apply patches

This commit is contained in:
openKylinBot 2022-05-14 03:18:56 +08:00
commit 9097c2cecb
11 changed files with 66 additions and 9 deletions

View File

@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
"hostapd_notif_assoc: Skip event with no address"); "hostapd_notif_assoc: Skip event with no address");
return -1; return -1;
} }
if (is_multicast_ether_addr(addr) ||
is_zero_ether_addr(addr) ||
os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
/* Do not process any frames with unexpected/invalid SA so that
* we do not add any state for unexpected STA addresses or end
* up sending out frames to unexpected destination. */
wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
" in received indication - ignore this indication silently",
__func__, MAC2STR(addr));
return 0;
}
random_add_randomness(addr, ETH_ALEN); random_add_randomness(addr, ETH_ALEN);
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,

View File

@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
fc = le_to_host16(mgmt->frame_control); fc = le_to_host16(mgmt->frame_control);
stype = WLAN_FC_GET_STYPE(fc); stype = WLAN_FC_GET_STYPE(fc);
if (is_multicast_ether_addr(mgmt->sa) ||
is_zero_ether_addr(mgmt->sa) ||
os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
/* Do not process any frames with unexpected/invalid SA so that
* we do not add any state for unexpected STA addresses or end
* up sending out frames to unexpected destination. */
wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
" in received frame - ignore this frame silently",
MAC2STR(mgmt->sa));
return 0;
}
if (stype == WLAN_FC_STYPE_BEACON) { if (stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(hapd, mgmt, len, fi); handle_beacon(hapd, mgmt, len, fi);
return 1; return 1;

View File

@ -1035,6 +1035,13 @@ void * tls_init(const struct tls_config *conf)
os_free(data); os_free(data);
return NULL; return NULL;
} }
#ifndef EAP_SERVER_TLS
/* Enable TLSv1.0 by default to allow connecting to legacy
* networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
#endif
data->ssl = ssl; data->ssl = ssl;
if (conf) { if (conf) {
data->tls_session_lifetime = conf->tls_session_lifetime; data->tls_session_lifetime = conf->tls_session_lifetime;
@ -1577,6 +1584,7 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
#ifdef SSL_OP_NO_COMPRESSION #ifdef SSL_OP_NO_COMPRESSION
options |= SSL_OP_NO_COMPRESSION; options |= SSL_OP_NO_COMPRESSION;
#endif /* SSL_OP_NO_COMPRESSION */ #endif /* SSL_OP_NO_COMPRESSION */
options |= SSL_OP_NO_TICKET;
SSL_set_options(conn->ssl, options); SSL_set_options(conn->ssl, options);
#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT #ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
/* Hopefully there is no need for middlebox compatibility mechanisms /* Hopefully there is no need for middlebox compatibility mechanisms

View File

@ -1065,7 +1065,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
while (RTA_OK(attr, attrlen)) { while (RTA_OK(attr, attrlen)) {
switch (attr->rta_type) { switch (attr->rta_type) {
case IFLA_IFNAME: case IFLA_IFNAME:
if (RTA_PAYLOAD(attr) >= IFNAMSIZ) if (RTA_PAYLOAD(attr) > IFNAMSIZ)
break; break;
os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
ifname[RTA_PAYLOAD(attr)] = '\0'; ifname[RTA_PAYLOAD(attr)] = '\0';
@ -1240,7 +1240,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
while (RTA_OK(attr, attrlen)) { while (RTA_OK(attr, attrlen)) {
switch (attr->rta_type) { switch (attr->rta_type) {
case IFLA_IFNAME: case IFLA_IFNAME:
if (RTA_PAYLOAD(attr) >= IFNAMSIZ) if (RTA_PAYLOAD(attr) > IFNAMSIZ)
break; break;
os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
ifname[RTA_PAYLOAD(attr)] = '\0'; ifname[RTA_PAYLOAD(attr)] = '\0';

View File

@ -1017,7 +1017,7 @@ else
ifdef CONFIG_OSX ifdef CONFIG_OSX
LIBS += -framework PCSC LIBS += -framework PCSC
else else
LIBS += -lpcsclite -lpthread LIBS += $(shell $(PKG_CONFIG) --libs libpcsclite)
endif endif
endif endif
endif endif

View File

@ -9,6 +9,14 @@
<allow send_interface="fi.w1.wpa_supplicant1"/> <allow send_interface="fi.w1.wpa_supplicant1"/>
<allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/> <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
</policy> </policy>
<policy group="netdev">
<allow send_destination="fi.epitest.hostap.WPASupplicant"/>
<allow send_interface="fi.epitest.hostap.WPASupplicant"/>
<allow send_destination="fi.w1.wpa_supplicant1"/>
<allow send_interface="fi.w1.wpa_supplicant1"/>
<allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
</policy>
<policy context="default"> <policy context="default">
<deny own="fi.w1.wpa_supplicant1"/> <deny own="fi.w1.wpa_supplicant1"/>
<deny send_destination="fi.w1.wpa_supplicant1"/> <deny send_destination="fi.w1.wpa_supplicant1"/>

View File

@ -1,5 +1,5 @@
[D-BUS Service] [D-BUS Service]
Name=fi.w1.wpa_supplicant1 Name=fi.w1.wpa_supplicant1
Exec=@BINDIR@/wpa_supplicant -u Exec=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
User=root User=root
SystemdService=wpa_supplicant.service SystemdService=wpa_supplicant.service

View File

@ -9,7 +9,7 @@ Wants=network.target
[Service] [Service]
Type=simple Type=simple
ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -Dnl80211,wext -i%I
[Install] [Install]
Alias=multi-user.target.wants/wpa_supplicant@%i.service Alias=multi-user.target.wants/wpa_supplicant@%i.service

View File

@ -1,12 +1,14 @@
[Unit] [Unit]
Description=WPA supplicant Description=WPA supplicant
Before=network.target Before=network.target
After=dbus.service
Wants=network.target Wants=network.target
IgnoreOnIsolate=true
[Service] [Service]
Type=dbus Type=dbus
BusName=fi.w1.wpa_supplicant1 BusName=fi.w1.wpa_supplicant1
ExecStart=@BINDIR@/wpa_supplicant -u ExecStart=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -2,7 +2,7 @@
Version=1.0 Version=1.0
Name=wpa_gui Name=wpa_gui
Comment=Graphical user interface for wpa_supplicant Comment=Graphical user interface for wpa_supplicant
Exec=wpa_gui Exec=/usr/sbin/wpa_gui
Icon=wpa_gui Icon=wpa_gui
GenericName=wpa_supplicant user interface GenericName=wpa_supplicant user interface
Terminal=false Terminal=false

View File

@ -11,11 +11,14 @@
#endif /* CONFIG_NATIVE_WINDOWS */ #endif /* CONFIG_NATIVE_WINDOWS */
#include <cstdio> #include <cstdio>
#include <cstdlib>
#include <unistd.h> #include <unistd.h>
#include <QMessageBox> #include <QMessageBox>
#include <QCloseEvent> #include <QCloseEvent>
#include <QImageReader> #include <QImageReader>
#include <QProcess>
#include <QSettings> #include <QSettings>
#include <QStringList>
#include "wpagui.h" #include "wpagui.h"
#include "dirent.h" #include "dirent.h"
@ -1415,10 +1418,21 @@ void WpaGui::createTrayIcon(bool trayOnly)
void WpaGui::showTrayMessage(QSystemTrayIcon::MessageIcon type, int sec, void WpaGui::showTrayMessage(QSystemTrayIcon::MessageIcon type, int sec,
const QString & msg) const QString & msg)
{ {
if (!QSystemTrayIcon::supportsMessages()) if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode)
return; return;
if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode) /* first try to use KDE's notifications system if running under
* a KDE session */
if (getenv("KDE_FULL_SESSION") != NULL) {
QStringList args;
args << "--passivepopup" << msg << QString::number(sec);
args << "--title" << "wpa_gui";
if (QProcess::execute("/usr/bin/kdialog", args) == 0)
return;
}
if (!QSystemTrayIcon::supportsMessages())
return; return;
tray_icon->showMessage(qAppName(), msg, type, sec * 1000); tray_icon->showMessage(qAppName(), msg, type, sec * 1000);