diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-wireless/wpa_supplicant/files | |
download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'net-wireless/wpa_supplicant/files')
19 files changed, 1080 insertions, 0 deletions
diff --git a/net-wireless/wpa_supplicant/files/2015-1/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch b/net-wireless/wpa_supplicant/files/2015-1/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch new file mode 100644 index 000000000000..de1964ca7697 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2015-1/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch @@ -0,0 +1,42 @@ +From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@qca.qualcomm.com> +Date: Tue, 7 Apr 2015 11:32:11 +0300 +Subject: [PATCH] P2P: Validate SSID element length before copying it + (CVE-2015-1863) + +This fixes a possible memcpy overflow for P2P dev->oper_ssid in +p2p_add_device(). The length provided by the peer device (0..255 bytes) +was used without proper bounds checking and that could have resulted in +arbitrary data of up to 223 bytes being written beyond the end of the +dev->oper_ssid[] array (of which about 150 bytes would be beyond the +heap allocation) when processing a corrupted management frame for P2P +peer discovery purposes. + +This could result in corrupted state in heap, unexpected program +behavior due to corrupted P2P peer device information, denial of service +due to process crash, exposure of memory contents during GO Negotiation, +and potentially arbitrary code execution. + +Thanks to Google security team for reporting this issue and smart +hardware research group of Alibaba security team for discovering it. + +Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> +--- + src/p2p/p2p.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c +index f584fae..a45fe73 100644 +--- a/src/p2p/p2p.c ++++ b/src/p2p/p2p.c +@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq, + if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0) + os_memcpy(dev->interface_addr, addr, ETH_ALEN); + if (msg.ssid && ++ msg.ssid[1] <= sizeof(dev->oper_ssid) && + (msg.ssid[1] != P2P_WILDCARD_SSID_LEN || + os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) + != 0)) { +-- +1.9.1 + diff --git a/net-wireless/wpa_supplicant/files/2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch b/net-wireless/wpa_supplicant/files/2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch new file mode 100644 index 000000000000..36b4ca294699 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch @@ -0,0 +1,49 @@ +From 5acd23f4581da58683f3cf5e36cb71bbe4070bd7 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Tue, 28 Apr 2015 17:08:33 +0300 +Subject: [PATCH] WPS: Fix HTTP chunked transfer encoding parser + +strtoul() return value may end up overflowing the int h->chunk_size and +resulting in a negative value to be stored as the chunk_size. This could +result in the following memcpy operation using a very large length +argument which would result in a buffer overflow and segmentation fault. + +This could have been used to cause a denial service by any device that +has been authorized for network access (either wireless or wired). This +would affect both the WPS UPnP functionality in a WPS AP (hostapd with +upnp_iface parameter set in the configuration) and WPS ER +(wpa_supplicant with WPS_ER_START control interface command used). + +Validate the parsed chunk length value to avoid this. In addition to +rejecting negative values, we can also reject chunk size that would be +larger than the maximum configured body length. + +Thanks to Kostya Kortchinsky of Google security team for discovering and +reporting this issue. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/wps/httpread.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/wps/httpread.c b/src/wps/httpread.c +index 2f08f37..d2855e3 100644 +--- a/src/wps/httpread.c ++++ b/src/wps/httpread.c +@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx) + if (!isxdigit(*cbp)) + goto bad; + h->chunk_size = strtoul(cbp, NULL, 16); ++ if (h->chunk_size < 0 || ++ h->chunk_size > h->max_bytes) { ++ wpa_printf(MSG_DEBUG, ++ "httpread: Invalid chunk size %d", ++ h->chunk_size); ++ goto bad; ++ } + /* throw away chunk header + * so we have only real data + */ +-- +1.9.1 + diff --git a/net-wireless/wpa_supplicant/files/2015-3/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch b/net-wireless/wpa_supplicant/files/2015-3/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch new file mode 100644 index 000000000000..79c5af8906fa --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2015-3/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch @@ -0,0 +1,41 @@ +From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Wed, 29 Apr 2015 02:21:53 +0300 +Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser + +The length of the WMM Action frame was not properly validated and the +length of the information elements (int left) could end up being +negative. This would result in reading significantly past the stack +buffer while parsing the IEs in ieee802_11_parse_elems() and while doing +so, resulting in segmentation fault. + +This can result in an invalid frame being used for a denial of service +attack (hostapd process killed) against an AP with a driver that uses +hostapd for management frame processing (e.g., all mac80211-based +drivers). + +Thanks to Kostya Kortchinsky of Google security team for discovering and +reporting this issue. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/ap/wmm.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/ap/wmm.c b/src/ap/wmm.c +index 6d4177c..314e244 100644 +--- a/src/ap/wmm.c ++++ b/src/ap/wmm.c +@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_data *hapd, + return; + } + ++ if (left < 0) ++ return; /* not a valid WMM Action frame */ ++ + /* extract the tspec info element */ + if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) { + hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, +-- +1.9.1 + diff --git a/net-wireless/wpa_supplicant/files/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch b/net-wireless/wpa_supplicant/files/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch new file mode 100644 index 000000000000..91627fb7b7f6 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch @@ -0,0 +1,73 @@ +From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Fri, 1 May 2015 16:37:45 +0300 +Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit + and Confirm + +The length of the received Commit and Confirm message payloads was not +checked before reading them. This could result in a buffer read +overflow when processing an invalid message. + +Fix this by verifying that the payload is of expected length before +processing it. In addition, enforce correct state transition sequence to +make sure there is no unexpected behavior if receiving a Commit/Confirm +message before the previous exchanges have been completed. + +Thanks to Kostya Kortchinsky of Google security team for discovering and +reporting this issue. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/eap_peer/eap_pwd.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c +index f2b0926..a629437 100644 +--- a/src/eap_peer/eap_pwd.c ++++ b/src/eap_peer/eap_pwd.c +@@ -355,6 +355,23 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data, + BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL; + u16 offset; + u8 *ptr, *scalar = NULL, *element = NULL; ++ size_t prime_len, order_len; ++ ++ if (data->state != PWD_Commit_Req) { ++ ret->ignore = TRUE; ++ goto fin; ++ } ++ ++ prime_len = BN_num_bytes(data->grp->prime); ++ order_len = BN_num_bytes(data->grp->order); ++ ++ if (payload_len != 2 * prime_len + order_len) { ++ wpa_printf(MSG_INFO, ++ "EAP-pwd: Unexpected Commit payload length %u (expected %u)", ++ (unsigned int) payload_len, ++ (unsigned int) (2 * prime_len + order_len)); ++ goto fin; ++ } + + if (((data->private_value = BN_new()) == NULL) || + ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) || +@@ -554,6 +571,18 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data, + u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr; + int offset; + ++ if (data->state != PWD_Confirm_Req) { ++ ret->ignore = TRUE; ++ goto fin; ++ } ++ ++ if (payload_len != SHA256_MAC_LEN) { ++ wpa_printf(MSG_INFO, ++ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)", ++ (unsigned int) payload_len, SHA256_MAC_LEN); ++ goto fin; ++ } ++ + /* + * first build up the ciphersuite which is group | random_function | + * prf +-- +1.9.1 + diff --git a/net-wireless/wpa_supplicant/files/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch b/net-wireless/wpa_supplicant/files/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch new file mode 100644 index 000000000000..5dca20b2771b --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch @@ -0,0 +1,66 @@ +From e28a58be26184c2a23f80b410e0997ef1bd5d578 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Fri, 1 May 2015 16:40:44 +0300 +Subject: [PATCH 2/5] EAP-pwd server: Fix payload length validation for Commit + and Confirm + +The length of the received Commit and Confirm message payloads was not +checked before reading them. This could result in a buffer read +overflow when processing an invalid message. + +Fix this by verifying that the payload is of expected length before +processing it. In addition, enforce correct state transition sequence to +make sure there is no unexpected behavior if receiving a Commit/Confirm +message before the previous exchanges have been completed. + +Thanks to Kostya Kortchinsky of Google security team for discovering and +reporting this issue. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/eap_server/eap_server_pwd.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c +index 66bd5d2..3189105 100644 +--- a/src/eap_server/eap_server_pwd.c ++++ b/src/eap_server/eap_server_pwd.c +@@ -656,9 +656,21 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data, + BIGNUM *x = NULL, *y = NULL, *cofactor = NULL; + EC_POINT *K = NULL, *point = NULL; + int res = 0; ++ size_t prime_len, order_len; + + wpa_printf(MSG_DEBUG, "EAP-pwd: Received commit response"); + ++ prime_len = BN_num_bytes(data->grp->prime); ++ order_len = BN_num_bytes(data->grp->order); ++ ++ if (payload_len != 2 * prime_len + order_len) { ++ wpa_printf(MSG_INFO, ++ "EAP-pwd: Unexpected Commit payload length %u (expected %u)", ++ (unsigned int) payload_len, ++ (unsigned int) (2 * prime_len + order_len)); ++ goto fin; ++ } ++ + if (((data->peer_scalar = BN_new()) == NULL) || + ((data->k = BN_new()) == NULL) || + ((cofactor = BN_new()) == NULL) || +@@ -774,6 +786,13 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data, + u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr; + int offset; + ++ if (payload_len != SHA256_MAC_LEN) { ++ wpa_printf(MSG_INFO, ++ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)", ++ (unsigned int) payload_len, SHA256_MAC_LEN); ++ goto fin; ++ } ++ + /* build up the ciphersuite: group | random_function | prf */ + grp = htons(data->group_num); + ptr = (u8 *) &cs; +-- +1.9.1 + diff --git a/net-wireless/wpa_supplicant/files/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch b/net-wireless/wpa_supplicant/files/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch new file mode 100644 index 000000000000..4d2f9d8aefeb --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch @@ -0,0 +1,52 @@ +From 477c74395acd0123340457ba6f15ab345d42016e Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 2 May 2015 19:23:04 +0300 +Subject: [PATCH 3/5] EAP-pwd peer: Fix Total-Length parsing for fragment + reassembly + +The remaining number of bytes in the message could be smaller than the +Total-Length field size, so the length needs to be explicitly checked +prior to reading the field and decrementing the len variable. This could +have resulted in the remaining length becoming negative and interpreted +as a huge positive integer. + +In addition, check that there is no already started fragment in progress +before allocating a new buffer for reassembling fragments. This avoid a +potential memory leak when processing invalid message. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/eap_peer/eap_pwd.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c +index a629437..1d2079b 100644 +--- a/src/eap_peer/eap_pwd.c ++++ b/src/eap_peer/eap_pwd.c +@@ -866,11 +866,23 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, + * if it's the first fragment there'll be a length field + */ + if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) { ++ if (len < 2) { ++ wpa_printf(MSG_DEBUG, ++ "EAP-pwd: Frame too short to contain Total-Length field"); ++ ret->ignore = TRUE; ++ return NULL; ++ } + tot_len = WPA_GET_BE16(pos); + wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose " + "total length = %d", tot_len); + if (tot_len > 15000) + return NULL; ++ if (data->inbuf) { ++ wpa_printf(MSG_DEBUG, ++ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use"); ++ ret->ignore = TRUE; ++ return NULL; ++ } + data->inbuf = wpabuf_alloc(tot_len); + if (data->inbuf == NULL) { + wpa_printf(MSG_INFO, "Out of memory to buffer " +-- +1.9.1 + diff --git a/net-wireless/wpa_supplicant/files/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch b/net-wireless/wpa_supplicant/files/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch new file mode 100644 index 000000000000..7edef099eb59 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch @@ -0,0 +1,50 @@ +From 3035cc2894e08319b905bd6561e8bddc8c2db9fa Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 2 May 2015 19:26:06 +0300 +Subject: [PATCH 4/5] EAP-pwd server: Fix Total-Length parsing for fragment + reassembly + +The remaining number of bytes in the message could be smaller than the +Total-Length field size, so the length needs to be explicitly checked +prior to reading the field and decrementing the len variable. This could +have resulted in the remaining length becoming negative and interpreted +as a huge positive integer. + +In addition, check that there is no already started fragment in progress +before allocating a new buffer for reassembling fragments. This avoid a +potential memory leak when processing invalid message. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/eap_server/eap_server_pwd.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c +index 3189105..2bfc3c2 100644 +--- a/src/eap_server/eap_server_pwd.c ++++ b/src/eap_server/eap_server_pwd.c +@@ -942,11 +942,21 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv, + * the first fragment has a total length + */ + if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) { ++ if (len < 2) { ++ wpa_printf(MSG_DEBUG, ++ "EAP-pwd: Frame too short to contain Total-Length field"); ++ return; ++ } + tot_len = WPA_GET_BE16(pos); + wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments, total " + "length = %d", tot_len); + if (tot_len > 15000) + return; ++ if (data->inbuf) { ++ wpa_printf(MSG_DEBUG, ++ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use"); ++ return; ++ } + data->inbuf = wpabuf_alloc(tot_len); + if (data->inbuf == NULL) { + wpa_printf(MSG_INFO, "EAP-pwd: Out of memory to " +-- +1.9.1 + diff --git a/net-wireless/wpa_supplicant/files/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch b/net-wireless/wpa_supplicant/files/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch new file mode 100644 index 000000000000..a601323f14da --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch @@ -0,0 +1,32 @@ +From 28a069a545b06b99eb55ad53f63f2c99e65a98f6 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 2 May 2015 19:26:28 +0300 +Subject: [PATCH 5/5] EAP-pwd peer: Fix asymmetric fragmentation behavior + +The L (Length) and M (More) flags needs to be cleared before deciding +whether the locally generated response requires fragmentation. This +fixes an issue where these flags from the server could have been invalid +for the following message. In some cases, this could have resulted in +triggering the wpabuf security check that would terminate the process +due to invalid buffer allocation. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/eap_peer/eap_pwd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c +index 1d2079b..e58b13a 100644 +--- a/src/eap_peer/eap_pwd.c ++++ b/src/eap_peer/eap_pwd.c +@@ -968,6 +968,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, + /* + * we have output! Do we need to fragment it? + */ ++ lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch); + len = wpabuf_len(data->outbuf); + if ((len + EAP_PWD_HDR_SIZE) > data->mtu) { + resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu, +-- +1.9.1 + diff --git a/net-wireless/wpa_supplicant/files/2015-5/0001-NFC-Avoid-misaligned-read-of-an-NDEF-field.patch b/net-wireless/wpa_supplicant/files/2015-5/0001-NFC-Avoid-misaligned-read-of-an-NDEF-field.patch new file mode 100644 index 000000000000..d03eb484fc28 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2015-5/0001-NFC-Avoid-misaligned-read-of-an-NDEF-field.patch @@ -0,0 +1,29 @@ +From fc880b11ed70ff9dcf8be48621f75d354cc5094d Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Tue, 7 Jul 2015 15:33:55 +0300 +Subject: [PATCH] NFC: Avoid misaligned read of an NDEF field + +The 32-bit version of payload length field may not be 32-bit aligned in +the message buffer, so use WPA_GET_BE32() to read it instead of ntohl(). + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/wps/ndef.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/wps/ndef.c b/src/wps/ndef.c +index 8d1ce1e..5604b0a 100644 +--- a/src/wps/ndef.c ++++ b/src/wps/ndef.c +@@ -47,7 +47,7 @@ static int ndef_parse_record(const u8 *data, u32 size, + } else { + if (size < 6) + return -1; +- record->payload_length = ntohl(*(u32 *)pos); ++ record->payload_length = WPA_GET_BE32(pos); + pos += sizeof(u32); + } + +-- +1.7.9.5 + diff --git a/net-wireless/wpa_supplicant/files/2015-5/0002-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch b/net-wireless/wpa_supplicant/files/2015-5/0002-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch new file mode 100644 index 000000000000..1f624c8dad46 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2015-5/0002-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch @@ -0,0 +1,61 @@ +From df9079e72760ceb7ebe7fb11538200c516bdd886 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Tue, 7 Jul 2015 21:57:28 +0300 +Subject: [PATCH] NFC: Fix payload length validation in NDEF record parser + +It was possible for the 32-bit record->total_length value to end up +wrapping around due to integer overflow if the longer form of payload +length field is used and record->payload_length gets a value close to +2^32. This could result in ndef_parse_record() accepting a too large +payload length value and the record type filter reading up to about 20 +bytes beyond the end of the buffer and potentially killing the process. +This could also result in an attempt to allocate close to 2^32 bytes of +heap memory and if that were to succeed, a buffer read overflow of the +same length which would most likely result in the process termination. +In case of record->total_length ending up getting the value 0, there +would be no buffer read overflow, but record parsing would result in an +infinite loop in ndef_parse_records(). + +Any of these error cases could potentially be used for denial of service +attacks over NFC by using a malformed NDEF record on an NFC Tag or +sending them during NFC connection handover if the application providing +the NDEF message to hostapd/wpa_supplicant did no validation of the +received records. While such validation is likely done in the NFC stack +that needs to parse the NFC messages before further processing, +hostapd/wpa_supplicant better be prepared for any data being included +here. + +Fix this by validating record->payload_length value in a way that +detects integer overflow. (CID 122668) + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/wps/ndef.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/wps/ndef.c b/src/wps/ndef.c +index 5604b0a..50d018f 100644 +--- a/src/wps/ndef.c ++++ b/src/wps/ndef.c +@@ -48,6 +48,8 @@ static int ndef_parse_record(const u8 *data, u32 size, + if (size < 6) + return -1; + record->payload_length = WPA_GET_BE32(pos); ++ if (record->payload_length > size - 6) ++ return -1; + pos += sizeof(u32); + } + +@@ -68,7 +70,8 @@ static int ndef_parse_record(const u8 *data, u32 size, + pos += record->payload_length; + + record->total_length = pos - data; +- if (record->total_length > size) ++ if (record->total_length > size || ++ record->total_length < record->payload_length) + return -1; + return 0; + } +-- +1.9.1 + diff --git a/net-wireless/wpa_supplicant/files/wpa_cli.sh b/net-wireless/wpa_supplicant/files/wpa_cli.sh new file mode 100644 index 000000000000..f363ba9c8853 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/wpa_cli.sh @@ -0,0 +1,47 @@ +#!/bin/sh +# Copyright 1999-2011 Gentoo Foundation +# Written by Roy Marples <uberlord@gentoo.org> +# Distributed under the terms of the GNU General Public License v2 +# Alternatively, this file may be distributed under the terms of the BSD License +# $Id$ + +if [ -z "$1" -o -z "$2" ]; then + logger -t wpa_cli "Insufficient parameters" + exit 1 +fi + +INTERFACE="$1" +ACTION="$2" + +# Note, the below action must NOT mark the interface down via ifconfig, ip or +# similar. Addresses can be removed, changed and daemons can be stopped, but +# the interface must remain up for wpa_supplicant to work. + +if [ -f /etc/gentoo-release ]; then + EXEC="/etc/init.d/net.${INTERFACE} --quiet" +else + logger -t wpa_cli "I don't know what to do with this distro!" + exit 1 +fi + +case ${ACTION} in + CONNECTED) + EXEC="${EXEC} start" + ;; + DISCONNECTED) + # Deactivated, since stopping /etc/init.d/net.wlanX + # stops the network completly. + EXEC="false ${EXEC} stop" + ;; + *) + logger -t wpa_cli "Unknown action ${ACTION}" + exit 1 + ;; +esac + +# ${EXEC} can use ${IN_BACKGROUND} so that it knows that the user isn't +# stopping the interface and a background process - like wpa_cli - is. +export IN_BACKGROUND=true + +logger -t wpa_cli "interface ${INTERFACE} ${ACTION}" +${EXEC} || logger -t wpa_cli "executing '${EXEC}' failed" diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.4-dbus-path-fix.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.4-dbus-path-fix.patch new file mode 100644 index 000000000000..976d71b0ec39 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.4-dbus-path-fix.patch @@ -0,0 +1,20 @@ +diff -aurp a/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in b/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in +--- a/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in 2012-05-15 09:00:03.048545044 +0000 ++++ b/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in 2012-05-15 09:01:19.759550509 +0000 +@@ -1,5 +1,5 @@ + [D-BUS Service] + Name=fi.epitest.hostap.WPASupplicant +-Exec=@BINDIR@/wpa_supplicant -u ++Exec=/usr/sbin/wpa_supplicant -u + User=root + SystemdService=wpa_supplicant.service +diff -aurp a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in +--- a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in 2012-05-15 09:00:03.048545044 +0000 ++++ b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in 2012-05-15 09:01:28.727551913 +0000 +@@ -1,5 +1,5 @@ + [D-BUS Service] + Name=fi.w1.wpa_supplicant1 +-Exec=@BINDIR@/wpa_supplicant -u ++Exec=/usr/sbin/wpa_supplicant -u + User=root + SystemdService=wpa_supplicant.service diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.4-do-not-call-dbus-functions-with-NULL-path.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.4-do-not-call-dbus-functions-with-NULL-path.patch new file mode 100644 index 000000000000..bbff73e13d42 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.4-do-not-call-dbus-functions-with-NULL-path.patch @@ -0,0 +1,60 @@ +diff -aurp a/wpa_supplicant/dbus/dbus_new_helpers.c b/wpa_supplicant/dbus/dbus_new_helpers.c +--- a/wpa_supplicant/dbus/dbus_new_helpers.c 2012-05-15 07:28:37.616150164 +0000 ++++ b/wpa_supplicant/dbus/dbus_new_helpers.c 2012-05-15 07:30:21.904157611 +0000 +@@ -882,7 +882,7 @@ void wpa_dbus_mark_property_changed(stru + const struct wpa_dbus_property_desc *dsc; + int i = 0; + +- if (iface == NULL) ++ if (iface == NULL || path == NULL) + return; + + dbus_connection_get_object_path_data(iface->con, path, +diff -aurp a/wpa_supplicant/dbus/dbus_old.c b/wpa_supplicant/dbus/dbus_old.c +--- a/wpa_supplicant/dbus/dbus_old.c 2012-05-15 07:28:29.502149373 +0000 ++++ b/wpa_supplicant/dbus/dbus_old.c 2012-05-15 07:30:48.859162441 +0000 +@@ -379,7 +379,7 @@ void wpa_supplicant_dbus_notify_scan_res + DBusMessage *_signal; + + /* Do nothing if the control interface is not turned on */ +- if (iface == NULL) ++ if (iface == NULL || wpa_s->dbus_path == NULL) + return; + + _signal = dbus_message_new_signal(wpa_s->dbus_path, +@@ -419,7 +419,7 @@ void wpa_supplicant_dbus_notify_state_ch + if (wpa_s->global == NULL) + return; + iface = wpa_s->global->dbus; +- if (iface == NULL) ++ if (iface == NULL || wpa_s->dbus_path == NULL) + return; + + /* Only send signal if state really changed */ +@@ -478,7 +478,7 @@ void wpa_supplicant_dbus_notify_scanning + dbus_bool_t scanning = wpa_s->scanning ? TRUE : FALSE; + + /* Do nothing if the control interface is not turned on */ +- if (iface == NULL) ++ if (iface == NULL || wpa_s->dbus_path == NULL) + return; + + _signal = dbus_message_new_signal(wpa_s->dbus_path, +@@ -513,7 +513,7 @@ void wpa_supplicant_dbus_notify_wps_cred + if (wpa_s->global == NULL) + return; + iface = wpa_s->global->dbus; +- if (iface == NULL) ++ if (iface == NULL || wpa_s->dbus_path == NULL) + return; + + _signal = dbus_message_new_signal(wpa_s->dbus_path, +@@ -564,7 +564,7 @@ void wpa_supplicant_dbus_notify_certific + if (wpa_s->global == NULL) + return; + iface = wpa_s->global->dbus; +- if (iface == NULL) ++ if (iface == NULL || wpa_s->dbus_path == NULL) + return; + + _signal = dbus_message_new_signal(wpa_s->dbus_path, diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.4-generate-libeap-peer.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.4-generate-libeap-peer.patch new file mode 100644 index 000000000000..6f3605713353 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.4-generate-libeap-peer.patch @@ -0,0 +1,353 @@ +diff -Naurp a/src/eap_peer/Makefile b/src/eap_peer/Makefile +--- a/src/eap_peer/Makefile 2012-05-15 08:23:17.152386964 +0000 ++++ b/src/eap_peer/Makefile 2012-05-15 08:23:57.403389760 +0000 +@@ -1,11 +1,192 @@ +-all: +- @echo Nothing to be made. ++LIBEAP_NAME = libeap ++LIBEAP_CURRENT = 0 ++LIBEAP_REVISION = 0 ++LIBEAP_AGE = 0 ++ ++LIBEAP = $(LIBEAP_NAME).so.$(LIBEAP_CURRENT).$(LIBEAP_REVISION).$(LIBEAP_AGE) ++LIBEAP_SO = $(LIBEAP_NAME).so.$(LIBEAP_CURRENT) ++ ++.PHONY: all clean install uninstall ++ ++all: $(LIBEAP) ++ ++ifndef CC ++CC=gcc ++endif ++ ++ifndef CFLAGS ++CFLAGS = -MMD -O0 -Wall -g ++endif ++ ++CONFIG_TLS=openssl ++ ++INCLUDE_INSTALL_DIR=/usr/include/eap_peer ++ ++# Got to use override all across the board, otherwise a 'make ++# CFLAGS=XX' will kill us because the command line's CFLAGS will ++# overwrite Make's and we'll loose all the infrastructure it sets. ++override CFLAGS += -I. -I.. -I../crypto -I../utils -I../common ++ ++# at least for now, need to include config_ssid.h and config_blob.h from ++# wpa_supplicant directory ++override CFLAGS += -I ../../wpa_supplicant ++ ++OBJS_both += ../utils/common.o ++OBJS_both += ../utils/os_unix.o ++OBJS_both += ../utils/wpa_debug.o ++OBJS_both += ../utils/base64.o ++OBJS_both += ../utils/wpabuf.o ++OBJS_both += ../utils/eloop.o ++ifneq ($(CONFIG_TLS), openssl) ++OBJS_both += ../crypto/md5.o ++OBJS_both += ../crypto/sha1.o ++endif ++OBJS_both += ../crypto/sha1-tlsprf.o ++OBJS_both += ../crypto/aes-encblock.o ++ifneq ($(CONFIG_TLS), openssl) ++OBJS_both += ../crypto/aes-wrap.o ++endif ++OBJS_both += ../crypto/aes-ctr.o ++OBJS_both += ../crypto/aes-eax.o ++OBJS_both += ../crypto/aes-omac1.o ++OBJS_both += ../crypto/ms_funcs.o ++OBJS_both += ../crypto/sha256.o ++OBJS_both += ../crypto/random.o ++ ++ ++OBJS_both += ../eap_common/eap_peap_common.o ++OBJS_both += ../eap_common/eap_psk_common.o ++OBJS_both += ../eap_common/eap_pax_common.o ++OBJS_both += ../eap_common/eap_sake_common.o ++OBJS_both += ../eap_common/eap_gpsk_common.o ++OBJS_both += ../eap_common/chap.o ++ ++OBJS_peer += ../eap_peer/eap_tls.o ++OBJS_peer += ../eap_peer/eap_peap.o ++OBJS_peer += ../eap_peer/eap_ttls.o ++OBJS_peer += ../eap_peer/eap_md5.o ++OBJS_peer += ../eap_peer/eap_mschapv2.o ++OBJS_peer += ../eap_peer/mschapv2.o ++OBJS_peer += ../eap_peer/eap_otp.o ++OBJS_peer += ../eap_peer/eap_gtc.o ++OBJS_peer += ../eap_peer/eap_leap.o ++OBJS_peer += ../eap_peer/eap_psk.o ++OBJS_peer += ../eap_peer/eap_pax.o ++OBJS_peer += ../eap_peer/eap_sake.o ++OBJS_peer += ../eap_peer/eap_gpsk.o ++OBJS_peer += ../eap_peer/eap.o ++OBJS_peer += ../eap_common/eap_common.o ++OBJS_peer += ../eap_peer/eap_methods.o ++OBJS_peer += ../eap_peer/eap_tls_common.o ++ ++override CFLAGS += -DEAP_TLS ++override CFLAGS += -DEAP_PEAP ++override CFLAGS += -DEAP_TTLS ++override CFLAGS += -DEAP_MD5 ++override CFLAGS += -DEAP_MSCHAPv2 ++override CFLAGS += -DEAP_GTC ++override CFLAGS += -DEAP_OTP ++override CFLAGS += -DEAP_LEAP ++override CFLAGS += -DEAP_PSK ++override CFLAGS += -DEAP_PAX ++override CFLAGS += -DEAP_SAKE ++override CFLAGS += -DEAP_GPSK -DEAP_GPSK_SHA256 ++override CFLAGS += -DEAP_TLS_FUNCS ++ ++override CFLAGS += -DIEEE8021X_EAPOL ++ ++ifeq ($(CONFIG_TLS), openssl) ++override CFLAGS += -DEAP_TLS_OPENSSL ++OBJS_both += ../crypto/tls_openssl.o ++OBJS_both += ../crypto/crypto_openssl.o ++LIBS += -lssl -lcrypto ++override CFLAGS += -DINTERNAL_SHA256 ++endif ++ ++ifeq ($(CONFIG_TLS), internal) ++OBJS_both += ../crypto/tls_internal.o ++OBJS_both += ../tls/tlsv1_common.o ../../tls/tlsv1_record.o ++OBJS_both += ../tls/tlsv1_cred.o ++OBJS_both += ../tls/asn1.o ../../tls/x509v3.o ++OBJS_both += ../crypto/crypto_internal.o ../../tls/rsa.o ../../tls/bignum.o ++ ++OBJS_peer += ../tls/tlsv1_client.o ++OBJS_peer += ../tls/tlsv1_client_write.o ../../tls/tlsv1_client_read.o ++override CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT ++ ++OBJS_server += ../tls/tlsv1_server.o ++OBJS_server += ../tls/tlsv1_server_write.o ../../tls/tlsv1_server_read.o ++override CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER ++ ++override CFLAGS += -DCONFIG_TLS_INTERNAL ++override CFLAGS += -DCONFIG_CRYPTO_INTERNAL ++override CFLAGS += -DCONFIG_INTERNAL_X509 ++override CFLAGS += -DINTERNAL_AES ++override CFLAGS += -DINTERNAL_SHA1 ++override CFLAGS += -DINTERNAL_SHA256 ++override CFLAGS += -DINTERNAL_MD5 ++override CFLAGS += -DINTERNAL_MD4 ++override CFLAGS += -DINTERNAL_DES ++ifdef CONFIG_INTERNAL_LIBTOMMATH ++override CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH ++else ++LIBS += -ltommath ++endif ++endif ++ ++ifndef LDO ++LDO=$(CC) ++endif ++ ++ ++OBJS_lib=$(OBJS_both) $(OBJS_peer) ++ ++ #$(OBJS_server) ++ ++override CFLAGS += -fPIC -DPIC ++LDFLAGS += -shared ++ ++$(LIBEAP): $(OBJS_lib) ++ $(LDO) $(LDFLAGS) $(OBJS_lib) -Wl,-soname -Wl,$(LIBEAP_SO) -o $(LIBEAP) $(LIBS) ++ ++ ++UTIL_HEADERS = ../utils/includes.h ../utils/common.h \ ++ ../utils/wpabuf.h ../utils/build_config.h \ ++ ../utils/os.h ../utils/wpa_debug.h ++COMMON_HEADERS = ../common/defs.h ++EAP_COMMON_HEADERS = ../eap_common/eap_defs.h ++MAIN_HEADERS = eap.h eap_methods.h eap_config.h ++CRYPTO_HEADERS = ../crypto/tls.h ++ ++install: ++ ++ mkdir -p $(DESTDIR)/usr/lib ++# copy the lib file to std lib location ++ cp $(LIBEAP) $(DESTDIR)/usr/lib ++ ln -fs $(LIBEAP_SO) $(DESTDIR)/usr/lib/$(LIBEAP_NAME).so ++ ln -fs $(LIBEAP_NAME).so.0.0.0 $(DESTDIR)/usr/lib/$(LIBEAP_NAME).so.0 ++ ++# copy the headers reqd by apps using eap peer library in its own subfolder under /usr/include ++ mkdir -p \ ++ $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/eap_common \ ++ $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/common \ ++ $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/util \ ++ $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/crypto ++ install -m 0644 $(EAP_COMMON_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/eap_common ++ install -m 0644 $(COMMON_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/common ++ install -m 0644 $(CRYPTO_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/crypto ++ install -m 0644 $(UTIL_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/util ++ install -m 0644 $(MAIN_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/ ++ ++ mkdir -p $(DESTDIR)/usr/lib/pkgconfig ++ cp libeap0.pc $(DESTDIR)/usr/lib/pkgconfig ++ ++uninstall: ++ ++ rm $(DESTDIR)/usr/lib/$(LIBEAP) ++ rm -fr $(DESTDIR)/$(INCLUDE_INSTALL_DIR) ++ rm -f $(DESTDIR)/usr/lib/pkgconfig/libeap0.pc + + clean: +- rm -f *~ *.o *.so *.d *.gcno *.gcda *.gcov ++ rm -f *~ *.o *.so *.d *.gcno *.gcda *.gcov libeap.a $(LIBEAP) $(OBJS_lib) + +-install: +- if ls *.so >/dev/null 2>&1; then \ +- install -d $(DESTDIR)$(LIBDIR)/wpa_supplicant && \ +- cp *.so $(DESTDIR)$(LIBDIR)/wpa_supplicant \ +- ; fi +diff -Naurp a/src/eap_peer/eap_methods.c b/src/eap_peer/eap_methods.c +--- a/src/eap_peer/eap_methods.c 2012-05-15 08:23:17.151386999 +0000 ++++ b/src/eap_peer/eap_methods.c 2012-05-15 08:23:57.403389760 +0000 +@@ -336,6 +336,120 @@ + + + /** ++ * eap_peer_register_methods - Register all known EAP peer methods ++ * ++ * This function is called at program start to register all compiled ++ * in EAP peer methods. ++ */ ++int eap_peer_register_methods(void) ++{ ++ int ret = 0; ++ ++#ifdef EAP_MD5 ++ if (ret == 0) ++ ret = eap_peer_md5_register(); ++#endif /* EAP_MD5 */ ++ ++#ifdef EAP_TLS ++ if (ret == 0) ++ ret = eap_peer_tls_register(); ++#endif /* EAP_TLS */ ++ ++#ifdef EAP_MSCHAPv2 ++ if (ret == 0) ++ ret = eap_peer_mschapv2_register(); ++#endif /* EAP_MSCHAPv2 */ ++ ++#ifdef EAP_PEAP ++ if (ret == 0) ++ ret = eap_peer_peap_register(); ++#endif /* EAP_PEAP */ ++ ++#ifdef EAP_TTLS ++ if (ret == 0) ++ ret = eap_peer_ttls_register(); ++#endif /* EAP_TTLS */ ++ ++#ifdef EAP_GTC ++ if (ret == 0) ++ ret = eap_peer_gtc_register(); ++#endif /* EAP_GTC */ ++ ++#ifdef EAP_OTP ++ if (ret == 0) ++ ret = eap_peer_otp_register(); ++#endif /* EAP_OTP */ ++ ++#ifdef EAP_SIM ++ if (ret == 0) ++ ret = eap_peer_sim_register(); ++#endif /* EAP_SIM */ ++ ++#ifdef EAP_LEAP ++ if (ret == 0) ++ ret = eap_peer_leap_register(); ++#endif /* EAP_LEAP */ ++ ++#ifdef EAP_PSK ++ if (ret == 0) ++ ret = eap_peer_psk_register(); ++#endif /* EAP_PSK */ ++ ++#ifdef EAP_AKA ++ if (ret == 0) ++ ret = eap_peer_aka_register(); ++#endif /* EAP_AKA */ ++ ++#ifdef EAP_AKA_PRIME ++ if (ret == 0) ++ ret = eap_peer_aka_prime_register(); ++#endif /* EAP_AKA_PRIME */ ++ ++#ifdef EAP_FAST ++ if (ret == 0) ++ ret = eap_peer_fast_register(); ++#endif /* EAP_FAST */ ++ ++#ifdef EAP_PAX ++ if (ret == 0) ++ ret = eap_peer_pax_register(); ++#endif /* EAP_PAX */ ++ ++#ifdef EAP_SAKE ++ if (ret == 0) ++ ret = eap_peer_sake_register(); ++#endif /* EAP_SAKE */ ++ ++#ifdef EAP_GPSK ++ if (ret == 0) ++ ret = eap_peer_gpsk_register(); ++#endif /* EAP_GPSK */ ++ ++#ifdef EAP_WSC ++ if (ret == 0) ++ ret = eap_peer_wsc_register(); ++#endif /* EAP_WSC */ ++ ++#ifdef EAP_IKEV2 ++ if (ret == 0) ++ ret = eap_peer_ikev2_register(); ++#endif /* EAP_IKEV2 */ ++ ++#ifdef EAP_VENDOR_TEST ++ if (ret == 0) ++ ret = eap_peer_vendor_test_register(); ++#endif /* EAP_VENDOR_TEST */ ++ ++#ifdef EAP_TNC ++ if (ret == 0) ++ ret = eap_peer_tnc_register(); ++#endif /* EAP_TNC */ ++ ++ return ret; ++} ++ ++ ++/** + * eap_peer_unregister_methods - Unregister EAP peer methods + * + * This function is called at program termination to unregister all EAP peer +diff -Naurp a/src/eap_peer/eap_methods.h b/src/eap_peer/eap_methods.h +--- a/src/eap_peer/eap_methods.h 2012-05-15 08:23:17.151386999 +0000 ++++ b/src/eap_peer/eap_methods.h 2012-05-15 08:23:57.404389735 +0000 +@@ -26,6 +26,7 @@ + const char * eap_get_name(int vendor, EapType type); + size_t eap_get_names(char *buf, size_t buflen); + char ** eap_get_names_as_string_array(size_t *num); ++int eap_peer_register_methods(void); + void eap_peer_unregister_methods(void); + + #else /* IEEE8021X_EAPOL */ +diff -Naurp a/src/eap_peer/libeap0.pc b/src/eap_peer/libeap0.pc +--- a/src/eap_peer/libeap0.pc 1970-01-01 00:00:00.000000000 +0000 ++++ b/src/eap_peer/libeap0.pc 2012-05-15 08:23:57.404389735 +0000 +@@ -0,0 +1,10 @@ ++prefix=/usr ++exec_prefix=/usr ++libdir=${exec_prefix}/lib ++includedir=${prefix}/include/eap_peer ++ ++Name: libeap0 ++Description: EAP Peer Library API ++Version: 0.7.2 ++Libs: -L${libdir} -leap ++Cflags: -I${includedir} diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-conf.d b/net-wireless/wpa_supplicant/files/wpa_supplicant-conf.d new file mode 100644 index 000000000000..104b9dc5d8c3 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-conf.d @@ -0,0 +1,6 @@ +# conf.d file for wpa_supplicant +# +# Please check man 8 wpa_supplicant for more information about the options +# wpa_supplicant accepts. +# +wpa_supplicant_args="" diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-init.d b/net-wireless/wpa_supplicant/files/wpa_supplicant-init.d new file mode 100644 index 000000000000..8429a3733840 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-init.d @@ -0,0 +1,70 @@ +#!/sbin/runscript +# Copyright (c) 2009 Roy Marples <roy@marples.name> +# All rights reserved. Released under the 2-clause BSD license. + +command=/usr/sbin/wpa_supplicant +: ${wpa_supplicant_conf:=/etc/wpa_supplicant/wpa_supplicant.conf} +wpa_supplicant_if=${wpa_supplicant_if:+-i}$wpa_supplicant_if +command_args="$wpa_supplicant_args -B -c$wpa_supplicant_conf $wpa_supplicant_if" +name="WPA Supplicant Daemon" + +depend() +{ + need localmount + use logger + after bootmisc modules + before dns dhcpcd net + keyword -shutdown +} + +find_wireless() +{ + local iface= + + case "$RC_UNAME" in + Linux) + for iface in /sys/class/net/*; do + if [ -e "$iface"/wireless -o \ + -e "$iface"/phy80211 ] + then + echo "${iface##*/}" + return 0 + fi + done + ;; + *) + for iface in /dev/net/* $(ifconfig -l 2>/dev/null); do + if ifconfig "${iface##*/}" 2>/dev/null | \ + grep -q "[ ]*ssid " + then + echo "${iface##*/}" + return 0 + fi + done + ;; + esac + + return 1 +} + +append_wireless() +{ + local iface= i= + + iface=$(find_wireless) + if [ -n "$iface" ]; then + for i in $iface; do + command_args="$command_args -i$i" + done + else + eerror "Could not find a wireless interface" + fi +} + +start_pre() +{ + case " $command_args" in + *" -i"*) ;; + *) append_wireless;; + esac +} diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant.conf b/net-wireless/wpa_supplicant/files/wpa_supplicant.conf new file mode 100644 index 000000000000..c3a29e50d9ca --- /dev/null +++ b/net-wireless/wpa_supplicant/files/wpa_supplicant.conf @@ -0,0 +1,7 @@ +# This is a network block that connects to any unsecured access point. +# We give it a low priority so any defined blocks are preferred. +network={ + key_mgmt=NONE + priority=-9999999 +} + diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant.service b/net-wireless/wpa_supplicant/files/wpa_supplicant.service new file mode 100644 index 000000000000..e1e75b129528 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/wpa_supplicant.service @@ -0,0 +1,11 @@ +[Unit] +Description=WPA supplicant + +[Service] +Type=dbus +BusName=fi.epitest.hostap.WPASupplicant +ExecStart=/usr/sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -u + +[Install] +WantedBy=multi-user.target +Alias=dbus-fi.epitest.hostap.WPASupplicant.service diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant_at.service b/net-wireless/wpa_supplicant/files/wpa_supplicant_at.service new file mode 100644 index 000000000000..af0cebfd691d --- /dev/null +++ b/net-wireless/wpa_supplicant/files/wpa_supplicant_at.service @@ -0,0 +1,11 @@ +[Unit] +Description=WPA supplicant daemon (interface-specific version) + +# NetworkManager users will probably want the dbus version instead. + +[Service] +Type=simple +ExecStart=/usr/sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -i%I + +[Install] +Alias=multi-user.target.wants/wpa_supplicant@wlan0.service |