Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

tests: Pending GAS query interrupted with deinit

These are regression test cases for a segmentation fault issue (use of
freed memory) where interface removal happened while a gas-query item
was pending.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 10 years ago
parent
57e832de37
commit
c518fecc82
2 changed files with 58 additions and 0 deletions
Split View Show Diff Stats
  1. 34 0
      tests/hwsim/test_ap_hs20.py
  2. 24 0
      tests/hwsim/test_gas.py

+ 34 - 0
tests/hwsim/test_ap_hs20.py
View File 

@@ -3478,3 +3478,37 @@ def test_proxyarp_open_ebtables(dev, apdev, params):
 
                         stderr=open('/dev/null', 'w'))
 
         subprocess.call(['brctl', 'delbr', 'ap-br0'],
 
                         stderr=open('/dev/null', 'w'))
 
+
 
+def test_ap_hs20_connect_deinit(dev, apdev):
 
+    """Hotspot 2.0 connection interrupted with deinit"""
 
+    bssid = apdev[0]['bssid']
 
+    params = hs20_ap_params()
 
+    params['hessid'] = bssid
 
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
 
+
 
+    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
 
+    wpas.interface_add("wlan5", drv_params="")
 
+    wpas.hs20_enable()
 
+    wpas.flush_scan_cache()
 
+    wpas.add_cred_values({ 'realm': "example.com",
 
+                           'username': "hs20-test",
 
+                           'password': "password",
 
+                           'ca_cert': "auth_serv/ca.pem",
 
+                           'domain': "example.com" })
 
+
 
+    wpas.scan_for_bss(bssid, freq=2412)
 
+    hapd.disable()
 
+
 
+    wpas.request("INTERWORKING_SELECT freq=2412")
 
+
 
+    id = wpas.request("RADIO_WORK add block-work")
 
+    ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5)
 
+    if ev is None:
 
+        raise Exception("Timeout while waiting radio work to start")
 
+    ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5)
 
+    if ev is None:
 
+        raise Exception("Timeout while waiting radio work to start (2)")
 
+
 
+    # Remove the interface while the gas-query radio work is still pending and
 
+    # GAS query has not yet been started.
 
+    wpas.interface_remove("wlan5")

+ 24 - 0
tests/hwsim/test_gas.py
View File 

@@ -843,3 +843,27 @@ def test_gas_missing_payload(dev, apdev):
 
         raise Exception("Timeout on MGMT-TX-STATUS")
 
     if "result=SUCCESS" not in ev:
 
         raise Exception("AP did not ack Action frame")
 
+
 
+def test_gas_query_deinit(dev, apdev):
 
+    """Pending GAS/ANQP query during deinit"""
 
+    hapd = start_ap(apdev[0])
 
+    bssid = apdev[0]['bssid']
 
+
 
+    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
 
+    wpas.interface_add("wlan5")
 
+
 
+    wpas.scan_for_bss(bssid, freq="2412", force_scan=True)
 
+    id = wpas.request("RADIO_WORK add block-work")
 
+    if "OK" not in wpas.request("ANQP_GET " + bssid + " 258"):
 
+        raise Exception("ANQP_GET command failed")
 
+
 
+    ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5)
 
+    if ev is None:
 
+        raise Exception("Timeout while waiting radio work to start")
 
+    ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5)
 
+    if ev is None:
 
+        raise Exception("Timeout while waiting radio work to start (2)")
 
+
 
+    # Remove the interface while the gas-query radio work is still pending and
 
+    # GAS query has not yet been started.
 
+    wpas.interface_remove("wlan5")