summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-connectivity
diff options
context:
space:
mode:
authorMingli Yu <mingli.yu@windriver.com>2021-03-22 16:23:20 +0800
committerKhem Raj <raj.khem@gmail.com>2021-03-22 09:25:16 -0700
commitf422ff618009e6899d2475349ffeb57e97779cb2 (patch)
tree4ffe54449e3e7463bf44ca99f004e4de71ca6d28 /meta-oe/recipes-connectivity
parent9fed768c1a5e5af9027502367b232aa595ecec09 (diff)
downloadmeta-openembedded-f422ff618009e6899d2475349ffeb57e97779cb2.tar.gz
hostapd: fix CVE-2019-5061
Backport a patch to fix CVE-2019-5061. Reference: https://security-tracker.debian.org/tracker/CVE-2019-5061 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/recipes-connectivity')
-rw-r--r--meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2019-5061.patch854
-rw-r--r--meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb1
2 files changed, 855 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2019-5061.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2019-5061.patch
new file mode 100644
index 000000000..9214615d1
--- /dev/null
+++ b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2019-5061.patch
@@ -0,0 +1,854 @@
1From 018edec9b2bd3db20605117c32ff79c1e625c432 Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <j@w1.fi>
3Date: Wed, 11 Sep 2019 12:34:28 +0300
4Subject: [PATCH] Remove IAPP functionality from hostapd
5
6IEEE Std 802.11F-2003 was withdrawn in 2006 and as such it has not been
7maintained nor is there any expectation of the withdrawn trial-use
8recommended practice to be maintained in the future. Furthermore,
9implementation of IAPP in hostapd was not complete, i.e., only parts of
10the recommended practice were included. The main item of some real use
11long time ago was the Layer 2 Update frame to update bridges when a STA
12roams within an ESS, but that functionality has, in practice, been moved
13to kernel drivers to provide better integration with the networking
14stack.
15
16CVE: CVE-2019-5061
17
18Upstream-Status: Backport
19
20Signed-off-by: Jouni Malinen <j@w1.fi>
21Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
22---
23 hostapd/Android.mk | 5 -
24 hostapd/Makefile | 5 -
25 hostapd/android.config | 3 -
26 hostapd/config_file.c | 3 +-
27 hostapd/defconfig | 3 -
28 hostapd/hostapd.conf | 6 -
29 hostapd/main.c | 3 -
30 src/ap/Makefile | 2 -
31 src/ap/ap_config.h | 4 -
32 src/ap/hostapd.c | 14 -
33 src/ap/hostapd.h | 2 -
34 src/ap/iapp.c | 542 ----------------------
35 src/ap/iapp.h | 39 --
36 src/utils/wpa_debug.h | 1 -
37 14 files changed, 1 insertion(+), 633 deletions(-)
38 delete mode 100644 src/ap/iapp.c
39 delete mode 100644 src/ap/iapp.h
40
41diff --git a/hostapd/Android.mk b/hostapd/Android.mk
42index 3183323ef..a87ac8144 100644
43--- a/hostapd/Android.mk
44+++ b/hostapd/Android.mk
45@@ -205,11 +205,6 @@ endif
46
47 L_CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX
48
49-ifdef CONFIG_IAPP
50-L_CFLAGS += -DCONFIG_IAPP
51-OBJS += src/ap/iapp.c
52-endif
53-
54 ifdef CONFIG_RSN_PREAUTH
55 L_CFLAGS += -DCONFIG_RSN_PREAUTH
56 CONFIG_L2_PACKET=y
57diff --git a/hostapd/Makefile b/hostapd/Makefile
58index f7f4c785b..42bb9e4c8 100644
59--- a/hostapd/Makefile
60+++ b/hostapd/Makefile
61@@ -248,11 +248,6 @@ ifndef CONFIG_NO_CTRL_IFACE
62 CFLAGS += -DCONFIG_CTRL_IFACE
63 endif
64
65-ifdef CONFIG_IAPP
66-CFLAGS += -DCONFIG_IAPP
67-OBJS += ../src/ap/iapp.o
68-endif
69-
70 ifdef CONFIG_RSN_PREAUTH
71 CFLAGS += -DCONFIG_RSN_PREAUTH
72 CONFIG_L2_PACKET=y
73diff --git a/hostapd/android.config b/hostapd/android.config
74index efe252332..e2e6c7821 100644
75--- a/hostapd/android.config
76+++ b/hostapd/android.config
77@@ -38,9 +38,6 @@ CONFIG_DRIVER_NL80211_QCA=y
78 # Driver interface for no driver (e.g., RADIUS server only)
79 #CONFIG_DRIVER_NONE=y
80
81-# IEEE 802.11F/IAPP
82-#CONFIG_IAPP=y
83-
84 # WPA2/IEEE 802.11i RSN pre-authentication
85 #CONFIG_RSN_PREAUTH=y
86
87diff --git a/hostapd/config_file.c b/hostapd/config_file.c
88index 680f17ee0..0d340d252 100644
89--- a/hostapd/config_file.c
90+++ b/hostapd/config_file.c
91@@ -2712,8 +2712,7 @@ static int hostapd_config_fill(struct hostapd_config *conf,
92 bss->eapol_key_index_workaround = atoi(pos);
93 #ifdef CONFIG_IAPP
94 } else if (os_strcmp(buf, "iapp_interface") == 0) {
95- bss->ieee802_11f = 1;
96- os_strlcpy(bss->iapp_iface, pos, sizeof(bss->iapp_iface));
97+ wpa_printf(MSG_INFO, "DEPRECATED: iapp_interface not used");
98 #endif /* CONFIG_IAPP */
99 } else if (os_strcmp(buf, "own_ip_addr") == 0) {
100 if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
101diff --git a/hostapd/defconfig b/hostapd/defconfig
102index b1fb56c3b..1a3d9f9ba 100644
103--- a/hostapd/defconfig
104+++ b/hostapd/defconfig
105@@ -44,9 +44,6 @@ CONFIG_LIBNL32=y
106 # Driver interface for no driver (e.g., RADIUS server only)
107 #CONFIG_DRIVER_NONE=y
108
109-# IEEE 802.11F/IAPP
110-CONFIG_IAPP=y
111-
112 # WPA2/IEEE 802.11i RSN pre-authentication
113 CONFIG_RSN_PREAUTH=y
114
115diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
116index 6c96a760a..a3c698480 100644
117--- a/hostapd/hostapd.conf
118+++ b/hostapd/hostapd.conf
119@@ -41,7 +41,6 @@ interface=wlan0
120 # bit 2 (4) = RADIUS
121 # bit 3 (8) = WPA
122 # bit 4 (16) = driver interface
123-# bit 5 (32) = IAPP
124 # bit 6 (64) = MLME
125 #
126 # Levels (minimum value for logged events):
127@@ -1243,11 +1242,6 @@ eap_server=0
128 # Whether to enable ERP on the EAP server.
129 #eap_server_erp=1
130
131-##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) #######################
132-
133-# Interface to be used for IAPP broadcast packets
134-#iapp_interface=eth0
135-
136
137 ##### RADIUS client configuration #############################################
138 # for IEEE 802.1X with external Authentication Server, IEEE 802.11
139diff --git a/hostapd/main.c b/hostapd/main.c
140index 08896ffe2..8bfe24281 100644
141--- a/hostapd/main.c
142+++ b/hostapd/main.c
143@@ -81,9 +81,6 @@ static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
144 case HOSTAPD_MODULE_DRIVER:
145 module_str = "DRIVER";
146 break;
147- case HOSTAPD_MODULE_IAPP:
148- module_str = "IAPP";
149- break;
150 case HOSTAPD_MODULE_MLME:
151 module_str = "MLME";
152 break;
153diff --git a/src/ap/Makefile b/src/ap/Makefile
154index bd3f33b77..54e48a0dd 100644
155--- a/src/ap/Makefile
156+++ b/src/ap/Makefile
157@@ -18,7 +18,6 @@ CFLAGS += -DCONFIG_IEEE80211R_AP
158 CFLAGS += -DCONFIG_WPS
159 CFLAGS += -DCONFIG_PROXYARP
160 CFLAGS += -DCONFIG_IPV6
161-CFLAGS += -DCONFIG_IAPP
162 CFLAGS += -DCONFIG_AIRTIME_POLICY
163
164 LIB_OBJS= \
165@@ -41,7 +40,6 @@ LIB_OBJS= \
166 hostapd.o \
167 hs20.o \
168 hw_features.o \
169- iapp.o \
170 ieee802_11_auth.o \
171 ieee802_11.o \
172 ieee802_11_ht.o \
173diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
174index e219160b0..17eb0682b 100644
175--- a/src/ap/ap_config.h
176+++ b/src/ap/ap_config.h
177@@ -325,10 +325,6 @@ struct hostapd_bss_config {
178 int erp_send_reauth_start;
179 char *erp_domain;
180
181- int ieee802_11f; /* use IEEE 802.11f (IAPP) */
182- char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast
183- * frames */
184-
185 enum macaddr_acl {
186 ACCEPT_UNLESS_DENIED = 0,
187 DENY_UNLESS_ACCEPTED = 1,
188diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
189index ef988b634..bf7b1f89e 100644
190--- a/src/ap/hostapd.c
191+++ b/src/ap/hostapd.c
192@@ -28,7 +28,6 @@
193 #include "accounting.h"
194 #include "ap_list.h"
195 #include "beacon.h"
196-#include "iapp.h"
197 #include "ieee802_1x.h"
198 #include "ieee802_11_auth.h"
199 #include "vlan_init.h"
200@@ -361,8 +360,6 @@ static void hostapd_free_hapd_data(struct hostapd_data *hapd)
201 hapd->beacon_set_done = 0;
202
203 wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
204- iapp_deinit(hapd->iapp);
205- hapd->iapp = NULL;
206 accounting_deinit(hapd);
207 hostapd_deinit_wpa(hapd);
208 vlan_deinit(hapd);
209@@ -1296,13 +1293,6 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
210 return -1;
211 }
212
213- if (conf->ieee802_11f &&
214- (hapd->iapp = iapp_init(hapd, conf->iapp_iface)) == NULL) {
215- wpa_printf(MSG_ERROR, "IEEE 802.11F (IAPP) initialization "
216- "failed.");
217- return -1;
218- }
219-
220 #ifdef CONFIG_INTERWORKING
221 if (gas_serv_init(hapd)) {
222 wpa_printf(MSG_ERROR, "GAS server initialization failed");
223@@ -3056,10 +3046,6 @@ void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
224 hostapd_prune_associations(hapd, sta->addr);
225 ap_sta_clear_disconnect_timeouts(hapd, sta);
226
227- /* IEEE 802.11F (IAPP) */
228- if (hapd->conf->ieee802_11f)
229- iapp_new_station(hapd->iapp, sta);
230-
231 #ifdef CONFIG_P2P
232 if (sta->p2p_ie == NULL && !sta->no_p2p_set) {
233 sta->no_p2p_set = 1;
234diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
235index 5b859b8a9..2358d1664 100644
236--- a/src/ap/hostapd.h
237+++ b/src/ap/hostapd.h
238@@ -179,8 +179,6 @@ struct hostapd_data {
239 u64 acct_session_id;
240 struct radius_das_data *radius_das;
241
242- struct iapp_data *iapp;
243-
244 struct hostapd_cached_radius_acl *acl_cache;
245 struct hostapd_acl_query_data *acl_queries;
246
247diff --git a/src/ap/iapp.c b/src/ap/iapp.c
248deleted file mode 100644
249index 2556da30c..000000000
250--- a/src/ap/iapp.c
251+++ /dev/null
252@@ -1,542 +0,0 @@
253-/*
254- * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP)
255- * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
256- *
257- * This software may be distributed under the terms of the BSD license.
258- * See README for more details.
259- *
260- * Note: IEEE 802.11F-2003 was a experimental use specification. It has expired
261- * and IEEE has withdrawn it. In other words, it is likely better to look at
262- * using some other mechanism for AP-to-AP communication than extending the
263- * implementation here.
264- */
265-
266-/* TODO:
267- * Level 1: no administrative or security support
268- * (e.g., static BSSID to IP address mapping in each AP)
269- * Level 2: support for dynamic mapping of BSSID to IP address
270- * Level 3: support for encryption and authentication of IAPP messages
271- * - add support for MOVE-notify and MOVE-response (this requires support for
272- * finding out IP address for previous AP using RADIUS)
273- * - add support for Send- and ACK-Security-Block to speedup IEEE 802.1X during
274- * reassociation to another AP
275- * - implement counters etc. for IAPP MIB
276- * - verify endianness of fields in IAPP messages; are they big-endian as
277- * used here?
278- * - RADIUS connection for AP registration and BSSID to IP address mapping
279- * - TCP connection for IAPP MOVE, CACHE
280- * - broadcast ESP for IAPP ADD-notify
281- * - ESP for IAPP MOVE messages
282- * - security block sending/processing
283- * - IEEE 802.11 context transfer
284- */
285-
286-#include "utils/includes.h"
287-#include <net/if.h>
288-#include <sys/ioctl.h>
289-#include <netpacket/packet.h>
290-
291-#include "utils/common.h"
292-#include "utils/eloop.h"
293-#include "common/ieee802_11_defs.h"
294-#include "hostapd.h"
295-#include "ap_config.h"
296-#include "ieee802_11.h"
297-#include "sta_info.h"
298-#include "iapp.h"
299-
300-
301-#define IAPP_MULTICAST "224.0.1.178"
302-#define IAPP_UDP_PORT 3517
303-#define IAPP_TCP_PORT 3517
304-
305-struct iapp_hdr {
306- u8 version;
307- u8 command;
308- be16 identifier;
309- be16 length;
310- /* followed by length-6 octets of data */
311-} __attribute__ ((packed));
312-
313-#define IAPP_VERSION 0
314-
315-enum IAPP_COMMAND {
316- IAPP_CMD_ADD_notify = 0,
317- IAPP_CMD_MOVE_notify = 1,
318- IAPP_CMD_MOVE_response = 2,
319- IAPP_CMD_Send_Security_Block = 3,
320- IAPP_CMD_ACK_Security_Block = 4,
321- IAPP_CMD_CACHE_notify = 5,
322- IAPP_CMD_CACHE_response = 6,
323-};
324-
325-
326-/* ADD-notify - multicast UDP on the local LAN */
327-struct iapp_add_notify {
328- u8 addr_len; /* ETH_ALEN */
329- u8 reserved;
330- u8 mac_addr[ETH_ALEN];
331- be16 seq_num;
332-} __attribute__ ((packed));
333-
334-
335-/* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */
336-struct iapp_layer2_update {
337- u8 da[ETH_ALEN]; /* broadcast */
338- u8 sa[ETH_ALEN]; /* STA addr */
339- be16 len; /* 6 */
340- u8 dsap; /* null DSAP address */
341- u8 ssap; /* null SSAP address, CR=Response */
342- u8 control;
343- u8 xid_info[3];
344-} __attribute__ ((packed));
345-
346-
347-/* MOVE-notify - unicast TCP */
348-struct iapp_move_notify {
349- u8 addr_len; /* ETH_ALEN */
350- u8 reserved;
351- u8 mac_addr[ETH_ALEN];
352- u16 seq_num;
353- u16 ctx_block_len;
354- /* followed by ctx_block_len bytes */
355-} __attribute__ ((packed));
356-
357-
358-/* MOVE-response - unicast TCP */
359-struct iapp_move_response {
360- u8 addr_len; /* ETH_ALEN */
361- u8 status;
362- u8 mac_addr[ETH_ALEN];
363- u16 seq_num;
364- u16 ctx_block_len;
365- /* followed by ctx_block_len bytes */
366-} __attribute__ ((packed));
367-
368-enum {
369- IAPP_MOVE_SUCCESSFUL = 0,
370- IAPP_MOVE_DENIED = 1,
371- IAPP_MOVE_STALE_MOVE = 2,
372-};
373-
374-
375-/* CACHE-notify */
376-struct iapp_cache_notify {
377- u8 addr_len; /* ETH_ALEN */
378- u8 reserved;
379- u8 mac_addr[ETH_ALEN];
380- u16 seq_num;
381- u8 current_ap[ETH_ALEN];
382- u16 ctx_block_len;
383- /* ctx_block_len bytes of context block followed by 16-bit context
384- * timeout */
385-} __attribute__ ((packed));
386-
387-
388-/* CACHE-response - unicast TCP */
389-struct iapp_cache_response {
390- u8 addr_len; /* ETH_ALEN */
391- u8 status;
392- u8 mac_addr[ETH_ALEN];
393- u16 seq_num;
394-} __attribute__ ((packed));
395-
396-enum {
397- IAPP_CACHE_SUCCESSFUL = 0,
398- IAPP_CACHE_STALE_CACHE = 1,
399-};
400-
401-
402-/* Send-Security-Block - unicast TCP */
403-struct iapp_send_security_block {
404- u8 iv[8];
405- u16 sec_block_len;
406- /* followed by sec_block_len bytes of security block */
407-} __attribute__ ((packed));
408-
409-
410-/* ACK-Security-Block - unicast TCP */
411-struct iapp_ack_security_block {
412- u8 iv[8];
413- u8 new_ap_ack_authenticator[48];
414-} __attribute__ ((packed));
415-
416-
417-struct iapp_data {
418- struct hostapd_data *hapd;
419- u16 identifier; /* next IAPP identifier */
420- struct in_addr own, multicast;
421- int udp_sock;
422- int packet_sock;
423-};
424-
425-
426-static void iapp_send_add(struct iapp_data *iapp, u8 *mac_addr, u16 seq_num)
427-{
428- char buf[128];
429- struct iapp_hdr *hdr;
430- struct iapp_add_notify *add;
431- struct sockaddr_in addr;
432-
433- /* Send IAPP ADD-notify to remove possible association from other APs
434- */
435-
436- hdr = (struct iapp_hdr *) buf;
437- hdr->version = IAPP_VERSION;
438- hdr->command = IAPP_CMD_ADD_notify;
439- hdr->identifier = host_to_be16(iapp->identifier++);
440- hdr->length = host_to_be16(sizeof(*hdr) + sizeof(*add));
441-
442- add = (struct iapp_add_notify *) (hdr + 1);
443- add->addr_len = ETH_ALEN;
444- add->reserved = 0;
445- os_memcpy(add->mac_addr, mac_addr, ETH_ALEN);
446-
447- add->seq_num = host_to_be16(seq_num);
448-
449- os_memset(&addr, 0, sizeof(addr));
450- addr.sin_family = AF_INET;
451- addr.sin_addr.s_addr = iapp->multicast.s_addr;
452- addr.sin_port = htons(IAPP_UDP_PORT);
453- if (sendto(iapp->udp_sock, buf, (char *) (add + 1) - buf, 0,
454- (struct sockaddr *) &addr, sizeof(addr)) < 0)
455- wpa_printf(MSG_INFO, "sendto[IAPP-ADD]: %s", strerror(errno));
456-}
457-
458-
459-static void iapp_send_layer2_update(struct iapp_data *iapp, u8 *addr)
460-{
461- struct iapp_layer2_update msg;
462-
463- /* Send Level 2 Update Frame to update forwarding tables in layer 2
464- * bridge devices */
465-
466- /* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID)
467- * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */
468-
469- os_memset(msg.da, 0xff, ETH_ALEN);
470- os_memcpy(msg.sa, addr, ETH_ALEN);
471- msg.len = host_to_be16(6);
472- msg.dsap = 0; /* NULL DSAP address */
473- msg.ssap = 0x01; /* NULL SSAP address, CR Bit: Response */
474- msg.control = 0xaf; /* XID response lsb.1111F101.
475- * F=0 (no poll command; unsolicited frame) */
476- msg.xid_info[0] = 0x81; /* XID format identifier */
477- msg.xid_info[1] = 1; /* LLC types/classes: Type 1 LLC */
478- msg.xid_info[2] = 1 << 1; /* XID sender's receive window size (RW)
479- * FIX: what is correct RW with 802.11? */
480-
481- if (send(iapp->packet_sock, &msg, sizeof(msg), 0) < 0)
482- wpa_printf(MSG_INFO, "send[L2 Update]: %s", strerror(errno));
483-}
484-
485-
486-/**
487- * iapp_new_station - IAPP processing for a new STA
488- * @iapp: IAPP data
489- * @sta: The associated station
490- */
491-void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta)
492-{
493- u16 seq = 0; /* TODO */
494-
495- if (iapp == NULL)
496- return;
497-
498- /* IAPP-ADD.request(MAC Address, Sequence Number, Timeout) */
499- hostapd_logger(iapp->hapd, sta->addr, HOSTAPD_MODULE_IAPP,
500- HOSTAPD_LEVEL_DEBUG, "IAPP-ADD.request(seq=%d)", seq);
501- iapp_send_layer2_update(iapp, sta->addr);
502- iapp_send_add(iapp, sta->addr, seq);
503-
504- /* TODO: If this was reassociation:
505- * IAPP-MOVE.request(MAC Address, Sequence Number, Old AP,
506- * Context Block, Timeout)
507- * TODO: Send IAPP-MOVE to the old AP; Map Old AP BSSID to
508- * IP address */
509-}
510-
511-
512-static void iapp_process_add_notify(struct iapp_data *iapp,
513- struct sockaddr_in *from,
514- struct iapp_hdr *hdr, int len)
515-{
516- struct iapp_add_notify *add = (struct iapp_add_notify *) (hdr + 1);
517- struct sta_info *sta;
518-
519- if (len != sizeof(*add)) {
520- wpa_printf(MSG_INFO, "Invalid IAPP-ADD packet length %d (expected %lu)",
521- len, (unsigned long) sizeof(*add));
522- return;
523- }
524-
525- sta = ap_get_sta(iapp->hapd, add->mac_addr);
526-
527- /* IAPP-ADD.indication(MAC Address, Sequence Number) */
528- hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP,
529- HOSTAPD_LEVEL_INFO,
530- "Received IAPP ADD-notify (seq# %d) from %s:%d%s",
531- be_to_host16(add->seq_num),
532- inet_ntoa(from->sin_addr), ntohs(from->sin_port),
533- sta ? "" : " (STA not found)");
534-
535- if (!sta)
536- return;
537-
538- /* TODO: could use seq_num to try to determine whether last association
539- * to this AP is newer than the one advertised in IAPP-ADD. Although,
540- * this is not really a reliable verification. */
541-
542- hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP,
543- HOSTAPD_LEVEL_DEBUG,
544- "Removing STA due to IAPP ADD-notify");
545- ap_sta_disconnect(iapp->hapd, sta, NULL, 0);
546-}
547-
548-
549-/**
550- * iapp_receive_udp - Process IAPP UDP frames
551- * @sock: File descriptor for the socket
552- * @eloop_ctx: IAPP data (struct iapp_data *)
553- * @sock_ctx: Not used
554- */
555-static void iapp_receive_udp(int sock, void *eloop_ctx, void *sock_ctx)
556-{
557- struct iapp_data *iapp = eloop_ctx;
558- int len, hlen;
559- unsigned char buf[128];
560- struct sockaddr_in from;
561- socklen_t fromlen;
562- struct iapp_hdr *hdr;
563-
564- /* Handle incoming IAPP frames (over UDP/IP) */
565-
566- fromlen = sizeof(from);
567- len = recvfrom(iapp->udp_sock, buf, sizeof(buf), 0,
568- (struct sockaddr *) &from, &fromlen);
569- if (len < 0) {
570- wpa_printf(MSG_INFO, "iapp_receive_udp - recvfrom: %s",
571- strerror(errno));
572- return;
573- }
574-
575- if (from.sin_addr.s_addr == iapp->own.s_addr)
576- return; /* ignore own IAPP messages */
577-
578- hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP,
579- HOSTAPD_LEVEL_DEBUG,
580- "Received %d byte IAPP frame from %s%s\n",
581- len, inet_ntoa(from.sin_addr),
582- len < (int) sizeof(*hdr) ? " (too short)" : "");
583-
584- if (len < (int) sizeof(*hdr))
585- return;
586-
587- hdr = (struct iapp_hdr *) buf;
588- hlen = be_to_host16(hdr->length);
589- hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP,
590- HOSTAPD_LEVEL_DEBUG,
591- "RX: version=%d command=%d id=%d len=%d\n",
592- hdr->version, hdr->command,
593- be_to_host16(hdr->identifier), hlen);
594- if (hdr->version != IAPP_VERSION) {
595- wpa_printf(MSG_INFO, "Dropping IAPP frame with unknown version %d",
596- hdr->version);
597- return;
598- }
599- if (hlen > len) {
600- wpa_printf(MSG_INFO, "Underflow IAPP frame (hlen=%d len=%d)",
601- hlen, len);
602- return;
603- }
604- if (hlen < len) {
605- wpa_printf(MSG_INFO, "Ignoring %d extra bytes from IAPP frame",
606- len - hlen);
607- len = hlen;
608- }
609-
610- switch (hdr->command) {
611- case IAPP_CMD_ADD_notify:
612- iapp_process_add_notify(iapp, &from, hdr, len - sizeof(*hdr));
613- break;
614- case IAPP_CMD_MOVE_notify:
615- /* TODO: MOVE is using TCP; so move this to TCP handler once it
616- * is implemented.. */
617- /* IAPP-MOVE.indication(MAC Address, New BSSID,
618- * Sequence Number, AP Address, Context Block) */
619- /* TODO: process */
620- break;
621- default:
622- wpa_printf(MSG_INFO, "Unknown IAPP command %d", hdr->command);
623- break;
624- }
625-}
626-
627-
628-struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface)
629-{
630- struct ifreq ifr;
631- struct sockaddr_ll addr;
632- int ifindex;
633- struct sockaddr_in *paddr, uaddr;
634- struct iapp_data *iapp;
635- struct ip_mreqn mreq;
636- int reuseaddr = 1;
637-
638- iapp = os_zalloc(sizeof(*iapp));
639- if (iapp == NULL)
640- return NULL;
641- iapp->hapd = hapd;
642- iapp->udp_sock = iapp->packet_sock = -1;
643-
644- /* TODO:
645- * open socket for sending and receiving IAPP frames over TCP
646- */
647-
648- iapp->udp_sock = socket(PF_INET, SOCK_DGRAM, 0);
649- if (iapp->udp_sock < 0) {
650- wpa_printf(MSG_INFO, "iapp_init - socket[PF_INET,SOCK_DGRAM]: %s",
651- strerror(errno));
652- iapp_deinit(iapp);
653- return NULL;
654- }
655-
656- os_memset(&ifr, 0, sizeof(ifr));
657- os_strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));
658- if (ioctl(iapp->udp_sock, SIOCGIFINDEX, &ifr) != 0) {
659- wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFINDEX): %s",
660- strerror(errno));
661- iapp_deinit(iapp);
662- return NULL;
663- }
664- ifindex = ifr.ifr_ifindex;
665-
666- if (ioctl(iapp->udp_sock, SIOCGIFADDR, &ifr) != 0) {
667- wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFADDR): %s",
668- strerror(errno));
669- iapp_deinit(iapp);
670- return NULL;
671- }
672- paddr = (struct sockaddr_in *) &ifr.ifr_addr;
673- if (paddr->sin_family != AF_INET) {
674- wpa_printf(MSG_INFO, "IAPP: Invalid address family %i (SIOCGIFADDR)",
675- paddr->sin_family);
676- iapp_deinit(iapp);
677- return NULL;
678- }
679- iapp->own.s_addr = paddr->sin_addr.s_addr;
680-
681- if (ioctl(iapp->udp_sock, SIOCGIFBRDADDR, &ifr) != 0) {
682- wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFBRDADDR): %s",
683- strerror(errno));
684- iapp_deinit(iapp);
685- return NULL;
686- }
687- paddr = (struct sockaddr_in *) &ifr.ifr_addr;
688- if (paddr->sin_family != AF_INET) {
689- wpa_printf(MSG_INFO, "Invalid address family %i (SIOCGIFBRDADDR)",
690- paddr->sin_family);
691- iapp_deinit(iapp);
692- return NULL;
693- }
694- inet_aton(IAPP_MULTICAST, &iapp->multicast);
695-
696- os_memset(&uaddr, 0, sizeof(uaddr));
697- uaddr.sin_family = AF_INET;
698- uaddr.sin_port = htons(IAPP_UDP_PORT);
699-
700- if (setsockopt(iapp->udp_sock, SOL_SOCKET, SO_REUSEADDR, &reuseaddr,
701- sizeof(reuseaddr)) < 0) {
702- wpa_printf(MSG_INFO,
703- "iapp_init - setsockopt[UDP,SO_REUSEADDR]: %s",
704- strerror(errno));
705- /*
706- * Ignore this and try to continue. This is fine for single
707- * BSS cases, but may fail if multiple BSSes enable IAPP.
708- */
709- }
710-
711- if (bind(iapp->udp_sock, (struct sockaddr *) &uaddr,
712- sizeof(uaddr)) < 0) {
713- wpa_printf(MSG_INFO, "iapp_init - bind[UDP]: %s",
714- strerror(errno));
715- iapp_deinit(iapp);
716- return NULL;
717- }
718-
719- os_memset(&mreq, 0, sizeof(mreq));
720- mreq.imr_multiaddr = iapp->multicast;
721- mreq.imr_address.s_addr = INADDR_ANY;
722- mreq.imr_ifindex = 0;
723- if (setsockopt(iapp->udp_sock, SOL_IP, IP_ADD_MEMBERSHIP, &mreq,
724- sizeof(mreq)) < 0) {
725- wpa_printf(MSG_INFO, "iapp_init - setsockopt[UDP,IP_ADD_MEMBERSHIP]: %s",
726- strerror(errno));
727- iapp_deinit(iapp);
728- return NULL;
729- }
730-
731- iapp->packet_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
732- if (iapp->packet_sock < 0) {
733- wpa_printf(MSG_INFO, "iapp_init - socket[PF_PACKET,SOCK_RAW]: %s",
734- strerror(errno));
735- iapp_deinit(iapp);
736- return NULL;
737- }
738-
739- os_memset(&addr, 0, sizeof(addr));
740- addr.sll_family = AF_PACKET;
741- addr.sll_ifindex = ifindex;
742- if (bind(iapp->packet_sock, (struct sockaddr *) &addr,
743- sizeof(addr)) < 0) {
744- wpa_printf(MSG_INFO, "iapp_init - bind[PACKET]: %s",
745- strerror(errno));
746- iapp_deinit(iapp);
747- return NULL;
748- }
749-
750- if (eloop_register_read_sock(iapp->udp_sock, iapp_receive_udp,
751- iapp, NULL)) {
752- wpa_printf(MSG_INFO, "Could not register read socket for IAPP");
753- iapp_deinit(iapp);
754- return NULL;
755- }
756-
757- wpa_printf(MSG_INFO, "IEEE 802.11F (IAPP) using interface %s", iface);
758-
759- /* TODO: For levels 2 and 3: send RADIUS Initiate-Request, receive
760- * RADIUS Initiate-Accept or Initiate-Reject. IAPP port should actually
761- * be openned only after receiving Initiate-Accept. If Initiate-Reject
762- * is received, IAPP is not started. */
763-
764- return iapp;
765-}
766-
767-
768-void iapp_deinit(struct iapp_data *iapp)
769-{
770- struct ip_mreqn mreq;
771-
772- if (iapp == NULL)
773- return;
774-
775- if (iapp->udp_sock >= 0) {
776- os_memset(&mreq, 0, sizeof(mreq));
777- mreq.imr_multiaddr = iapp->multicast;
778- mreq.imr_address.s_addr = INADDR_ANY;
779- mreq.imr_ifindex = 0;
780- if (setsockopt(iapp->udp_sock, SOL_IP, IP_DROP_MEMBERSHIP,
781- &mreq, sizeof(mreq)) < 0) {
782- wpa_printf(MSG_INFO, "iapp_deinit - setsockopt[UDP,IP_DEL_MEMBERSHIP]: %s",
783- strerror(errno));
784- }
785-
786- eloop_unregister_read_sock(iapp->udp_sock);
787- close(iapp->udp_sock);
788- }
789- if (iapp->packet_sock >= 0) {
790- eloop_unregister_read_sock(iapp->packet_sock);
791- close(iapp->packet_sock);
792- }
793- os_free(iapp);
794-}
795diff --git a/src/ap/iapp.h b/src/ap/iapp.h
796deleted file mode 100644
797index c22118342..000000000
798--- a/src/ap/iapp.h
799+++ /dev/null
800@@ -1,39 +0,0 @@
801-/*
802- * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP)
803- * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
804- *
805- * This software may be distributed under the terms of the BSD license.
806- * See README for more details.
807- */
808-
809-#ifndef IAPP_H
810-#define IAPP_H
811-
812-struct iapp_data;
813-
814-#ifdef CONFIG_IAPP
815-
816-void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta);
817-struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface);
818-void iapp_deinit(struct iapp_data *iapp);
819-
820-#else /* CONFIG_IAPP */
821-
822-static inline void iapp_new_station(struct iapp_data *iapp,
823- struct sta_info *sta)
824-{
825-}
826-
827-static inline struct iapp_data * iapp_init(struct hostapd_data *hapd,
828- const char *iface)
829-{
830- return NULL;
831-}
832-
833-static inline void iapp_deinit(struct iapp_data *iapp)
834-{
835-}
836-
837-#endif /* CONFIG_IAPP */
838-
839-#endif /* IAPP_H */
840diff --git a/src/utils/wpa_debug.h b/src/utils/wpa_debug.h
841index 1fe0b7db7..c94c4391f 100644
842--- a/src/utils/wpa_debug.h
843+++ b/src/utils/wpa_debug.h
844@@ -305,7 +305,6 @@ void hostapd_logger_register_cb(hostapd_logger_cb_func func);
845 #define HOSTAPD_MODULE_RADIUS 0x00000004
846 #define HOSTAPD_MODULE_WPA 0x00000008
847 #define HOSTAPD_MODULE_DRIVER 0x00000010
848-#define HOSTAPD_MODULE_IAPP 0x00000020
849 #define HOSTAPD_MODULE_MLME 0x00000040
850
851 enum hostapd_logger_level {
852--
8532.17.1
854
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb b/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb
index 68dc12370..1f38eee0f 100644
--- a/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb
+++ b/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb
@@ -12,6 +12,7 @@ SRC_URI = " \
12 file://init \ 12 file://init \
13 file://hostapd.service \ 13 file://hostapd.service \
14 file://CVE-2019-16275.patch \ 14 file://CVE-2019-16275.patch \
15 file://CVE-2019-5061.patch \
15" 16"
16 17
17SRC_URI[md5sum] = "f188fc53a495fe7af3b6d77d3c31dee8" 18SRC_URI[md5sum] = "f188fc53a495fe7af3b6d77d3c31dee8"