apply patches

2022-05-14 03:18:56 +08:00 · 2022-05-14 03:18:56 +08:00 · 9097c2cecb
parent 0d26a8603d ebd6824eaa
commit 9097c2cecb
11 changed files with 66 additions and 9 deletions
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
 			   "hostapd_notif_assoc: Skip event with no address");
 		return -1;
 	}
+
+	if (is_multicast_ether_addr(addr) ||
+	    is_zero_ether_addr(addr) ||
+	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+		/* Do not process any frames with unexpected/invalid SA so that
+		 * we do not add any state for unexpected STA addresses or end
+		 * up sending out frames to unexpected destination. */
+		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+			   " in received indication - ignore this indication silently",
+			   __func__, MAC2STR(addr));
+		return 0;
+	}
+
 	random_add_randomness(addr, ETH_ALEN);

 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
 	fc = le_to_host16(mgmt->frame_control);
 	stype = WLAN_FC_GET_STYPE(fc);

+	if (is_multicast_ether_addr(mgmt->sa) ||
+	    is_zero_ether_addr(mgmt->sa) ||
+	    os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+		/* Do not process any frames with unexpected/invalid SA so that
+		 * we do not add any state for unexpected STA addresses or end
+		 * up sending out frames to unexpected destination. */
+		wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+			   " in received frame - ignore this frame silently",
+			   MAC2STR(mgmt->sa));
+		return 0;
+	}
+
 	if (stype == WLAN_FC_STYPE_BEACON) {
 		handle_beacon(hapd, mgmt, len, fi);
 		return 1;
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@ -1035,6 +1035,13 @@ void * tls_init(const struct tls_config *conf)
 		os_free(data);
 		return NULL;
 	}
+
+#ifndef EAP_SERVER_TLS
+	/* Enable TLSv1.0 by default to allow connecting to legacy
+	 * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
+	SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
+#endif
+
 	data->ssl = ssl;
 	if (conf) {
 		data->tls_session_lifetime = conf->tls_session_lifetime;
@ -1577,6 +1584,7 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
 #ifdef SSL_OP_NO_COMPRESSION
 	options |= SSL_OP_NO_COMPRESSION;
 #endif /* SSL_OP_NO_COMPRESSION */
+	options |= SSL_OP_NO_TICKET;
 	SSL_set_options(conn->ssl, options);
 #ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
 	/* Hopefully there is no need for middlebox compatibility mechanisms
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@ -1065,7 +1065,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
 	while (RTA_OK(attr, attrlen)) {
 		switch (attr->rta_type) {
 		case IFLA_IFNAME:
-			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
+			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
 				break;
 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
 			ifname[RTA_PAYLOAD(attr)] = '\0';
@ -1240,7 +1240,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
 	while (RTA_OK(attr, attrlen)) {
 		switch (attr->rta_type) {
 		case IFLA_IFNAME:
-			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
+			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
 				break;
 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
 			ifname[RTA_PAYLOAD(attr)] = '\0';
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@ -1017,7 +1017,7 @@ else
 ifdef CONFIG_OSX
 LIBS += -framework PCSC
 else
-LIBS += -lpcsclite -lpthread
+LIBS += $(shell $(PKG_CONFIG) --libs libpcsclite)
 endif
 endif
 endif
--- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
+++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
@ -9,6 +9,14 @@
                <allow send_interface="fi.w1.wpa_supplicant1"/>
                <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
        </policy>
+        <policy group="netdev">
+                <allow send_destination="fi.epitest.hostap.WPASupplicant"/>
+                <allow send_interface="fi.epitest.hostap.WPASupplicant"/>
+
+                <allow send_destination="fi.w1.wpa_supplicant1"/>
+                <allow send_interface="fi.w1.wpa_supplicant1"/>
+                <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
+        </policy>
        <policy context="default">
                <deny own="fi.w1.wpa_supplicant1"/>
                <deny send_destination="fi.w1.wpa_supplicant1"/>
--- a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
+++ b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
@ -1,5 +1,5 @@
 [D-BUS Service]
 Name=fi.w1.wpa_supplicant1
-Exec=@BINDIR@/wpa_supplicant -u
+Exec=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
 User=root
 SystemdService=wpa_supplicant.service
--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
@ -9,7 +9,7 @@ Wants=network.target

 [Service]
 Type=simple
-ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
+ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -Dnl80211,wext -i%I

 [Install]
 Alias=multi-user.target.wants/wpa_supplicant@%i.service
--- a/wpa_supplicant/systemd/wpa_supplicant.service.in
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.in
@ -1,12 +1,14 @@
 [Unit]
 Description=WPA supplicant
 Before=network.target
+After=dbus.service
 Wants=network.target
+IgnoreOnIsolate=true

 [Service]
 Type=dbus
 BusName=fi.w1.wpa_supplicant1
-ExecStart=@BINDIR@/wpa_supplicant -u
+ExecStart=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant

 [Install]
 WantedBy=multi-user.target
--- a/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop
+++ b/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop
@ -2,7 +2,7 @@
 Version=1.0
 Name=wpa_gui
 Comment=Graphical user interface for wpa_supplicant
-Exec=wpa_gui
+Exec=/usr/sbin/wpa_gui
 Icon=wpa_gui
 GenericName=wpa_supplicant user interface
 Terminal=false
--- a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
+++ b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
@ -11,11 +11,14 @@
 #endif /* CONFIG_NATIVE_WINDOWS */

 #include <cstdio>
+#include <cstdlib>
 #include <unistd.h>
 #include <QMessageBox>
 #include <QCloseEvent>
 #include <QImageReader>
+#include <QProcess>
 #include <QSettings>
+#include <QStringList>

 #include "wpagui.h"
 #include "dirent.h"
@ -1415,10 +1418,21 @@ void WpaGui::createTrayIcon(bool trayOnly)
 void WpaGui::showTrayMessage(QSystemTrayIcon::MessageIcon type, int sec,
 			     const QString & msg)
 {
-	if (!QSystemTrayIcon::supportsMessages())
+	if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode)
 		return;

-	if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode)
+	/* first try to use KDE's notifications system if running under
+	 * a KDE session */
+	if (getenv("KDE_FULL_SESSION") != NULL) {
+		QStringList args;
+		args << "--passivepopup" << msg << QString::number(sec);
+		args << "--title" << "wpa_gui";
+
+		if (QProcess::execute("/usr/bin/kdialog", args) == 0)
+		    return;
+	}
+
+	if (!QSystemTrayIcon::supportsMessages())
 		return;

 	tray_icon->showMessage(qAppName(), msg, type, sec * 1000);