Merge "[wpa_supplicant] Cherry-pick security fixes (April 29, 2019)" into qt-dev

6 files changed, 36 insertions, 11 deletions

diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 8ddf754f..952a3d55 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -787,6 +787,13 @@ void hostapd_event_ch_switch(struct hostapd_data *hapd, int freq, int ht,
 		       freq, ht, hapd->iconf->ch_switch_vht_config, offset,
 		       width, channel_width_to_string(width), cf1, cf2);
 
+	if (!hapd->iface->current_mode) {
+		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_WARNING,
+			       "ignore channel switch since the interface is not yet ready");
+		return;
+	}
+
 	hapd->iface->freq = freq;
 
 	channel = hostapd_hw_get_channel(hapd, freq);
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 20c8e8f5..0bd68923 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -2486,8 +2486,12 @@ static void hostapd_deinit_driver(const struct wpa_driver_ops *driver,
 			wpa_printf(MSG_DEBUG, "%s:bss[%d]->drv_priv=%p",
 				   __func__, (int) j,
 				   hapd_iface->bss[j]->drv_priv);
-			if (hapd_iface->bss[j]->drv_priv == drv_priv)
+			if (hapd_iface->bss[j]->drv_priv == drv_priv) {
 				hapd_iface->bss[j]->drv_priv = NULL;
+				hapd_iface->extended_capa = NULL;
+				hapd_iface->extended_capa_mask = NULL;
+				hapd_iface->extended_capa_len = 0;
+			}
 		}
 	}
 }
diff --git a/src/ap/hw_features.c b/src/ap/hw_features.c
index 9d3d990a..8ac33bb3 100644
--- a/src/ap/hw_features.c
+++ b/src/ap/hw_features.c
@@ -936,11 +936,16 @@ int hostapd_hw_get_channel(struct hostapd_data *hapd, int freq)
 	int i, channel;
 	struct hostapd_hw_modes *mode;
 
-	channel = hw_get_chan(hapd->iface->current_mode, freq);
-	if (channel)
-		return channel;
+	if (hapd->iface->current_mode) {
+		channel = hw_get_chan(hapd->iface->current_mode, freq);
+		if (channel)
+			return channel;
+	}
+
 	/* Check other available modes since the channel list for the current
 	 * mode did not include the specified frequency. */
+	if (!hapd->iface->hw_features)
+		return 0;
 	for (i = 0; i < hapd->iface->num_hw_features; i++) {
 		mode = &hapd->iface->hw_features[i];
 		channel = hw_get_chan(mode, freq);
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 616b2059..e89a7163 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -699,7 +699,7 @@ static void wpa_free_sta_sm(struct wpa_state_machine *sm)
 #ifdef CONFIG_DPP2
 	wpabuf_clear_free(sm->dpp_z);
 #endif /* CONFIG_DPP2 */
-	os_free(sm);
+	bin_clear_free(sm, sizeof(*sm));
 }
 
 
@@ -1730,6 +1730,12 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
 	case WPA_DEAUTH:
 	case WPA_DISASSOC:
 		sm->DeauthenticationRequest = TRUE;
+#ifdef CONFIG_IEEE80211R_AP
+		os_memset(sm->PMK, 0, sizeof(sm->PMK));
+		sm->pmk_len = 0;
+		os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+		sm->xxkey_len = 0;
+#endif /* CONFIG_IEEE80211R_AP */
 		break;
 	case WPA_REAUTH:
 	case WPA_REAUTH_EAPOL:
diff --git a/src/common/sae.c b/src/common/sae.c
index 5a50294a..0d56e550 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -317,7 +317,7 @@ static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed,
 	wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value",
 			pwd_value, sae->tmp->prime_len);
 
-	if (os_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
+	if (const_time_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
 		return 0;
 
 	x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len);
diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
index 884150e6..6ca2c8ba 100644
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -144,6 +144,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 	u8 qnr_bin[MAX_ECC_PRIME_LEN];
 	u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN];
 	u8 x_bin[MAX_ECC_PRIME_LEN];
+	u8 prime_bin[MAX_ECC_PRIME_LEN];
 	struct crypto_bignum *tmp1 = NULL, *tmp2 = NULL, *pm1 = NULL;
 	struct crypto_hash *hash;
 	unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr;
@@ -161,6 +162,11 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 	os_memset(x_bin, 0, sizeof(x_bin));
 
 	prime = crypto_ec_get_prime(grp->group);
+	primebitlen = crypto_ec_prime_len_bits(grp->group);
+	primebytelen = crypto_ec_prime_len(grp->group);
+	if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin),
+				 primebytelen) < 0)
+		return -1;
 	grp->pwe = crypto_ec_point_init(grp->group);
 	tmp1 = crypto_bignum_init();
 	pm1 = crypto_bignum_init();
@@ -170,8 +176,6 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 		goto fail;
 	}
 
-	primebitlen = crypto_ec_prime_len_bits(grp->group);
-	primebytelen = crypto_ec_prime_len(grp->group);
 	if ((prfbuf = os_malloc(primebytelen)) == NULL) {
 		wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf "
 			   "buffer");
@@ -237,6 +241,8 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 		if (primebitlen % 8)
 			buf_shift_right(prfbuf, primebytelen,
 					8 - primebitlen % 8);
+		if (const_time_memcmp(prfbuf, prime_bin, primebytelen) >= 0)
+			continue;
 
 		crypto_bignum_deinit(x_candidate, 1);
 		x_candidate = crypto_bignum_init_set(prfbuf, primebytelen);
@@ -246,9 +252,6 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 			goto fail;
 		}
 
-		if (crypto_bignum_cmp(x_candidate, prime) >= 0)
-			continue;
-
 		wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: x_candidate",
 				prfbuf, primebytelen);
 		const_time_select_bin(found, x_bin, prfbuf, primebytelen,