mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-23 15:32:33 +00:00
bbda81ce30
Fixes: - CERT case ID: VU#228519 - CVE-2017-13077 - CVE-2017-13078 - CVE-2017-13079 - CVE-2017-13080 - CVE-2017-13081 - CVE-2017-13082 - CVE-2017-13086 - CVE-2017-13087 - CVE-2017-13088 For more information see: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt Signed-off-by: Felix Fietkau <nbd@nbd.name>
356 lines
10 KiB
Diff
356 lines
10 KiB
Diff
--- a/hostapd/Makefile
|
|
+++ b/hostapd/Makefile
|
|
@@ -28,6 +28,7 @@ CFLAGS += -I$(abspath ../src/utils)
|
|
export BINDIR ?= /usr/local/bin/
|
|
|
|
-include .config
|
|
+-include $(if $(MULTICALL), ../wpa_supplicant/.config)
|
|
|
|
ifndef CONFIG_NO_GITVER
|
|
# Add VERSION_STR postfix for builds from a git repository
|
|
@@ -198,7 +199,8 @@ endif
|
|
|
|
ifdef CONFIG_NO_VLAN
|
|
CFLAGS += -DCONFIG_NO_VLAN
|
|
-else
|
|
+endif
|
|
+ifneq ($(findstring CONFIG_NO_VLAN,$(CFLAGS)), CONFIG_NO_VLAN)
|
|
OBJS += ../src/ap/vlan_init.o
|
|
OBJS += ../src/ap/vlan_ifconfig.o
|
|
OBJS += ../src/ap/vlan.o
|
|
@@ -354,10 +356,14 @@ CFLAGS += -DCONFIG_MBO
|
|
OBJS += ../src/ap/mbo_ap.o
|
|
endif
|
|
|
|
+ifndef MULTICALL
|
|
+CFLAGS += -DNO_SUPPLICANT
|
|
+endif
|
|
+
|
|
include ../src/drivers/drivers.mak
|
|
-OBJS += $(DRV_AP_OBJS)
|
|
-CFLAGS += $(DRV_AP_CFLAGS)
|
|
-LDFLAGS += $(DRV_AP_LDFLAGS)
|
|
+OBJS += $(sort $(DRV_AP_OBJS) $(if $(MULTICALL),$(DRV_WPA_OBJS)))
|
|
+CFLAGS += $(DRV_AP_CFLAGS) $(if $(MULTICALL),$(DRV_WPA_CFLAGS))
|
|
+LDFLAGS += $(DRV_AP_LDFLAGS) $(if $(MULTICALL),$(DRV_WPA_LDFLAGS))
|
|
LIBS += $(DRV_AP_LIBS)
|
|
|
|
ifdef CONFIG_L2_PACKET
|
|
@@ -1204,6 +1210,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
|
|
|
|
BCHECK=../src/drivers/build.hostapd
|
|
|
|
+hostapd_multi.a: $(BCHECK) $(OBJS)
|
|
+ $(Q)$(CC) -c -o hostapd_multi.o -Dmain=hostapd_main $(CFLAGS) main.c
|
|
+ @$(E) " CC " $<
|
|
+ @rm -f $@
|
|
+ @$(AR) cr $@ hostapd_multi.o $(OBJS)
|
|
+
|
|
hostapd: $(BCHECK) $(OBJS)
|
|
$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
|
|
@$(E) " LD " $@
|
|
@@ -1248,6 +1260,12 @@ ifeq ($(CONFIG_TLS), linux)
|
|
HOBJS += ../src/crypto/crypto_linux.o
|
|
endif
|
|
|
|
+dump_cflags:
|
|
+ @printf "%s " "$(CFLAGS)"
|
|
+
|
|
+dump_ldflags:
|
|
+ @printf "%s " "$(LDFLAGS) $(LIBS) $(EXTRALIBS)"
|
|
+
|
|
nt_password_hash: $(NOBJS)
|
|
$(Q)$(CC) $(LDFLAGS) -o nt_password_hash $(NOBJS) $(LIBS_n)
|
|
@$(E) " LD " $@
|
|
--- a/wpa_supplicant/Makefile
|
|
+++ b/wpa_supplicant/Makefile
|
|
@@ -27,6 +27,7 @@ CFLAGS += -I$(abspath ../src)
|
|
CFLAGS += -I$(abspath ../src/utils)
|
|
|
|
-include .config
|
|
+-include $(if $(MULTICALL),../hostapd/.config)
|
|
|
|
ifndef CONFIG_NO_GITVER
|
|
# Add VERSION_STR postfix for builds from a git repository
|
|
@@ -357,7 +358,9 @@ endif
|
|
ifdef CONFIG_IBSS_RSN
|
|
NEED_RSN_AUTHENTICATOR=y
|
|
CFLAGS += -DCONFIG_IBSS_RSN
|
|
+ifndef MULTICALL
|
|
CFLAGS += -DCONFIG_NO_VLAN
|
|
+endif
|
|
OBJS += ibss_rsn.o
|
|
endif
|
|
|
|
@@ -861,6 +864,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
|
|
CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
|
|
LIBS += -ldl -rdynamic
|
|
endif
|
|
+else
|
|
+ ifdef MULTICALL
|
|
+ OBJS += ../src/eap_common/eap_common.o
|
|
+ endif
|
|
endif
|
|
|
|
ifdef CONFIG_AP
|
|
@@ -868,9 +875,11 @@ NEED_EAP_COMMON=y
|
|
NEED_RSN_AUTHENTICATOR=y
|
|
CFLAGS += -DCONFIG_AP
|
|
OBJS += ap.o
|
|
+ifndef MULTICALL
|
|
CFLAGS += -DCONFIG_NO_RADIUS
|
|
CFLAGS += -DCONFIG_NO_ACCOUNTING
|
|
CFLAGS += -DCONFIG_NO_VLAN
|
|
+endif
|
|
OBJS += ../src/ap/hostapd.o
|
|
OBJS += ../src/ap/wpa_auth_glue.o
|
|
OBJS += ../src/ap/utils.o
|
|
@@ -952,6 +961,12 @@ endif
|
|
ifdef CONFIG_HS20
|
|
OBJS += ../src/ap/hs20.o
|
|
endif
|
|
+else
|
|
+ ifdef MULTICALL
|
|
+ OBJS += ../src/eap_server/eap_server.o
|
|
+ OBJS += ../src/eap_server/eap_server_identity.o
|
|
+ OBJS += ../src/eap_server/eap_server_methods.o
|
|
+ endif
|
|
endif
|
|
|
|
ifdef CONFIG_MBO
|
|
@@ -960,7 +975,9 @@ CFLAGS += -DCONFIG_MBO
|
|
endif
|
|
|
|
ifdef NEED_RSN_AUTHENTICATOR
|
|
+ifndef MULTICALL
|
|
CFLAGS += -DCONFIG_NO_RADIUS
|
|
+endif
|
|
NEED_AES_WRAP=y
|
|
OBJS += ../src/ap/wpa_auth.o
|
|
OBJS += ../src/ap/wpa_auth_ie.o
|
|
@@ -1835,6 +1852,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
|
|
|
|
$(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config
|
|
|
|
+wpa_supplicant_multi.a: .config $(BCHECK) $(OBJS) $(EXTRA_progs)
|
|
+ $(Q)$(CC) -c -o wpa_supplicant_multi.o -Dmain=wpa_supplicant_main $(CFLAGS) main.c
|
|
+ @$(E) " CC " $<
|
|
+ @rm -f $@
|
|
+ @$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
|
|
+
|
|
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
|
|
$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
|
|
@$(E) " LD " $@
|
|
@@ -1937,6 +1960,12 @@ endif
|
|
-e 's|\@DBUS_INTERFACE\@|$(DBUS_INTERFACE)|g' $< >$@
|
|
@$(E) " sed" $<
|
|
|
|
+dump_cflags:
|
|
+ @printf "%s " "$(CFLAGS)"
|
|
+
|
|
+dump_ldflags:
|
|
+ @printf "%s " "$(LDFLAGS) $(LIBS) $(EXTRALIBS)"
|
|
+
|
|
wpa_supplicant.exe: wpa_supplicant
|
|
mv -f $< $@
|
|
wpa_cli.exe: wpa_cli
|
|
--- a/src/drivers/driver.h
|
|
+++ b/src/drivers/driver.h
|
|
@@ -5317,8 +5317,8 @@ union wpa_event_data {
|
|
* Driver wrapper code should call this function whenever an event is received
|
|
* from the driver.
|
|
*/
|
|
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
|
- union wpa_event_data *data);
|
|
+extern void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
/**
|
|
* wpa_supplicant_event_global - Report a driver event for wpa_supplicant
|
|
@@ -5330,7 +5330,7 @@ void wpa_supplicant_event(void *ctx, enu
|
|
* Same as wpa_supplicant_event(), but we search for the interface in
|
|
* wpa_global.
|
|
*/
|
|
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+extern void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
|
|
union wpa_event_data *data);
|
|
|
|
/*
|
|
--- a/src/ap/drv_callbacks.c
|
|
+++ b/src/ap/drv_callbacks.c
|
|
@@ -1375,8 +1375,8 @@ static void hostapd_event_dfs_cac_starte
|
|
#endif /* NEED_AP_MLME */
|
|
|
|
|
|
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
|
- union wpa_event_data *data)
|
|
+void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
#ifndef CONFIG_NO_STDOUT_DEBUG
|
|
@@ -1590,7 +1590,7 @@ void wpa_supplicant_event(void *ctx, enu
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
|
|
union wpa_event_data *data)
|
|
{
|
|
struct hapd_interfaces *interfaces = ctx;
|
|
--- a/wpa_supplicant/wpa_priv.c
|
|
+++ b/wpa_supplicant/wpa_priv.c
|
|
@@ -1031,8 +1031,8 @@ static void wpa_priv_send_ft_response(st
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
|
- union wpa_event_data *data)
|
|
+static void supplicant_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data)
|
|
{
|
|
struct wpa_priv_interface *iface = ctx;
|
|
|
|
@@ -1101,7 +1101,7 @@ void wpa_supplicant_event(void *ctx, enu
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+void supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
union wpa_event_data *data)
|
|
{
|
|
struct wpa_priv_global *global = ctx;
|
|
@@ -1213,6 +1213,8 @@ int main(int argc, char *argv[])
|
|
if (os_program_init())
|
|
return -1;
|
|
|
|
+ wpa_supplicant_event = supplicant_event;
|
|
+ wpa_supplicant_event_global = supplicant_event_global;
|
|
wpa_priv_fd_workaround();
|
|
|
|
os_memset(&global, 0, sizeof(global));
|
|
--- a/wpa_supplicant/events.c
|
|
+++ b/wpa_supplicant/events.c
|
|
@@ -3709,8 +3709,8 @@ static void wpa_supplicant_event_assoc_a
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
|
- union wpa_event_data *data)
|
|
+void supplicant_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data)
|
|
{
|
|
struct wpa_supplicant *wpa_s = ctx;
|
|
int resched;
|
|
@@ -4466,7 +4466,7 @@ void wpa_supplicant_event(void *ctx, enu
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+void supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
union wpa_event_data *data)
|
|
{
|
|
struct wpa_supplicant *wpa_s;
|
|
--- a/wpa_supplicant/wpa_supplicant.c
|
|
+++ b/wpa_supplicant/wpa_supplicant.c
|
|
@@ -5457,7 +5457,6 @@ struct wpa_interface * wpa_supplicant_ma
|
|
return NULL;
|
|
}
|
|
|
|
-
|
|
/**
|
|
* wpa_supplicant_match_existing - Match existing interfaces
|
|
* @global: Pointer to global data from wpa_supplicant_init()
|
|
@@ -5494,6 +5493,11 @@ static int wpa_supplicant_match_existing
|
|
|
|
#endif /* CONFIG_MATCH_IFACE */
|
|
|
|
+extern void supplicant_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+
|
|
+extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
/**
|
|
* wpa_supplicant_add_iface - Add a new network interface
|
|
@@ -5750,6 +5754,8 @@ struct wpa_global * wpa_supplicant_init(
|
|
#ifndef CONFIG_NO_WPA_MSG
|
|
wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
|
|
#endif /* CONFIG_NO_WPA_MSG */
|
|
+ wpa_supplicant_event = supplicant_event;
|
|
+ wpa_supplicant_event_global = supplicant_event_global;
|
|
|
|
if (params->wpa_debug_file_path)
|
|
wpa_debug_open_file(params->wpa_debug_file_path);
|
|
--- a/hostapd/main.c
|
|
+++ b/hostapd/main.c
|
|
@@ -590,6 +590,11 @@ fail:
|
|
return -1;
|
|
}
|
|
|
|
+void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+
|
|
+void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
#ifdef CONFIG_WPS
|
|
static int gen_uuid(const char *txt_addr)
|
|
@@ -670,6 +675,8 @@ int main(int argc, char *argv[])
|
|
dl_list_init(&interfaces.eth_p_oui);
|
|
#endif /* CONFIG_ETH_P_OUI */
|
|
|
|
+ wpa_supplicant_event = hostapd_wpa_event;
|
|
+ wpa_supplicant_event_global = hostapd_wpa_event_global;
|
|
for (;;) {
|
|
c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
|
|
if (c < 0)
|
|
--- a/src/drivers/drivers.c
|
|
+++ b/src/drivers/drivers.c
|
|
@@ -10,6 +10,10 @@
|
|
#include "utils/common.h"
|
|
#include "driver.h"
|
|
|
|
+void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
const struct wpa_driver_ops *const wpa_drivers[] =
|
|
{
|
|
--- a/wpa_supplicant/eapol_test.c
|
|
+++ b/wpa_supplicant/eapol_test.c
|
|
@@ -29,7 +29,12 @@
|
|
#include "ctrl_iface.h"
|
|
#include "pcsc_funcs.h"
|
|
#include "wpas_glue.h"
|
|
+#include "drivers/driver.h"
|
|
|
|
+void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
|
|
|
|
@@ -1295,6 +1300,10 @@ static void usage(void)
|
|
"option several times.\n");
|
|
}
|
|
|
|
+extern void supplicant_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
@@ -1315,6 +1324,8 @@ int main(int argc, char *argv[])
|
|
if (os_program_init())
|
|
return -1;
|
|
|
|
+ wpa_supplicant_event = supplicant_event;
|
|
+ wpa_supplicant_event_global = supplicant_event_global;
|
|
hostapd_logger_register_cb(hostapd_logger_cb);
|
|
|
|
os_memset(&eapol_test, 0, sizeof(eapol_test));
|