mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-23 21:08:23 +00:00
df6a33a8d4
Bump to latest Git and refresh all patches in order to get fix for "UPnP SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695). General security vulnerability in the way the callback URLs in the UPnP SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695). Some of the described issues may be applicable to the use of UPnP in WPS AP mode functionality for supporting external registrars. Ref: https://w1.fi/security/2020-1/ Signed-off-by: Petr Štetiar <ynezz@true.cz>
356 lines
10 KiB
Diff
356 lines
10 KiB
Diff
--- a/hostapd/Makefile
|
|
+++ b/hostapd/Makefile
|
|
@@ -31,6 +31,7 @@ CFLAGS += -I$(abspath ../src/utils)
|
|
export BINDIR ?= /usr/local/bin/
|
|
|
|
-include .config
|
|
+-include $(if $(MULTICALL), ../wpa_supplicant/.config)
|
|
|
|
ifndef CONFIG_NO_GITVER
|
|
# Add VERSION_STR postfix for builds from a git repository
|
|
@@ -204,7 +205,8 @@ endif
|
|
|
|
ifdef CONFIG_NO_VLAN
|
|
CFLAGS += -DCONFIG_NO_VLAN
|
|
-else
|
|
+endif
|
|
+ifneq ($(findstring CONFIG_NO_VLAN,$(CFLAGS)), CONFIG_NO_VLAN)
|
|
OBJS += ../src/ap/vlan_init.o
|
|
OBJS += ../src/ap/vlan_ifconfig.o
|
|
OBJS += ../src/ap/vlan.o
|
|
@@ -354,10 +356,14 @@ CFLAGS += -DCONFIG_MBO
|
|
OBJS += ../src/ap/mbo_ap.o
|
|
endif
|
|
|
|
+ifndef MULTICALL
|
|
+CFLAGS += -DNO_SUPPLICANT
|
|
+endif
|
|
+
|
|
include ../src/drivers/drivers.mak
|
|
-OBJS += $(DRV_AP_OBJS)
|
|
-CFLAGS += $(DRV_AP_CFLAGS)
|
|
-LDFLAGS += $(DRV_AP_LDFLAGS)
|
|
+OBJS += $(sort $(DRV_AP_OBJS) $(if $(MULTICALL),$(DRV_WPA_OBJS)))
|
|
+CFLAGS += $(DRV_AP_CFLAGS) $(if $(MULTICALL),$(DRV_WPA_CFLAGS))
|
|
+LDFLAGS += $(DRV_AP_LDFLAGS) $(if $(MULTICALL),$(DRV_WPA_LDFLAGS))
|
|
LIBS += $(DRV_AP_LIBS)
|
|
|
|
ifdef CONFIG_L2_PACKET
|
|
@@ -1311,6 +1317,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
|
|
|
|
BCHECK=../src/drivers/build.hostapd
|
|
|
|
+hostapd_multi.a: $(BCHECK) $(OBJS)
|
|
+ $(Q)$(CC) -c -o hostapd_multi.o -Dmain=hostapd_main $(CFLAGS) main.c
|
|
+ @$(E) " CC " $<
|
|
+ @rm -f $@
|
|
+ @$(AR) cr $@ hostapd_multi.o $(OBJS)
|
|
+
|
|
hostapd: $(BCHECK) $(OBJS)
|
|
$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
|
|
@$(E) " LD " $@
|
|
@@ -1374,6 +1386,12 @@ SOBJS += ../src/crypto/sha256-kdf.o
|
|
SOBJS += ../src/crypto/sha384-kdf.o
|
|
SOBJS += ../src/crypto/sha512-kdf.o
|
|
|
|
+dump_cflags:
|
|
+ @printf "%s " "$(CFLAGS)"
|
|
+
|
|
+dump_ldflags:
|
|
+ @printf "%s " "$(LDFLAGS) $(LIBS) $(EXTRALIBS)"
|
|
+
|
|
nt_password_hash: $(NOBJS)
|
|
$(Q)$(CC) $(LDFLAGS) -o nt_password_hash $(NOBJS) $(LIBS_n)
|
|
@$(E) " LD " $@
|
|
--- a/wpa_supplicant/Makefile
|
|
+++ b/wpa_supplicant/Makefile
|
|
@@ -27,6 +27,7 @@ CFLAGS += -I$(abspath ../src)
|
|
CFLAGS += -I$(abspath ../src/utils)
|
|
|
|
-include .config
|
|
+-include $(if $(MULTICALL),../hostapd/.config)
|
|
|
|
ifndef CONFIG_NO_GITVER
|
|
# Add VERSION_STR postfix for builds from a git repository
|
|
@@ -369,7 +370,9 @@ endif
|
|
ifdef CONFIG_IBSS_RSN
|
|
NEED_RSN_AUTHENTICATOR=y
|
|
CFLAGS += -DCONFIG_IBSS_RSN
|
|
+ifndef MULTICALL
|
|
CFLAGS += -DCONFIG_NO_VLAN
|
|
+endif
|
|
OBJS += ibss_rsn.o
|
|
endif
|
|
|
|
@@ -890,6 +893,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
|
|
CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
|
|
LIBS += -ldl -rdynamic
|
|
endif
|
|
+else
|
|
+ ifdef MULTICALL
|
|
+ OBJS += ../src/eap_common/eap_common.o
|
|
+ endif
|
|
endif
|
|
|
|
ifdef CONFIG_AP
|
|
@@ -897,9 +904,11 @@ NEED_EAP_COMMON=y
|
|
NEED_RSN_AUTHENTICATOR=y
|
|
CFLAGS += -DCONFIG_AP
|
|
OBJS += ap.o
|
|
+ifndef MULTICALL
|
|
CFLAGS += -DCONFIG_NO_RADIUS
|
|
CFLAGS += -DCONFIG_NO_ACCOUNTING
|
|
CFLAGS += -DCONFIG_NO_VLAN
|
|
+endif
|
|
OBJS += ../src/ap/hostapd.o
|
|
OBJS += ../src/ap/wpa_auth_glue.o
|
|
OBJS += ../src/ap/utils.o
|
|
@@ -979,6 +988,12 @@ endif
|
|
ifdef CONFIG_HS20
|
|
OBJS += ../src/ap/hs20.o
|
|
endif
|
|
+else
|
|
+ ifdef MULTICALL
|
|
+ OBJS += ../src/eap_server/eap_server.o
|
|
+ OBJS += ../src/eap_server/eap_server_identity.o
|
|
+ OBJS += ../src/eap_server/eap_server_methods.o
|
|
+ endif
|
|
endif
|
|
|
|
ifdef CONFIG_MBO
|
|
@@ -987,7 +1002,9 @@ CFLAGS += -DCONFIG_MBO
|
|
endif
|
|
|
|
ifdef NEED_RSN_AUTHENTICATOR
|
|
+ifndef MULTICALL
|
|
CFLAGS += -DCONFIG_NO_RADIUS
|
|
+endif
|
|
NEED_AES_WRAP=y
|
|
OBJS += ../src/ap/wpa_auth.o
|
|
OBJS += ../src/ap/wpa_auth_ie.o
|
|
@@ -1897,6 +1914,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
|
|
|
|
$(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config
|
|
|
|
+wpa_supplicant_multi.a: .config $(BCHECK) $(OBJS) $(EXTRA_progs)
|
|
+ $(Q)$(CC) -c -o wpa_supplicant_multi.o -Dmain=wpa_supplicant_main $(CFLAGS) main.c
|
|
+ @$(E) " CC " $<
|
|
+ @rm -f $@
|
|
+ @$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
|
|
+
|
|
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
|
|
$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
|
|
@$(E) " LD " $@
|
|
@@ -1997,6 +2020,12 @@ endif
|
|
$(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
|
|
@$(E) " sed" $<
|
|
|
|
+dump_cflags:
|
|
+ @printf "%s " "$(CFLAGS)"
|
|
+
|
|
+dump_ldflags:
|
|
+ @printf "%s " "$(LDFLAGS) $(LIBS) $(EXTRALIBS)"
|
|
+
|
|
wpa_supplicant.exe: wpa_supplicant
|
|
mv -f $< $@
|
|
wpa_cli.exe: wpa_cli
|
|
--- a/src/drivers/driver.h
|
|
+++ b/src/drivers/driver.h
|
|
@@ -5886,8 +5886,8 @@ union wpa_event_data {
|
|
* Driver wrapper code should call this function whenever an event is received
|
|
* from the driver.
|
|
*/
|
|
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
|
- union wpa_event_data *data);
|
|
+extern void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
/**
|
|
* wpa_supplicant_event_global - Report a driver event for wpa_supplicant
|
|
@@ -5899,7 +5899,7 @@ void wpa_supplicant_event(void *ctx, enu
|
|
* Same as wpa_supplicant_event(), but we search for the interface in
|
|
* wpa_global.
|
|
*/
|
|
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+extern void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
|
|
union wpa_event_data *data);
|
|
|
|
/*
|
|
--- a/src/ap/drv_callbacks.c
|
|
+++ b/src/ap/drv_callbacks.c
|
|
@@ -1789,8 +1789,8 @@ err:
|
|
#endif /* CONFIG_OWE */
|
|
|
|
|
|
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
|
- union wpa_event_data *data)
|
|
+void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
#ifndef CONFIG_NO_STDOUT_DEBUG
|
|
@@ -2035,7 +2035,7 @@ void wpa_supplicant_event(void *ctx, enu
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
|
|
union wpa_event_data *data)
|
|
{
|
|
struct hapd_interfaces *interfaces = ctx;
|
|
--- a/wpa_supplicant/wpa_priv.c
|
|
+++ b/wpa_supplicant/wpa_priv.c
|
|
@@ -1038,8 +1038,8 @@ static void wpa_priv_send_ft_response(st
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
|
- union wpa_event_data *data)
|
|
+static void supplicant_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data)
|
|
{
|
|
struct wpa_priv_interface *iface = ctx;
|
|
|
|
@@ -1102,7 +1102,7 @@ void wpa_supplicant_event(void *ctx, enu
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+void supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
union wpa_event_data *data)
|
|
{
|
|
struct wpa_priv_global *global = ctx;
|
|
@@ -1215,6 +1215,8 @@ int main(int argc, char *argv[])
|
|
if (os_program_init())
|
|
return -1;
|
|
|
|
+ wpa_supplicant_event = supplicant_event;
|
|
+ wpa_supplicant_event_global = supplicant_event_global;
|
|
wpa_priv_fd_workaround();
|
|
|
|
os_memset(&global, 0, sizeof(global));
|
|
--- a/wpa_supplicant/events.c
|
|
+++ b/wpa_supplicant/events.c
|
|
@@ -4579,8 +4579,8 @@ static void wpas_event_unprot_beacon(str
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
|
- union wpa_event_data *data)
|
|
+void supplicant_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data)
|
|
{
|
|
struct wpa_supplicant *wpa_s = ctx;
|
|
int resched;
|
|
@@ -5398,7 +5398,7 @@ void wpa_supplicant_event(void *ctx, enu
|
|
}
|
|
|
|
|
|
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+void supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
union wpa_event_data *data)
|
|
{
|
|
struct wpa_supplicant *wpa_s;
|
|
--- a/wpa_supplicant/wpa_supplicant.c
|
|
+++ b/wpa_supplicant/wpa_supplicant.c
|
|
@@ -6597,7 +6597,6 @@ struct wpa_interface * wpa_supplicant_ma
|
|
return NULL;
|
|
}
|
|
|
|
-
|
|
/**
|
|
* wpa_supplicant_match_existing - Match existing interfaces
|
|
* @global: Pointer to global data from wpa_supplicant_init()
|
|
@@ -6634,6 +6633,11 @@ static int wpa_supplicant_match_existing
|
|
|
|
#endif /* CONFIG_MATCH_IFACE */
|
|
|
|
+extern void supplicant_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+
|
|
+extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
/**
|
|
* wpa_supplicant_add_iface - Add a new network interface
|
|
@@ -6890,6 +6894,8 @@ struct wpa_global * wpa_supplicant_init(
|
|
#ifndef CONFIG_NO_WPA_MSG
|
|
wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
|
|
#endif /* CONFIG_NO_WPA_MSG */
|
|
+ wpa_supplicant_event = supplicant_event;
|
|
+ wpa_supplicant_event_global = supplicant_event_global;
|
|
|
|
if (params->wpa_debug_file_path)
|
|
wpa_debug_open_file(params->wpa_debug_file_path);
|
|
--- a/hostapd/main.c
|
|
+++ b/hostapd/main.c
|
|
@@ -590,6 +590,11 @@ fail:
|
|
return -1;
|
|
}
|
|
|
|
+void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+
|
|
+void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
#ifdef CONFIG_WPS
|
|
static int gen_uuid(const char *txt_addr)
|
|
@@ -684,6 +689,8 @@ int main(int argc, char *argv[])
|
|
return -1;
|
|
#endif /* CONFIG_DPP */
|
|
|
|
+ wpa_supplicant_event = hostapd_wpa_event;
|
|
+ wpa_supplicant_event_global = hostapd_wpa_event_global;
|
|
for (;;) {
|
|
c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
|
|
if (c < 0)
|
|
--- a/src/drivers/drivers.c
|
|
+++ b/src/drivers/drivers.c
|
|
@@ -10,6 +10,10 @@
|
|
#include "utils/common.h"
|
|
#include "driver.h"
|
|
|
|
+void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
const struct wpa_driver_ops *const wpa_drivers[] =
|
|
{
|
|
--- a/wpa_supplicant/eapol_test.c
|
|
+++ b/wpa_supplicant/eapol_test.c
|
|
@@ -30,7 +30,12 @@
|
|
#include "ctrl_iface.h"
|
|
#include "pcsc_funcs.h"
|
|
#include "wpas_glue.h"
|
|
+#include "drivers/driver.h"
|
|
|
|
+void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
|
|
|
|
@@ -1292,6 +1297,10 @@ static void usage(void)
|
|
"option several times.\n");
|
|
}
|
|
|
|
+extern void supplicant_event(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
+extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
|
|
+ union wpa_event_data *data);
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
@@ -1312,6 +1321,8 @@ int main(int argc, char *argv[])
|
|
if (os_program_init())
|
|
return -1;
|
|
|
|
+ wpa_supplicant_event = supplicant_event;
|
|
+ wpa_supplicant_event_global = supplicant_event_global;
|
|
hostapd_logger_register_cb(hostapd_logger_cb);
|
|
|
|
os_memset(&eapol_test, 0, sizeof(eapol_test));
|