Patchwork wpa_supplicant: Add bss_flush command to invalidate scan results

login
register
mail settings
Submitter Dmitry Shmidt
Date Aug. 24, 2012, 6:14 p.m.
Message ID <20120824183547.5D58838371@ushik.mtv.corp.google.com>
Download mbox | patch
Permalink /patch/179878/
State Accepted
Commit 39ee845f92d951e7b3e4fb1500f51decbe561bd6
Headers show

Comments

Dmitry Shmidt - Aug. 24, 2012, 6:14 p.m.
Change-Id: I1a6ebc4fe53e16909ac44e2d04a6b651993dae91
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
---
 wpa_supplicant/ctrl_iface.c |   16 ++++++++++++++++
 wpa_supplicant/wpa_cli.c    |   20 ++++++++++++++++++++
 2 files changed, 36 insertions(+), 0 deletions(-)
Jouni Malinen - Aug. 25, 2012, 7:24 a.m.
Thanks, applied.
Vitaly Wool - Aug. 25, 2012, 7:36 a.m.
Hi Dmitry,

On Fri, Aug 24, 2012 at 8:14 PM, Dmitry Shmidt <dimitrysh@google.com> wrote:

> Change-Id: I1a6ebc4fe53e16909ac44e2d04a6b651993dae91
> Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
> ---
>  wpa_supplicant/ctrl_iface.c |   16 ++++++++++++++++
>  wpa_supplicant/wpa_cli.c    |   20 ++++++++++++++++++++
>  2 files changed, 36 insertions(+), 0 deletions(-)
>
> diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
> index 5de4f7b..ec61b84 100644
> --- a/wpa_supplicant/ctrl_iface.c
> +++ b/wpa_supplicant/ctrl_iface.c
> @@ -2884,6 +2884,19 @@ static int
> wpa_supplicant_ctrl_iface_bss_expire_count(
>  }
>
>
> +static int wpa_supplicant_ctrl_iface_bss_flush(
> +       struct wpa_supplicant *wpa_s, char *cmd)
> +{
> +       int flush_age = atoi(cmd);
>

This is unsafe, e. g. if cmd is "foo", atoi will return -1. Do you really
want to call flush_by_age with age -1 in this case?

Thanks,
   Vitaly
Jouni Malinen - Aug. 25, 2012, 11:08 a.m.
On Sat, Aug 25, 2012 at 09:36:35AM +0200, Vitaly Wool wrote:
> On Fri, Aug 24, 2012 at 8:14 PM, Dmitry Shmidt <dimitrysh@google.com> wrote:
> > +       int flush_age = atoi(cmd);
> >
> 
> This is unsafe, e. g. if cmd is "foo", atoi will return -1. Do you really
> want to call flush_by_age with age -1 in this case?

Which atoi() implementation returns -1 if the string does not include
any digits? While error conditions in atoi() are undefined by C
standard, this looks like a case where atoi() could be considered to
match strtol(nptr, (char **) NULL, 10) and strtol() is defined to return
0 if conversion could not be done. All atoi() implementations I've
tested seem to return 0 in this type of case.

Patch

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 5de4f7b..ec61b84 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -2884,6 +2884,19 @@  static int wpa_supplicant_ctrl_iface_bss_expire_count(
 }
 
 
+static int wpa_supplicant_ctrl_iface_bss_flush(
+	struct wpa_supplicant *wpa_s, char *cmd)
+{
+	int flush_age = atoi(cmd);
+
+	if (flush_age == 0)
+		wpa_bss_flush(wpa_s);
+	else
+		wpa_bss_flush_by_age(wpa_s, flush_age);
+	return 0;
+}
+
+
 static void wpa_supplicant_ctrl_iface_drop_sa(struct wpa_supplicant *wpa_s)
 {
 	wpa_printf(MSG_DEBUG, "Dropping SA without deauthentication");
@@ -4578,6 +4591,9 @@  char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
 		if (wpa_supplicant_ctrl_iface_bss_expire_count(wpa_s,
 							       buf + 17))
 			reply_len = -1;
+	} else if (os_strncmp(buf, "BSS_FLUSH ", 10) == 0) {
+		if (wpa_supplicant_ctrl_iface_bss_flush(wpa_s, buf + 10))
+			reply_len = -1;
 #ifdef CONFIG_TDLS
 	} else if (os_strncmp(buf, "TDLS_DISCOVER ", 14) == 0) {
 		if (wpa_supplicant_ctrl_iface_tdls_discover(wpa_s, buf + 14))
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index 8e89281..53ed05d 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -656,6 +656,23 @@  static int wpa_cli_cmd_bss_expire_count(struct wpa_ctrl *ctrl, int argc,
 }
 
 
+static int wpa_cli_cmd_bss_flush(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+	char cmd[256];
+	int res;
+
+	if (argc < 1)
+		res = os_snprintf(cmd, sizeof(cmd), "BSS_FLUSH 0");
+	else
+		res = os_snprintf(cmd, sizeof(cmd), "BSS_FLUSH %s", argv[0]);
+	if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
+		printf("Too long BSS_FLUSH command.\n");
+		return -1;
+	}
+	return wpa_ctrl_command(ctrl, cmd);
+}
+
+
 static int wpa_cli_cmd_stkstart(struct wpa_ctrl *ctrl, int argc,
 				char *argv[])
 {
@@ -2264,6 +2281,9 @@  static struct wpa_cli_cmd wpa_cli_commands[] = {
 	{ "bss_expire_count", wpa_cli_cmd_bss_expire_count,
 	  cli_cmd_flag_none,
 	  "<value> = set BSS expiration scan count parameter" },
+	{ "bss_flush", wpa_cli_cmd_bss_flush,
+	  cli_cmd_flag_none,
+	  "<value> = set BSS flush age (0 by default)" },
 	{ "stkstart", wpa_cli_cmd_stkstart,
 	  cli_cmd_flag_none,
 	  "<addr> = request STK negotiation with <addr>" },