ahmedammar
diff --git a/‎ChangeLog
+26 b/‎ChangeLog
+26
diff --git a/‎Makefile
+4-1 b/‎Makefile
+4-1
diff --git a/‎base64.c
+1-1 b/‎base64.c
+1-1
diff --git a/‎ctrl_iface.c
+5-1 b/‎ctrl_iface.c
+5-1
diff --git a/‎ctrl_iface_dbus.c
+2-2 b/‎ctrl_iface_dbus.c
+2-2
diff --git a/‎ctrl_iface_unix.c
+1-1 b/‎ctrl_iface_unix.c
+1-1
diff --git a/‎dbus_dict_helpers.c
+62-40 b/‎dbus_dict_helpers.c
+62-40
diff --git a/‎driver_broadcom.c
+3-2 b/‎driver_broadcom.c
+3-2
diff --git a/‎driver_hostap.h
+2-2 b/‎driver_hostap.h
+2-2
diff --git a/‎driver_ndis.c
+2 b/‎driver_ndis.c
+2
@@ -1,5 +1,31 @@
 ChangeLog for wpa_supplicant
 
+2008-11-28 - v0.5.11
+	* fixed race condition between disassociation event and group key
+	  handshake to avoid getting stuck in incorrect state [Bug 261]
+	* updated D-Bus usage to avoid deprecated functions
+	* silence SIOCSIWAUTH ioctl failure message (these can be ignored in
+	  most cases and are now only shown in debug output)
+	* increase timeout for IBSS connection
+	* driver_wext: do not overwrite BSS frequency if channel was already
+	  received
+	* driver_wext: set interface down for mode switches, if needed (e.g.,
+	  for mac80211)
+	* driver_wext: fixed re-initialization of a removed and re-inserted
+	  interface (e.g., USB dongle or on resume if driver was unloaded for
+	  suspend)
+	* improve per-SSID scanning for drivers that report background scan
+	  results frequently
+	* fixed scanning behavior after a failed initial association
+	* driver_wext: fixed processing of invalid event messages from kernel
+	  not to crash wpa_supplicant (this could happen when using 64-bit
+	  kernel with 32-bit userspace)
+	* fixed EAP-AKA to use RES Length field in AT_RES as length in bits,
+	  not bytes
+	* fixed canceling of PMKSA caching when using drivers that generate
+	  RSN IE and refuse to drop PMKIDs that wpa_supplicant does not know
+	  about
+
 2008-02-19 - v0.5.10
 	* added support for Makefile builds to include debug-log-to-a-file
 	  functionality (CONFIG_DEBUG_FILE=y and -f<path> on command line)
 
@@ -149,7 +149,10 @@ endif
 
 ifdef CONFIG_DRIVER_NDIS
 CFLAGS += -DCONFIG_DRIVER_NDIS
-OBJS_d += driver_ndis.o driver_ndis_.o
+OBJS_d += driver_ndis.o
+ifdef CONFIG_NDIS_EVENTS_INTEGRATED
+OBJS_d += driver_ndis_.o
+endif
 ifndef CONFIG_L2_PACKET
 CONFIG_L2_PACKET=pcap
 endif
 
@@ -115,7 +115,7 @@ unsigned char * base64_decode(const unsigned char *src, size_t len,
 			count++;
 	}
 
-	if (count % 4)
+	if (count == 0 || count % 4)
 		return NULL;
 
 	olen = count / 4 * 3;
 
@@ -76,6 +76,7 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
 }
 
 
+#ifdef IEEE8021X_EAPOL
 static int wpa_supplicant_ctrl_iface_preauth(struct wpa_supplicant *wpa_s,
 					     char *addr)
 {
@@ -94,6 +95,7 @@ static int wpa_supplicant_ctrl_iface_preauth(struct wpa_supplicant *wpa_s,
 
 	return 0;
 }
+#endif /* IEEE8021X_EAPOL */
 
 
 #ifdef CONFIG_PEERKEY
@@ -538,7 +540,7 @@ static int wpa_supplicant_ctrl_iface_scan_results(
 		return 0;
 	if (wpa_s->scan_results == NULL)
 		return 0;
-	
+
 	pos = buf;
 	end = buf + buflen;
 	ret = os_snprintf(pos, end - pos, "bssid / frequency / signal level / "
@@ -1200,9 +1202,11 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
 			wpa_s->reassociate = 1;
 			wpa_supplicant_req_scan(wpa_s, 0, 0);
 		}
+#ifdef IEEE8021X_EAPOL
 	} else if (os_strncmp(buf, "PREAUTH ", 8) == 0) {
 		if (wpa_supplicant_ctrl_iface_preauth(wpa_s, buf + 8))
 			reply_len = -1;
+#endif /* IEEE8021X_EAPOL */
 #ifdef CONFIG_PEERKEY
 	} else if (os_strncmp(buf, "STKSTART ", 9) == 0) {
 		if (wpa_supplicant_ctrl_iface_stkstart(wpa_s, buf + 9))
 
@@ -30,10 +30,10 @@
 #include "wpa_ctrl.h"
 #include "eap.h"
 
-#define DBUS_VERSION (DBUS_VERSION_MAJOR << 8 | DBUS_VERSION_MINOR)
+#define _DBUS_VERSION (DBUS_VERSION_MAJOR << 8 | DBUS_VERSION_MINOR)
 #define DBUS_VER(major, minor) ((major) << 8 | (minor))
 
-#if DBUS_VERSION < DBUS_VER(1,1)
+#if _DBUS_VERSION < DBUS_VER(1,1)
 #define dbus_watch_get_unix_fd dbus_watch_get_fd
 #endif
 
 
@@ -315,7 +315,7 @@ wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
 			/* Group name not found - try to parse this as gid */
 			gid = strtol(gid_str, &endp, 10);
 			if (*gid_str == '\0' || *endp != '\0') {
-				wpa_printf(MSG_DEBUG, "CTRL: Invalid group "
+				wpa_printf(MSG_ERROR, "CTRL: Invalid group "
 					   "'%s'", gid_str);
 				goto fail;
 			}
 
@@ -629,45 +629,68 @@ dbus_bool_t wpa_dbus_dict_open_read(DBusMessageIter *iter,
 }
 
 
+#define BYTE_ARRAY_CHUNK_SIZE 34
+#define BYTE_ARRAY_ITEM_SIZE (sizeof (char))
+
 static dbus_bool_t _wpa_dbus_dict_entry_get_byte_array(
-	DBusMessageIter *iter, int array_len, int array_type,
+	DBusMessageIter *iter, int array_type,
 	struct wpa_dbus_dict_entry *entry)
 {
-	dbus_uint32_t i = 0;
+	dbus_uint32_t count = 0;
 	dbus_bool_t success = FALSE;
-	char byte;
+	char *buffer;
 
-	/* Zero-length arrays are valid. */
-	if (array_len == 0) {
-		entry->bytearray_value = NULL;
-		entry->array_type = DBUS_TYPE_BYTE;
-		success = TRUE;
-		goto done;
-	}
+	entry->bytearray_value = NULL;
+	entry->array_type = DBUS_TYPE_BYTE;
 
-	entry->bytearray_value = wpa_zalloc(array_len * sizeof(char));
-	if (!entry->bytearray_value) {
+	buffer = wpa_zalloc(BYTE_ARRAY_ITEM_SIZE * BYTE_ARRAY_CHUNK_SIZE);
+	if (!buffer) {
 		perror("_wpa_dbus_dict_entry_get_byte_array[dbus]: out of "
 		       "memory");
 		goto done;
 	}
 
-	entry->array_type = DBUS_TYPE_BYTE;
-	entry->array_len = array_len;
+	entry->bytearray_value = buffer;
+	entry->array_len = 0;
 	while (dbus_message_iter_get_arg_type(iter) == DBUS_TYPE_BYTE) {
+		char byte;
+
+		if ((count % BYTE_ARRAY_CHUNK_SIZE) == 0 && count != 0) {
+			buffer = realloc(buffer, BYTE_ARRAY_ITEM_SIZE *
+					 (count + BYTE_ARRAY_CHUNK_SIZE));
+			if (buffer == NULL) {
+				perror("_wpa_dbus_dict_entry_get_byte_array["
+				       "dbus] out of memory trying to "
+				       "retrieve the string array");
+				goto done;
+			}
+		}
+		entry->bytearray_value = buffer;
+
 		dbus_message_iter_get_basic(iter, &byte);
-		entry->bytearray_value[i++] = byte;
+		entry->bytearray_value[count] = byte;
+		entry->array_len = ++count;
 		dbus_message_iter_next(iter);
 	}
+
+	/* Zero-length arrays are valid. */
+	if (entry->array_len == 0) {
+		free(entry->bytearray_value);
+		entry->bytearray_value = NULL;
+	}
+
 	success = TRUE;
 
 done:
 	return success;
 }
 
 
+#define STR_ARRAY_CHUNK_SIZE 8
+#define STR_ARRAY_ITEM_SIZE (sizeof (char *))
+
 static dbus_bool_t _wpa_dbus_dict_entry_get_string_array(
-	DBusMessageIter *iter, int array_len, int array_type,
+	DBusMessageIter *iter, int array_type,
 	struct wpa_dbus_dict_entry *entry)
 {
 	dbus_uint32_t count = 0;
@@ -677,13 +700,7 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_string_array(
 	entry->strarray_value = NULL;
 	entry->array_type = DBUS_TYPE_STRING;
 
-	/* Zero-length arrays are valid. */
-	if (array_len == 0) {
-		success = TRUE;
-		goto done;
-	}
-
-	buffer = wpa_zalloc(sizeof (char *) * 8);
+	buffer = wpa_zalloc(STR_ARRAY_ITEM_SIZE * STR_ARRAY_CHUNK_SIZE);
 	if (buffer == NULL) {
 		perror("_wpa_dbus_dict_entry_get_string_array[dbus] out of "
 		       "memory trying to retrieve a string array");
@@ -696,18 +713,15 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_string_array(
 		const char *value;
 		char *str;
 
-		if ((count % 8) == 0 && count != 0) {
-			char **tmp;
-			tmp = realloc(buffer, sizeof(char *) * (count + 8));
-			if (tmp == NULL) {
+		if ((count % STR_ARRAY_CHUNK_SIZE) == 0 && count != 0) {
+			buffer = realloc(buffer, STR_ARRAY_ITEM_SIZE *
+					 (count + STR_ARRAY_CHUNK_SIZE));
+			if (buffer == NULL) {
 				perror("_wpa_dbus_dict_entry_get_string_array["
 				       "dbus] out of memory trying to "
 				       "retrieve the string array");
-				free(buffer);
-				buffer = NULL;
 				goto done;
 			}
-			buffer = tmp;
 		}
 		entry->strarray_value = buffer;
 
@@ -723,6 +737,13 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_string_array(
 		entry->array_len = ++count;
 		dbus_message_iter_next(iter);
 	}
+
+	/* Zero-length arrays are valid. */
+	if (entry->array_len == 0) {
+		free(entry->strarray_value);
+		entry->strarray_value = NULL;
+	}
+
 	success = TRUE;
 
 done:
@@ -734,7 +755,6 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_array(
 	DBusMessageIter *iter_dict_val, struct wpa_dbus_dict_entry *entry)
 {
 	int array_type = dbus_message_iter_get_element_type(iter_dict_val);
-	int array_len;
 	dbus_bool_t success = FALSE;
 	DBusMessageIter iter_array;
 
@@ -743,20 +763,14 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_array(
 
 	dbus_message_iter_recurse(iter_dict_val, &iter_array);
 
- 	array_len = dbus_message_iter_get_array_len(&iter_array);
-	if (array_len < 0)
-		return FALSE;
-
  	switch (array_type) {
 	case DBUS_TYPE_BYTE:
 		success = _wpa_dbus_dict_entry_get_byte_array(&iter_array,
-							      array_len,
 							      array_type,
 							      entry);
 		break;
 	case DBUS_TYPE_STRING:
 		success = _wpa_dbus_dict_entry_get_string_array(&iter_array,
-								array_len,
 								array_type,
 								entry);
 		break;
@@ -946,9 +960,17 @@ void wpa_dbus_dict_entry_clear(struct wpa_dbus_dict_entry *entry)
 		break;
 	case DBUS_TYPE_ARRAY:
 		switch (entry->array_type) {
-		case DBUS_TYPE_BYTE:
-			free(entry->bytearray_value);
-			break;
+		case DBUS_TYPE_BYTE: {
+				free(entry->bytearray_value);
+				break;
+			}
+		case DBUS_TYPE_STRING: {
+				unsigned int i;
+				for (i = 0; i < entry->array_len; i++)
+					free(entry->strarray_value[i]);
+				free(entry->strarray_value);
+				break;
+			}
 		}
 		break;
 	}
 
@@ -487,8 +487,9 @@ wpa_driver_broadcom_get_scan_results(void *priv,
 		wbi = (wl_bss_info_t *) ((u8 *) wbi + wbi->length);
 	}
 
-	wpa_printf(MSG_MSGDUMP, "Received %d bytes of scan results (%d BSSes)",
-		   wsr->buflen, ap_num);
+	wpa_printf(MSG_MSGDUMP, "Received %d bytes of scan results (%lu "
+		   "BSSes)",
+		   wsr->buflen, (unsigned long) ap_num);
 
 	os_free(buf);
 	return ap_num;
 
@@ -84,9 +84,9 @@ enum {
 
 #define PRISM2_HOSTAPD_MAX_BUF_SIZE 1024
 #define PRISM2_HOSTAPD_RID_HDR_LEN \
-((int) (&((struct prism2_hostapd_param *) 0)->u.rid.data))
+((size_t) (&((struct prism2_hostapd_param *) 0)->u.rid.data))
 #define PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN \
-((int) (&((struct prism2_hostapd_param *) 0)->u.generic_elem.data))
+((size_t) (&((struct prism2_hostapd_param *) 0)->u.generic_elem.data))
 
 /* Maximum length for algorithm names (-1 for nul termination) used in ioctl()
  */
 
@@ -42,7 +42,9 @@ int close(int fd);
 #include "driver_ndis.h"
 
 int wpa_driver_register_event_cb(struct wpa_driver_ndis_data *drv);
+#ifdef CONFIG_NDIS_EVENTS_INTEGRATED
 void wpa_driver_ndis_event_pipe_cb(void *eloop_data, void *user_data);
+#endif /* CONFIG_NDIS_EVENTS_INTEGRATED */
 
 static void wpa_driver_ndis_deinit(void *priv);
 static void wpa_driver_ndis_poll(void *drv);
Original file line number	Diff line number	Diff line change
`@@ -115,7 +115,7 @@ unsigned char * base64_decode(const unsigned char *src, size_t len,`
`115`	`115`	`count++;`
`116`	`116`	`}`
`117`	`117`
`118`		`- if (count % 4)`
	`118`	`+ if (count == 0 \|\| count % 4)`
`119`	`119`	`return NULL;`
`120`	`120`
`121`	`121`	`olen = count / 4 * 3;`
Original file line number	Diff line number	Diff line change
`@@ -315,7 +315,7 @@ wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)`
`315`	`315`	`/* Group name not found - try to parse this as gid */`
`316`	`316`	`gid = strtol(gid_str, &endp, 10);`
`317`	`317`	`if (gid_str == '\0' \|\| endp != '\0') {`
`318`		`- wpa_printf(MSG_DEBUG, "CTRL: Invalid group "`
	`318`	`+ wpa_printf(MSG_ERROR, "CTRL: Invalid group "`
`319`	`319`	`"'%s'", gid_str);`
`320`	`320`	`goto fail;`
`321`	`321`	`}`