dmain=hostapd_main $(CFLAGS) main.c
|
|
+ @$(E) " CC " $<
|
|
+ @rm -f $@
|
|
+ @$(AR) cr $@ hostapd_multi.o $(OBJS)
|
|
+
|
|
hostapd: $(BCHECK) $(OBJS)
|
|
$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
|
|
@$(E) " LD " $@
|
|
@@ -1316,6 +1328,12 @@ ifeq ($(CONFIG_TLS), linux)
|
|
HOBJS += ../src/crypto/crypto_linux.o
|
|
endif
|
|
|
|
+dump_cflags:
|
|
+ @printf "%s " "$(CFLAGS)"
|
|
+
|
|
+dump_ldflags:
|
|
+ @printf "%s " "$(LDFLAGS) $(LIBS) $(EXTRALIBS)"
|
|
+
|
|
nt_password_hash: $(NOBJS)
|
|
$(Q)$(CC) $(LDFLAGS) -o nt_password_hash $(NOBJS) $(LIBS_n)
|
|
@$(E) " LD " $@
|
|
--- a/wpa_supplicant/Makefile
|
|
+++ b/wpa_supplicant/Makefile
|
|
@@ -27,6 +27,7 @@ CFLAGS += -I$(abspath ../src)
|
|
CFLAGS += -I$(abspath ../src/utils)
|
|
|
|
-include .config
|
|
+-include $(if $(MULTICALL),../hostapd/.config)
|
|
|
|
ifndef CONFIG_NO_GITVER
|
|
# Add VERSION_STR postfix for builds from a git repository
|
|
@@ -354,7 +355,9 @@ endif
|
|
ifdef CONFIG_IBSS_RSN
|
|
NEED_RSN_AUTHENTICATOR=y
|
|
CFLAGS += -DCONFIG_IBSS_RSN
|
|
+ifndef MULTICALL
|
|
CFLAGS += -DCONFIG_NO_VLAN
|
|
+endif
|
|
OBJS += ibss_rsn.o
|
|
endif
|
|
|
|
@@ -862,6 +865,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
|
|
CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
|
|
LIBS += -ldl -rdynamic
|
|
endif
|
|
+else
|
|
+ ifdef MULTICALL
|
|
+ OBJS += ../src/eap_common/eap_common.o
|
|
+ endif
|
|
endif
|
|
|
|
ifdef CONFIG_AP
|
|
@@ -869,9 +876,11 @@ NEED_EAP_COMMON=y
|
|
NEED_RSN_AUTHENTICATOR=y
|
|
CFLAGS += -DCONFIG_AP
|
|
OBJS += ap.o
|
|
+ifndef MULTICALL
|
|
CFLAGS += -DCONFIG_NO_RADIUS
|
|
CFLAGS += -DCONFIG_NO_ACCOUNTING
|
|
CFLAGS += -DCONFIG_NO_VLAN
|
|
+endif
|
|
OBJS += ../src/ap/hostapd.o
|
|
OBJS += ../src/ap/wpa_auth_glue.o
|
|
OBJS += ../src/ap/utils.o
|
|
@@ -953,6 +962,12 @@ endif
|
|
ifdef CONFIG_HS20
|
|
OBJS += ../src/ap/hs20.o
|
|
endif
|
|
+else
|
|
+ ifdef MULTICALL
|
|
+ OBJS += ../src/eap_server/eap_server.o
|
|
+ OBJS += ../src/eap_server/eap_server_identity.o
|
|
+ OBJS += ../src/eap_server/eap_server_methods.o
|
|
+ endif
|
|
endif
|
|
|
|
ifdef CONFIG_MBO
|
|
@@ -961,7 +976,9 @@ CFLAGS += -DCONFIG_MBO
|
|
endif
|
|
|
|
ifdef NEED_RSN_AUTHENTICATOR
|
|
+ifndef MULTICALL
|
|
CFLAGS += -DCONFIG_NO_RADIUS
|
|
+endif
|
|
NEED_AES_WRAP=y
|
|
OBJS += ../src/ap/wpa_auth.o
|
|
OBJS += ../src/ap/wpa_auth_ie.o
|
|
@@ -1888,6 +1905,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
|
|
|
|
$(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config
|
|
|
|
+wpa_supplicant_multi.a: .config $(BCHECK) $(OBJS) $(EXTRA_progs)
|
|
+ $(Q)$(CC) -c -o wpa_supplicant_multi.o -Dmain=wpa_supplicant_main $(CFLAGS) main.c
|
|
+ @$(E) " CC " $<
|
|
+ @rm -f $@
|
|
+ @$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
|
|
+
|
|
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
|
|
$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
|
|
@$(E) " LD " $@
|
|
@@ -1990,6 +2013,12 @@ endif
|
|
-e 's|\@DBUS_INTERFACE\@|$(DBUS_INTERFACE)|g' $< >$@
|
|
@$(E) " sed" $<
|
|
|
|
+dump_cflags:
|
|
+ @printf "%s " "$(CFLAGS)"
|
|
+
|
|
+dump_ldflags:
|
|
+ @printf "%s " "$(LDFLAGS) $(LIBS) $(EXTRALIBS)"
|
|
+
|
|
wpa_supplicant.exe: wpa_supplicant
|
|
mv -f $< $@
|
|
wpa_cli.exe: wpa_cli
|
|
--- a/src/drivers/driver.h
|
|
+++ b/src/drivers/driver.h
|
|
@@ -5476,8 +5476,8 @@ union wpa_event_data {
|
|
* Driver wrapper code should call this function whenever an event is received
|
|
* from the driver.
|
|
*/
|
|
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
|
- union wpa_event_data *data);
|
|
+extern void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
/**
|
|
* wpa_supplicant_event_global - Report a driver event for wpa_supplicant
|
|
@@ -5489,7 +5489,7 @@ void wpa_supplicant_event(void *ctx, enu
|
|
* Same as wpa_supplicant_event(), but we search for the interface in
|
|
* wpa_global.
|
|
*/
|
|
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+extern void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
|
|
union wpa_event_data *data);
|
|
|
|
/*
|
|
--- a/src/ap/drv_callbacks.c
|
|
+++ b/src/ap/drv_callbacks.c
|
|
@@ -1540,8 +1540,8 @@ static void hostapd_event_wds_sta_interf
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
|
- union wpa_event_data *data)
|
|
+void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
#ifndef CONFIG_NO_STDOUT_DEBUG
|
|
@@ -1770,7 +1770,7 @@ void wpa_supplicant_event(void *ctx, enu
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
|
|
union wpa_event_data *data)
|
|
{
|
|
struct hapd_interfaces *interfaces = ctx;
|
|
--- a/wpa_supplicant/wpa_priv.c
|
|
+++ b/wpa_supplicant/wpa_priv.c
|
|
@@ -1031,8 +1031,8 @@ static void wpa_priv_send_ft_response(st
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
|
- union wpa_event_data *data)
|
|
+static void supplicant_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data)
|
|
{
|
|
struct wpa_priv_interface *iface = ctx;
|
|
|
|
@@ -1095,7 +1095,7 @@ void wpa_supplicant_event(void *ctx, enu
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+void supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
union wpa_event_data *data)
|
|
{
|
|
struct wpa_priv_global *global = ctx;
|
|
@@ -1207,6 +1207,8 @@ int main(int argc, char *argv[])
|
|
if (os_program_init())
|
|
return -1;
|
|
|
|
+ wpa_supplicant_event = supplicant_event;
|
|
+ wpa_supplicant_event_global = supplicant_event_global;
|
|
wpa_priv_fd_workaround();
|
|
|
|
os_memset(&global, 0, sizeof(global));
|
|
--- a/wpa_supplicant/events.c
|
|
+++ b/wpa_supplicant/events.c
|
|
@@ -4026,8 +4026,8 @@ static void wpas_event_assoc_reject(stru
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
|
- union wpa_event_data *data)
|
|
+void supplicant_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data)
|
|
{
|
|
struct wpa_supplicant *wpa_s = ctx;
|
|
int resched;
|
|
@@ -4796,7 +4796,7 @@ void wpa_supplicant_event(void *ctx, enu
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+void supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
union wpa_event_data *data)
|
|
{
|
|
struct wpa_supplicant *wpa_s;
|
|
--- a/wpa_supplicant/wpa_supplicant.c
|
|
+++ b/wpa_supplicant/wpa_supplicant.c
|
|
@@ -5861,7 +5861,6 @@ struct wpa_interface * wpa_supplicant_ma
|
|
return NULL;
|
|
}
|
|
|
|
-
|
|
/**
|
|
* wpa_supplicant_match_existing - Match existing interfaces
|
|
* @global: Pointer to global data from wpa_supplicant_init()
|
|
@@ -5898,6 +5897,11 @@ static int wpa_supplicant_match_existing
|
|
|
|
#endif /* CONFIG_MATCH_IFACE */
|
|
|
|
+extern void supplicant_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+
|
|
+extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
/**
|
|
* wpa_supplicant_add_iface - Add a new network interface
|
|
@@ -6154,6 +6158,8 @@ struct wpa_global * wpa_supplicant_init(
|
|
#ifndef CONFIG_NO_WPA_MSG
|
|
wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
|
|
#endif /* CONFIG_NO_WPA_MSG */
|
|
+ wpa_supplicant_event = supplicant_event;
|
|
+ wpa_supplicant_event_global = supplicant_event_global;
|
|
|
|
if (params->wpa_debug_file_path)
|
|
wpa_debug_open_file(params->wpa_debug_file_path);
|
|
--- a/hostapd/main.c
|
|
+++ b/hostapd/main.c
|
|
@@ -591,6 +591,11 @@ fail:
|
|
return -1;
|
|
}
|
|
|
|
+void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+
|
|
+void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
#ifdef CONFIG_WPS
|
|
static int gen_uuid(const char *txt_addr)
|
|
@@ -674,6 +679,8 @@ int main(int argc, char *argv[])
|
|
hostapd_dpp_init_global(&interfaces);
|
|
#endif /* CONFIG_DPP */
|
|
|
|
+ wpa_supplicant_event = hostapd_wpa_event;
|
|
+ wpa_supplicant_event_global = hostapd_wpa_event_global;
|
|
for (;;) {
|
|
c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
|
|
if (c < 0)
|
|
--- a/src/drivers/drivers.c
|
|
+++ b/src/drivers/drivers.c
|
|
@@ -10,6 +10,10 @@
|
|
#include "utils/common.h"
|
|
#include "driver.h"
|
|
|
|
+void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
const struct wpa_driver_ops *const wpa_drivers[] =
|
|
{
|
|
--- a/wpa_supplicant/eapol_test.c
|
|
+++ b/wpa_supplicant/eapol_test.c
|
|
@@ -29,7 +29,12 @@
|
|
#include "ctrl_iface.h"
|
|
#include "pcsc_funcs.h"
|
|
#include "wpas_glue.h"
|
|
+#include "drivers/driver.h"
|
|
|
|
+void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
|
|
|
|
@@ -1295,6 +1300,10 @@ static void usage(void)
|
|
"option several times.\n");
|
|
}
|
|
|
|
+extern void supplicant_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
@@ -1315,6 +1324,8 @@ int main(int argc, char *argv[])
|
|
if (os_program_init())
|
|
return -1;
|
|
|
|
+ wpa_supplicant_event = supplicant_event;
|
|
+ wpa_supplicant_event_global = supplicant_event_global;
|
|
hostapd_logger_register_cb(hostapd_logger_cb);
|
|
|
|
os_memset(&eapol_test, 0, sizeof(eapol_test));
|