update to 0.5.11: some useful bug fixes (check ChangeLog)

Submitted by:	scf
MFC after:	3 weeks

contrib/wpa_supplicant/ChangeLog

@@ -1,5 +1,31 @@
 ChangeLog for wpa_supplicant
 
+2008-11-28 - v0.5.11
+	* fixed race condition between disassociation event and group key
+	  handshake to avoid getting stuck in incorrect state [Bug 261]
+	* updated D-Bus usage to avoid deprecated functions
+	* silence SIOCSIWAUTH ioctl failure message (these can be ignored in
+	  most cases and are now only shown in debug output)
+	* increase timeout for IBSS connection
+	* driver_wext: do not overwrite BSS frequency if channel was already
+	  received
+	* driver_wext: set interface down for mode switches, if needed (e.g.,
+	  for mac80211)
+	* driver_wext: fixed re-initialization of a removed and re-inserted
+	  interface (e.g., USB dongle or on resume if driver was unloaded for
+	  suspend)
+	* improve per-SSID scanning for drivers that report background scan
+	  results frequently
+	* fixed scanning behavior after a failed initial association
+	* driver_wext: fixed processing of invalid event messages from kernel
+	  not to crash wpa_supplicant (this could happen when using 64-bit
+	  kernel with 32-bit userspace)
+	* fixed EAP-AKA to use RES Length field in AT_RES as length in bits,
+	  not bytes
+	* fixed canceling of PMKSA caching when using drivers that generate
+	  RSN IE and refuse to drop PMKIDs that wpa_supplicant does not know
+	  about
+
 2008-02-19 - v0.5.10
 	* added support for Makefile builds to include debug-log-to-a-file
 	  functionality (CONFIG_DEBUG_FILE=y and -f<path> on command line)

contrib/wpa_supplicant/Makefile

@@ -149,7 +149,10 @@ endif
 
 ifdef CONFIG_DRIVER_NDIS
 CFLAGS += -DCONFIG_DRIVER_NDIS
-OBJS_d += driver_ndis.o driver_ndis_.o
+OBJS_d += driver_ndis.o
+ifdef CONFIG_NDIS_EVENTS_INTEGRATED
+OBJS_d += driver_ndis_.o
+endif
 ifndef CONFIG_L2_PACKET
 CONFIG_L2_PACKET=pcap
 endif

contrib/wpa_supplicant/base64.c

@@ -115,7 +115,7 @@ unsigned char * base64_decode(const unsigned char *src, size_t len,
 			count++;
 	}
 
-	if (count % 4)
+	if (count == 0 || count % 4)
 		return NULL;
 
 	olen = count / 4 * 3;

contrib/wpa_supplicant/ctrl_iface.c

@@ -76,6 +76,7 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
 }
 
 
+#ifdef IEEE8021X_EAPOL
 static int wpa_supplicant_ctrl_iface_preauth(struct wpa_supplicant *wpa_s,
 					     char *addr)
 {
@@ -94,6 +95,7 @@ static int wpa_supplicant_ctrl_iface_preauth(struct wpa_supplicant *wpa_s,
 
 	return 0;
 }
+#endif /* IEEE8021X_EAPOL */
 
 
 #ifdef CONFIG_PEERKEY
@@ -1126,9 +1128,11 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
 			wpa_s->reassociate = 1;
 			wpa_supplicant_req_scan(wpa_s, 0, 0);
 		}
+#ifdef IEEE8021X_EAPOL
 	} else if (os_strncmp(buf, "PREAUTH ", 8) == 0) {
 		if (wpa_supplicant_ctrl_iface_preauth(wpa_s, buf + 8))
 			reply_len = -1;
+#endif /* IEEE8021X_EAPOL */
 #ifdef CONFIG_PEERKEY
 	} else if (os_strncmp(buf, "STKSTART ", 9) == 0) {
 		if (wpa_supplicant_ctrl_iface_stkstart(wpa_s, buf + 9))

contrib/wpa_supplicant/ctrl_iface_dbus.c

@@ -30,10 +30,10 @@
 #include "wpa_ctrl.h"
 #include "eap.h"
 
-#define DBUS_VERSION (DBUS_VERSION_MAJOR << 8 | DBUS_VERSION_MINOR)
+#define _DBUS_VERSION (DBUS_VERSION_MAJOR << 8 | DBUS_VERSION_MINOR)
 #define DBUS_VER(major, minor) ((major) << 8 | (minor))
 
-#if DBUS_VERSION < DBUS_VER(1,1)
+#if _DBUS_VERSION < DBUS_VER(1,1)
 #define dbus_watch_get_unix_fd dbus_watch_get_fd
 #endif
 

contrib/wpa_supplicant/ctrl_iface_unix.c

@@ -305,7 +305,7 @@ wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
 			/* Group name not found - try to parse this as gid */
 			gid = strtol(gid_str, &endp, 10);
 			if (*gid_str == '\0' || *endp != '\0') {
-				wpa_printf(MSG_DEBUG, "CTRL: Invalid group "
+				wpa_printf(MSG_ERROR, "CTRL: Invalid group "
 					   "'%s'", gid_str);
 				goto fail;
 			}

contrib/wpa_supplicant/dbus_dict_helpers.c

@@ -629,36 +629,56 @@ dbus_bool_t wpa_dbus_dict_open_read(DBusMessageIter *iter,
 }
 
 
+#define BYTE_ARRAY_CHUNK_SIZE 34
+#define BYTE_ARRAY_ITEM_SIZE (sizeof (char))
+
 static dbus_bool_t _wpa_dbus_dict_entry_get_byte_array(
-	DBusMessageIter *iter, int array_len, int array_type,
+	DBusMessageIter *iter, int array_type,
 	struct wpa_dbus_dict_entry *entry)
 {
-	dbus_uint32_t i = 0;
+	dbus_uint32_t count = 0;
 	dbus_bool_t success = FALSE;
-	char byte;
+	char *buffer;
 
-	/* Zero-length arrays are valid. */
-	if (array_len == 0) {
-		entry->bytearray_value = NULL;
-		entry->array_type = DBUS_TYPE_BYTE;
-		success = TRUE;
-		goto done;
-	}
+	entry->bytearray_value = NULL;
+	entry->array_type = DBUS_TYPE_BYTE;
 
-	entry->bytearray_value = wpa_zalloc(array_len * sizeof(char));
-	if (!entry->bytearray_value) {
+	buffer = wpa_zalloc(BYTE_ARRAY_ITEM_SIZE * BYTE_ARRAY_CHUNK_SIZE);
+	if (!buffer) {
 		perror("_wpa_dbus_dict_entry_get_byte_array[dbus]: out of "
 		       "memory");
 		goto done;
 	}
 
-	entry->array_type = DBUS_TYPE_BYTE;
-	entry->array_len = array_len;
+	entry->bytearray_value = buffer;
+	entry->array_len = 0;
 	while (dbus_message_iter_get_arg_type(iter) == DBUS_TYPE_BYTE) {
+		char byte;
+
+		if ((count % BYTE_ARRAY_CHUNK_SIZE) == 0 && count != 0) {
+			buffer = realloc(buffer, BYTE_ARRAY_ITEM_SIZE *
+					 (count + BYTE_ARRAY_CHUNK_SIZE));
+			if (buffer == NULL) {
+				perror("_wpa_dbus_dict_entry_get_byte_array["
+				       "dbus] out of memory trying to "
+				       "retrieve the string array");
+				goto done;
+			}
+		}
+		entry->bytearray_value = buffer;
+
 		dbus_message_iter_get_basic(iter, &byte);
-		entry->bytearray_value[i++] = byte;
+		entry->bytearray_value[count] = byte;
+		entry->array_len = ++count;
 		dbus_message_iter_next(iter);
 	}
+
+	/* Zero-length arrays are valid. */
+	if (entry->array_len == 0) {
+		free(entry->bytearray_value);
+		entry->bytearray_value = NULL;
+	}
+
 	success = TRUE;
 
 done:
@@ -666,8 +686,11 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_byte_array(
 }
 
 
+#define STR_ARRAY_CHUNK_SIZE 8
+#define STR_ARRAY_ITEM_SIZE (sizeof (char *))
+
 static dbus_bool_t _wpa_dbus_dict_entry_get_string_array(
-	DBusMessageIter *iter, int array_len, int array_type,
+	DBusMessageIter *iter, int array_type,
 	struct wpa_dbus_dict_entry *entry)
 {
 	dbus_uint32_t count = 0;
@@ -677,13 +700,7 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_string_array(
 	entry->strarray_value = NULL;
 	entry->array_type = DBUS_TYPE_STRING;
 
-	/* Zero-length arrays are valid. */
-	if (array_len == 0) {
-		success = TRUE;
-		goto done;
-	}
-
-	buffer = wpa_zalloc(sizeof (char *) * 8);
+	buffer = wpa_zalloc(STR_ARRAY_ITEM_SIZE * STR_ARRAY_CHUNK_SIZE);
 	if (buffer == NULL) {
 		perror("_wpa_dbus_dict_entry_get_string_array[dbus] out of "
 		       "memory trying to retrieve a string array");
@@ -696,18 +713,15 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_string_array(
 		const char *value;
 		char *str;
 
-		if ((count % 8) == 0 && count != 0) {
-			char **tmp;
-			tmp = realloc(buffer, sizeof(char *) * (count + 8));
-			if (tmp == NULL) {
+		if ((count % STR_ARRAY_CHUNK_SIZE) == 0 && count != 0) {
+			buffer = realloc(buffer, STR_ARRAY_ITEM_SIZE *
+					 (count + STR_ARRAY_CHUNK_SIZE));
+			if (buffer == NULL) {
 				perror("_wpa_dbus_dict_entry_get_string_array["
 				       "dbus] out of memory trying to "
 				       "retrieve the string array");
-				free(buffer);
-				buffer = NULL;
 				goto done;
 			}
-			buffer = tmp;
 		}
 		entry->strarray_value = buffer;
 
@@ -723,6 +737,13 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_string_array(
 		entry->array_len = ++count;
 		dbus_message_iter_next(iter);
 	}
+
+	/* Zero-length arrays are valid. */
+	if (entry->array_len == 0) {
+		free(entry->strarray_value);
+		entry->strarray_value = NULL;
+	}
+
 	success = TRUE;
 
 done:
@@ -734,7 +755,6 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_array(
 	DBusMessageIter *iter_dict_val, struct wpa_dbus_dict_entry *entry)
 {
 	int array_type = dbus_message_iter_get_element_type(iter_dict_val);
-	int array_len;
 	dbus_bool_t success = FALSE;
 	DBusMessageIter iter_array;
 
@@ -743,20 +763,14 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_array(
 
 	dbus_message_iter_recurse(iter_dict_val, &iter_array);
 
- 	array_len = dbus_message_iter_get_array_len(&iter_array);
-	if (array_len < 0)
-		return FALSE;
-
  	switch (array_type) {
 	case DBUS_TYPE_BYTE:
 		success = _wpa_dbus_dict_entry_get_byte_array(&iter_array,
-							      array_len,
 							      array_type,
 							      entry);
 		break;
 	case DBUS_TYPE_STRING:
 		success = _wpa_dbus_dict_entry_get_string_array(&iter_array,
-								array_len,
 								array_type,
 								entry);
 		break;
@@ -946,9 +960,17 @@ void wpa_dbus_dict_entry_clear(struct wpa_dbus_dict_entry *entry)
 		break;
 	case DBUS_TYPE_ARRAY:
 		switch (entry->array_type) {
-		case DBUS_TYPE_BYTE:
-			free(entry->bytearray_value);
-			break;
+		case DBUS_TYPE_BYTE: {
+				free(entry->bytearray_value);
+				break;
+			}
+		case DBUS_TYPE_STRING: {
+				unsigned int i;
+				for (i = 0; i < entry->array_len; i++)
+					free(entry->strarray_value[i]);
+				free(entry->strarray_value);
+				break;
+			}
 		}
 		break;
 	}

contrib/wpa_supplicant/doc/docbook/wpa_background.8

@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "WPA_BACKGROUND" "8" "19 February 2008" "" ""
+.TH "WPA_BACKGROUND" "8" "28 November 2008" "" ""
 
 .SH NAME
 wpa_background \- Background information on Wi-Fi Protected Access and IEEE 802.11i

contrib/wpa_supplicant/doc/docbook/wpa_cli.8

@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "WPA_CLI" "8" "19 February 2008" "" ""
+.TH "WPA_CLI" "8" "28 November 2008" "" ""
 
 .SH NAME
 wpa_cli \- WPA command line client
@@ -57,17 +57,18 @@ current network. <text> is description of the request. In
 case of OTP request, it includes the challenge from the
 authentication server.
 .PP
-The reply to these requests can be given with 'identity',
-'password', and 'otp' commands. <id> needs to be copied from the
-the matching request. 'password' and 'otp' commands can be used
-regardless of whether the request was for PASSWORD or OTP. The
-main difference between these two commands is that values given
-with 'password' are remembered as long as wpa_supplicant is
-running whereas values given with 'otp' are used only once and
-then forgotten, i.e., wpa_supplicant will ask frontend for a new
-value for every use. This can be used to implement
-one-time-password lists and generic token card -based
-authentication.
+The reply to these requests can be given with
+\fBidentity\fR, \fBpassword\fR, and
+\fBotp\fR commands. <id> needs to be copied from
+the matching request. \fBpassword\fR and
+\fBotp\fR commands can be used regardless of whether
+the request was for PASSWORD or OTP. The main difference between these
+two commands is that values given with \fBpassword\fR are
+remembered as long as wpa_supplicant is running whereas values given
+with \fBotp\fR are used only once and then forgotten,
+i.e., wpa_supplicant will ask frontend for a new value for every use.
+This can be used to implement one-time-password lists and generic token
+card -based authentication.
 .PP
 Example request for password and a matching reply:
 .sp

contrib/wpa_supplicant/doc/docbook/wpa_cli.sgml

@@ -72,17 +72,18 @@
    case of OTP request, it includes the challenge from the
    authentication server.</para>
 
-    <para>The reply to these requests can be given with 'identity',
-    'password', and 'otp' commands. &lt;id&gt; needs to be copied from the
-    the matching request. 'password' and 'otp' commands can be used
-    regardless of whether the request was for PASSWORD or OTP. The
-    main difference between these two commands is that values given
-    with 'password' are remembered as long as wpa_supplicant is
-    running whereas values given with 'otp' are used only once and
-    then forgotten, i.e., wpa_supplicant will ask frontend for a new
-    value for every use. This can be used to implement
-    one-time-password lists and generic token card -based
-    authentication.</para>
+    <para>The reply to these requests can be given with
+    <emphasis>identity</emphasis>, <emphasis>password</emphasis>, and
+    <emphasis>otp</emphasis> commands. &lt;id&gt; needs to be copied from
+    the matching request. <emphasis>password</emphasis> and
+    <emphasis>otp</emphasis> commands can be used regardless of whether
+    the request was for PASSWORD or OTP. The main difference between these
+    two commands is that values given with <emphasis>password</emphasis> are
+    remembered as long as wpa_supplicant is running whereas values given
+    with <emphasis>otp</emphasis> are used only once and then forgotten,
+    i.e., wpa_supplicant will ask frontend for a new value for every use.
+    This can be used to implement one-time-password lists and generic token
+    card -based authentication.</para>
 
     <para>Example request for password and a matching reply:</para>
 

contrib/wpa_supplicant/doc/docbook/wpa_passphrase.8

@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "WPA_PASSPHRASE" "8" "19 February 2008" "" ""
+.TH "WPA_PASSPHRASE" "8" "28 November 2008" "" ""
 
 .SH NAME
 wpa_passphrase \- Generate a WPA PSK from an ASCII passphrase for a SSID

contrib/wpa_supplicant/doc/docbook/wpa_supplicant.8

@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "WPA_SUPPLICANT" "8" "19 February 2008" "" ""
+.TH "WPA_SUPPLICANT" "8" "28 November 2008" "" ""
 
 .SH NAME
 wpa_supplicant \- Wi-Fi Protected Access client and IEEE 802.1X supplicant
@@ -214,7 +214,11 @@ PMKSA caching
 .RE
 .SH "AVAILABLE DRIVERS"
 .PP
-The available drivers to specify with the -D option are:
+A summary of available driver backends is below. Support for each
+of the driver backends is chosen at wpa_supplicant compile time. For a
+list of supported driver backends that may be used with the -D option on
+your system, refer to the help output of wpa_supplicant
+(\fBwpa_supplicant -h\fR).
 .TP
 \fBhostap\fR
 (default) Host AP driver (Intersil Prism2/2.5/3).
@@ -250,33 +254,47 @@ BSD 802.11 support (Atheros, etc.).
 \fBndis\fR
 Windows NDIS driver.
 .SH "COMMAND LINE OPTIONS"
+.PP
+Most command line options have global scope. Some are given per
+interface, and are only valid if at least one \fB-i\fR option
+is specified, otherwise they're ignored. Option groups for different
+interfaces must be separated by \fB-N\fR option.
+.TP
+\fB-b br_ifname\fR
+Optional bridge interface name. (Per interface)
 .TP
 \fB-B\fR
 Run daemon in the background.
 .TP
 \fB-i ifname\fR
-Interface to listen on.
+Interface to listen on. Multiple instances of this option can
+be present, one per interface, separated by \fB-N\fR
+option (see below).
 .TP
 \fB-c filename\fR
-Path to configuration file.
+Path to configuration file. (Per interface)
 .TP
 \fB-P PID_file\fR
 Path to PID file.
 .TP
 \fB-C ctrl_interface\fR
-Path to ctrl_interface socket (only used if -c is not).
+Path to ctrl_interface socket (Per interface. Only used if
+\fB-c\fR is not).
 .TP
 \fB-g global ctrl_interface\fR
-Path to global ctrl_interface socket.
+Path to global ctrl_interface socket. If specified, interface
+definitions may be omitted.
 .TP
 \fB-D driver\fR
-Driver to use.  See the available options below.
+Driver to use. (Per interface, see the available options
+below.)
 .TP
 \fB-f output file\fR
 Log output to specified file instead of stdout.
 .TP
 \fB-d\fR
-Increase debugging verbosity (-dd even more).
+Increase debugging verbosity (\fB-dd\fR even
+more).
 .TP
 \fB-K\fR
 Include keys (passwords, etc.) in debug output.
@@ -296,7 +314,12 @@ Help.  Show a usage message.
 Show license (GPL and BSD).
 .TP
 \fB-q\fR
-Decrease debugging verbosity (-qq even less).
+Decrease debugging verbosity (\fB-qq\fR even
+less).
+.TP
+\fB-u\fR
+Enabled DBus control interface. If enabled, interface
+definitions may be omitted.
 .TP
 \fB-v\fR
 Show version.
@@ -367,9 +390,9 @@ with other versions)
 .TP
 \fBHost AP driver for Prism2/2.5/3 (development snapshot/v0.2.x)\fR
 (http://hostap.epitest.fi/) Driver needs to be set in
-Managed mode ('iwconfig wlan0 mode managed').  Please note
-that station firmware version needs to be 1.7.0 or newer to
-work in WPA mode.
+Managed mode (\fBiwconfig wlan0 mode managed\fR).
+Please note that station firmware version needs to be 1.7.0 or
+newer to work in WPA mode.
 .TP
 \fBLinuxant DriverLoader\fR
 (http://www.linuxant.com/driverloader/)
@@ -506,8 +529,8 @@ can be used to enable WPA support:
 Add MODE="Managed" and WPA="y" to the network scheme in
 \fI/etc/pcmcia/wireless.opts\fR\&.
 .PP
-Add the following block to the end of 'start' action handler
-in \fI/etc/pcmcia/wireless\fR:
+Add the following block to the end of \fBstart\fR
+action handler in \fI/etc/pcmcia/wireless\fR:
 .sp
 .RS
 
@@ -519,8 +542,8 @@ fi
 .fi
 .RE
 .PP
-Add the following block to the end of 'stop' action handler
-(may need to be separated from other actions) in
+Add the following block to the end of \fBstop\fR
+action handler (may need to be separated from other actions) in
 \fI/etc/pcmcia/wireless\fR:
 .sp
 .RS

contrib/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5

@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "WPA_SUPPLICANT.CONF" "5" "19 February 2008" "" ""
+.TH "WPA_SUPPLICANT.CONF" "5" "28 November 2008" "" ""
 
 .SH NAME
 wpa_supplicant.conf \- configuration file for wpa_supplicant
@@ -24,7 +24,7 @@ run in the background.
 Changes to configuration file can be reloaded be sending
 SIGHUP signal to \fBwpa_supplicant\fR ('killall -HUP
 wpa_supplicant'). Similarly, reloading can be triggered with
-the 'wpa_cli reconfigure' command.
+the \fBwpa_cli reconfigure\fR command.
 .PP
 Configuration file can include one or more network blocks,
 e.g., one for each used SSID. wpa_supplicant will automatically
@@ -179,7 +179,7 @@ network={
 .TP 3
 6. 
 Authentication for wired Ethernet. This can be used with
-'wired' interface (-Dwired on command line).
+\fBwired\fR interface (-Dwired on command line).
 .sp
 .RS
 

contrib/wpa_supplicant/doc/docbook/wpa_supplicant.conf.sgml

@@ -26,7 +26,7 @@
     <para>Changes to configuration file can be reloaded be sending
     SIGHUP signal to <command>wpa_supplicant</command> ('killall -HUP
     wpa_supplicant'). Similarly, reloading can be triggered with
-    the 'wpa_cli reconfigure' command.</para>
+    the <emphasis>wpa_cli reconfigure</emphasis> command.</para>
 
     <para>Configuration file can include one or more network blocks,
     e.g., one for each used SSID. wpa_supplicant will automatically
@@ -179,7 +179,7 @@ network={
 
       <listitem>
 	<para>Authentication for wired Ethernet. This can be used with
-       'wired' interface (-Dwired on command line).</para>
+       <emphasis>wired</emphasis> interface (-Dwired on command line).</para>
 
 <blockquote><programlisting>
 ctrl_interface=/var/run/wpa_supplicant

contrib/wpa_supplicant/doc/docbook/wpa_supplicant.sgml

@@ -241,7 +241,11 @@
 
   <refsect1>
     <title>Available Drivers</title>
-    <para>The available drivers to specify with the -D option are:</para>
+    <para>A summary of available driver backends is below. Support for each
+    of the driver backends is chosen at wpa_supplicant compile time. For a
+    list of supported driver backends that may be used with the -D option on
+    your system, refer to the help output of wpa_supplicant
+    (<emphasis>wpa_supplicant -h</emphasis>).</para>
 
     <variablelist>
       <varlistentry>
@@ -326,7 +330,18 @@
 
   <refsect1>
     <title>Command Line Options</title>
+    <para>Most command line options have global scope. Some are given per
+    interface, and are only valid if at least one <option>-i</option> option
+    is specified, otherwise they're ignored. Option groups for different
+    interfaces must be separated by <option>-N</option> option.</para>
     <variablelist>
+      <varlistentry>
+	<term>-b br_ifname</term>
+	<listitem>
+	  <para>Optional bridge interface name. (Per interface)</para>
+	</listitem>
+      </varlistentry>
+
       <varlistentry>
 	<term>-B</term>
 	<listitem>
@@ -337,14 +352,16 @@
       <varlistentry>
 	<term>-i ifname</term>
 	<listitem>
-	  <para>Interface to listen on.</para>
+	  <para>Interface to listen on. Multiple instances of this option can
+	  be present, one per interface, separated by <option>-N</option>
+	  option (see below).</para>
 	</listitem>
       </varlistentry>
 
       <varlistentry>
 	<term>-c filename</term>
 	<listitem>
-	  <para>Path to configuration file.</para>
+	  <para>Path to configuration file. (Per interface)</para>
 	</listitem>
       </varlistentry>
 
@@ -358,21 +375,24 @@
       <varlistentry>
 	<term>-C ctrl_interface</term>
 	<listitem>
-	  <para>Path to ctrl_interface socket (only used if -c is not).</para>
+	  <para>Path to ctrl_interface socket (Per interface. Only used if
+		  <option>-c</option> is not).</para>
 	</listitem>
       </varlistentry>
 
       <varlistentry>
 	<term>-g global ctrl_interface</term>
 	<listitem>
-	  <para>Path to global ctrl_interface socket.</para>
+	  <para>Path to global ctrl_interface socket. If specified, interface
+	  definitions may be omitted.</para>
 	</listitem>
       </varlistentry>
 
       <varlistentry>
 	<term>-D driver</term>
 	<listitem>
-	  <para>Driver to use.  See the available options below.</para>
+	  <para>Driver to use. (Per interface, see the available options
+		  below.)</para>
 	</listitem>
       </varlistentry>
 
@@ -386,7 +406,8 @@
       <varlistentry>
 	<term>-d</term>
 	<listitem>
-	  <para>Increase debugging verbosity (-dd even more).</para>
+	  <para>Increase debugging verbosity (<option>-dd</option> even
+		  more).</para>
 	</listitem>
       </varlistentry>
 
@@ -430,9 +451,19 @@
       <varlistentry>
 	<term>-q</term>
 	<listitem>
-	  <para>Decrease debugging verbosity (-qq even less).</para>
+	  <para>Decrease debugging verbosity (<option>-qq</option> even
+		  less).</para>
 	</listitem>
       </varlistentry>
+
+      <varlistentry>
+	<term>-u</term>
+	<listitem>
+	  <para>Enabled DBus control interface. If enabled, interface
+	  definitions may be omitted.</para>
+	</listitem>
+      </varlistentry>
+
       <varlistentry>
 	<term>-v</term>
 	<listitem>
@@ -523,9 +554,9 @@ wpa_supplicant \
 	snapshot/v0.2.x)</term>
 	<listitem>
 	  <para> (http://hostap.epitest.fi/) Driver needs to be set in
-	Managed mode ('iwconfig wlan0 mode managed').  Please note
-	that station firmware version needs to be 1.7.0 or newer to
-	work in WPA mode.</para>
+	  Managed mode (<emphasis>iwconfig wlan0 mode managed</emphasis>).
+	  Please note that station firmware version needs to be 1.7.0 or
+	  newer to work in WPA mode.</para>
 	</listitem>
       </varlistentry>
 
@@ -729,8 +760,8 @@ wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
     <para>Add MODE="Managed" and WPA="y" to the network scheme in
     <filename>/etc/pcmcia/wireless.opts</filename>.</para>
 
-    <para>Add the following block to the end of 'start' action handler
-    in <filename>/etc/pcmcia/wireless</filename>:</para>
+    <para>Add the following block to the end of <emphasis>start</emphasis>
+    action handler in <filename>/etc/pcmcia/wireless</filename>:</para>
 
     <blockquote><programlisting>
 if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
@@ -739,8 +770,8 @@ fi
     </programlisting></blockquote>
 
 
-    <para>Add the following block to the end of 'stop' action handler
-    (may need to be separated from other actions) in
+    <para>Add the following block to the end of <emphasis>stop</emphasis>
+    action handler (may need to be separated from other actions) in
     <filename>/etc/pcmcia/wireless</filename>:</para>
 
     <blockquote><programlisting>

contrib/wpa_supplicant/driver_ndis.c

@@ -42,7 +42,9 @@ int close(int fd);
 #include "driver_ndis.h"
 
 int wpa_driver_register_event_cb(struct wpa_driver_ndis_data *drv);
+#ifdef CONFIG_NDIS_EVENTS_INTEGRATED
 void wpa_driver_ndis_event_pipe_cb(void *eloop_data, void *user_data);
+#endif /* CONFIG_NDIS_EVENTS_INTEGRATED */
 
 static void wpa_driver_ndis_deinit(void *priv);
 static void wpa_driver_ndis_poll(void *drv);

contrib/wpa_supplicant/eap.c

@@ -892,7 +892,7 @@ static int eap_sm_imsi_identity(struct eap_sm *sm, struct wpa_ssid *ssid)
 #endif /* PCSC_FUNCS */
 
 
-static int eap_sm_get_scard_identity(struct eap_sm *sm, struct wpa_ssid *ssid)
+static int eap_sm_set_scard_pin(struct eap_sm *sm, struct wpa_ssid *ssid)
 {
 #ifdef PCSC_FUNCS
 	if (scard_set_pin(sm->scard_ctx, ssid->pin)) {
@@ -907,6 +907,17 @@ static int eap_sm_get_scard_identity(struct eap_sm *sm, struct wpa_ssid *ssid)
 		eap_sm_request_pin(sm);
 		return -1;
 	}
+	return 0;
+#else /* PCSC_FUNCS */
+	return -1;
+#endif /* PCSC_FUNCS */
+}
+
+static int eap_sm_get_scard_identity(struct eap_sm *sm, struct wpa_ssid *ssid)
+{
+#ifdef PCSC_FUNCS
+	if (eap_sm_set_scard_pin(sm, ssid))
+		return -1;
 
 	return eap_sm_imsi_identity(sm, ssid);
 #else /* PCSC_FUNCS */
@@ -973,6 +984,9 @@ u8 * eap_sm_buildIdentity(struct eap_sm *sm, int id, size_t *len,
 			eap_sm_request_identity(sm);
 			return NULL;
 		}
+	} else if (config->pcsc) {
+		if (eap_sm_set_scard_pin(sm, config) < 0)
+			return NULL;
 	}
 
 	*len = sizeof(struct eap_hdr) + 1 + identity_len;

contrib/wpa_supplicant/eap_aka.c

@@ -292,7 +292,7 @@ static u8 * eap_aka_response_challenge(struct eap_aka_data *data,
 	msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
 			       EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE);
 	wpa_printf(MSG_DEBUG, "   AT_RES");
-	eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len,
+	eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len * 8,
 			data->res, data->res_len);
 	wpa_printf(MSG_DEBUG, "   AT_MAC");
 	eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);

contrib/wpa_supplicant/eap_gpsk.c

@@ -240,8 +240,8 @@ const u8 * eap_gpsk_process_csuite_list(struct eap_sm *sm,
 		return NULL;
 	}
 	if (*list_len == 0 || (*list_len % sizeof(struct eap_gpsk_csuite))) {
-		wpa_printf(MSG_DEBUG, "EAP-GPSK: Invalid CSuite_List len %d",
-			   *list_len);
+		wpa_printf(MSG_DEBUG, "EAP-GPSK: Invalid CSuite_List len %lu",
+			   (unsigned long) *list_len);
 		return NULL;
 	}
 	*list = pos;
@@ -460,6 +460,7 @@ const u8 * eap_gpsk_validate_id_server(struct eap_gpsk_data *data,
 				  data->id_server, data->id_server_len);
 		wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Server in GPSK-3",
 				  pos, len);
+		return NULL;
 	}
 
 	pos += len;
@@ -537,7 +538,9 @@ const u8 * eap_gpsk_validate_gpsk_3_mic(struct eap_gpsk_data *data,
 	miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
 	if (end - pos < (int) miclen) {
 		wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for MIC "
-			   "(left=%d miclen=%d)", end - pos, miclen);
+			   "(left=%lu miclen=%lu)",
+			   (unsigned long) (end - pos),
+			   (unsigned long) miclen);
 		return NULL;
 	}
 	if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor,
@@ -589,8 +592,9 @@ static u8 * eap_gpsk_process_gpsk_3(struct eap_sm *sm,
 		return NULL;
 	}
 	if (pos != end) {
-		wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %d bytes of extra "
-			   "data in the end of GPSK-2", end - pos);
+		wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %lu bytes of extra "
+			   "data in the end of GPSK-2",
+			   (unsigned long) (end - pos));
 	}
 
 	req = (const struct eap_hdr *) reqData;

contrib/wpa_supplicant/eap_gpsk_common.c

@@ -376,8 +376,8 @@ static int eap_gpsk_compute_mic_aes(const u8 *sk, size_t sk_len,
 				    const u8 *data, size_t len, u8 *mic)
 {
 	if (sk_len != 16) {
-		wpa_printf(MSG_DEBUG, "EAP-GPSK: Invalid SK length %d for "
-			   "AES-CMAC MIC", sk_len);
+		wpa_printf(MSG_DEBUG, "EAP-GPSK: Invalid SK length %lu for "
+			   "AES-CMAC MIC", (unsigned long) sk_len);
 		return -1;
 	}
 

contrib/wpa_supplicant/eap_ttls.c

@@ -673,7 +673,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
 
 	/* MS-CHAP-Challenge */
 	challenge = eap_ttls_implicit_challenge(
-		sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN * 2 + 1);
+		sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
 	if (challenge == NULL) {
 		os_free(buf);
 		wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
@@ -777,7 +777,8 @@ static int eap_ttls_phase2_request_mschap(struct eap_sm *sm,
 			       config->identity, config->identity_len);
 
 	/* MS-CHAP-Challenge */
-	challenge = eap_ttls_implicit_challenge(sm, data, EAP_TLS_KEY_LEN);
+	challenge = eap_ttls_implicit_challenge(
+		sm, data, EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
 	if (challenge == NULL) {
 		os_free(buf);
 		wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to derive "
@@ -907,7 +908,8 @@ static int eap_ttls_phase2_request_chap(struct eap_sm *sm,
 			       config->identity, config->identity_len);
 
 	/* CHAP-Challenge */
-	challenge = eap_ttls_implicit_challenge(sm, data, EAP_TLS_KEY_LEN);
+	challenge = eap_ttls_implicit_challenge(
+		sm, data, EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
 	if (challenge == NULL) {
 		os_free(buf);
 		wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to derive "

contrib/wpa_supplicant/eloop.c

@@ -232,7 +232,10 @@ int eloop_register_timeout(unsigned int secs, unsigned int usecs,
 	timeout = os_malloc(sizeof(*timeout));
 	if (timeout == NULL)
 		return -1;
-	os_get_time(&timeout->time);
+	if (os_get_time(&timeout->time) < 0) {
+		os_free(timeout);
+		return -1;
+	}
 	timeout->time.sec += secs;
 	timeout->time.usec += usecs;
 	while (timeout->time.usec >= 1000000) {
@@ -302,6 +305,25 @@ int eloop_cancel_timeout(eloop_timeout_handler handler,
 }
 
 
+int eloop_is_timeout_registered(eloop_timeout_handler handler,
+				void *eloop_data, void *user_data)
+{
+	struct eloop_timeout *tmp;
+
+	tmp = eloop.timeout;
+	while (tmp != NULL) {
+		if (tmp->handler == handler &&
+		    tmp->eloop_data == eloop_data &&
+		    tmp->user_data == user_data)
+			return 1;
+
+		tmp = tmp->next;
+	}
+
+	return 0;
+}
+
+
 #ifndef CONFIG_NATIVE_WINDOWS
 static void eloop_handle_alarm(int sig)
 {

contrib/wpa_supplicant/eloop.h

@@ -206,6 +206,19 @@ int eloop_register_timeout(unsigned int secs, unsigned int usecs,
 int eloop_cancel_timeout(eloop_timeout_handler handler,
 			 void *eloop_data, void *user_data);
 
+/**
+ * eloop_is_timeout_registered - Check if a timeout is already registered
+ * @handler: Matching callback function
+ * @eloop_data: Matching eloop_data
+ * @user_data: Matching user_data
+ * Returns: 1 if the timeout is registered, 0 if the timeout is not registered
+ *
+ * Determine if a matching <handler,eloop_data,user_data> timeout is registered
+ * with eloop_register_timeout().
+ */
+int eloop_is_timeout_registered(eloop_timeout_handler handler,
+				void *eloop_data, void *user_data);
+
 /**
  * eloop_register_signal - Register handler for signals
  * @sig: Signal number (e.g., SIGHUP)

contrib/wpa_supplicant/eloop_none.c

@@ -197,6 +197,26 @@ int eloop_cancel_timeout(void (*handler)(void *eloop_ctx, void *sock_ctx),
 }
 
 
+int eloop_is_timeout_registered(void (*handler)(void *eloop_ctx,
+						void *timeout_ctx),
+				void *eloop_data, void *user_data)
+{
+	struct eloop_timeout *tmp;
+
+	tmp = eloop.timeout;
+	while (tmp != NULL) {
+		if (tmp->handler == handler &&
+		    tmp->eloop_data == eloop_data &&
+		    tmp->user_data == user_data)
+			return 1;
+
+		tmp = tmp->next;
+	}
+
+	return 0;
+}
+
+
 /* TODO: replace with suitable signal handler */
 #if 0
 static void eloop_handle_signal(int sig)

contrib/wpa_supplicant/mlme.c

@@ -985,8 +985,6 @@ static void ieee80211_send_probe_req(struct wpa_supplicant *wpa_s,
 	supp_rates[1] = 0;
 	for (i = 0; i < wpa_s->mlme.num_curr_rates; i++) {
 		struct wpa_rate_data *rate = &wpa_s->mlme.curr_rates[i];
-		if (!(rate->flags & WPA_RATE_SUPPORTED))
-			continue;
 		if (esupp_rates) {
 			pos = buf + len;
 			len++;
@@ -996,6 +994,7 @@ static void ieee80211_send_probe_req(struct wpa_supplicant *wpa_s,
 			esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
 			esupp_rates[1] = 1;
 			pos = &esupp_rates[2];
+			len += 3;
 		} else {
 			pos = buf + len;
 			len++;

contrib/wpa_supplicant/os_unix.c

@@ -216,7 +216,12 @@ char * os_readfile(const char *name, size_t *len)
 		return NULL;
 	}
 
-	fread(buf, 1, *len, f);
+	if (fread(buf, 1, *len, f) != *len) {
+		fclose(f);
+		free(buf);
+		return NULL;
+	}
+
 	fclose(f);
 
 	return buf;

contrib/wpa_supplicant/preauth_test.c

@@ -44,12 +44,6 @@ struct preauth_test_data {
 };
 
 
-static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec)
-{
-	wpa_supplicant_req_scan(wpa_s, sec, usec);
-}
-
-
 static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code)
 {
 	wpa_supplicant_disassociate(wpa_s, reason_code);
@@ -254,7 +248,6 @@ static void wpa_init_conf(struct wpa_supplicant *wpa_s, const char *ifname)
 	ctx->ctx = wpa_s;
 	ctx->set_state = _wpa_supplicant_set_state;
 	ctx->get_state = _wpa_supplicant_get_state;
-	ctx->req_scan = _wpa_supplicant_req_scan;
 	ctx->deauthenticate = _wpa_supplicant_deauthenticate;
 	ctx->disassociate = _wpa_supplicant_disassociate;
 	ctx->set_key = wpa_supplicant_set_key;

contrib/wpa_supplicant/radius.c

@@ -801,6 +801,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
 	ppos = plain = os_malloc(plen);
 	if (plain == NULL)
 		return NULL;
+	plain[0] = 0;
 
 	while (left > 0) {
 		/* b(1) = MD5(Secret + Request-Authenticator + Salt)
@@ -825,7 +826,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
 		left -= MD5_MAC_LEN;
 	}
 
-	if (plain[0] > plen - 1) {
+	if (plain[0] == 0 || plain[0] > plen - 1) {
 		printf("Failed to decrypt MPPE key\n");
 		os_free(plain);
 		return NULL;

contrib/wpa_supplicant/sha1.c

@@ -265,6 +265,10 @@ int tls_prf(const u8 *secret, size_t secret_len, const char *label,
 	L_S1 = L_S2 = (secret_len + 1) / 2;
 	S1 = secret;
 	S2 = secret + L_S1;
+	if (secret_len & 1) {
+		/* The last byte of S1 will be shared with S2 */
+		S2--;
+	}
 
 	hmac_md5_vector(S1, L_S1, 2, &MD5_addr[1], &MD5_len[1], A_MD5);
 	hmac_sha1_vector(S2, L_S2, 2, &SHA1_addr[1], &SHA1_len[1], A_SHA1);

contrib/wpa_supplicant/tls_openssl.c

@@ -871,6 +871,7 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
 {
 	SSL_CTX *ssl = ssl_ctx;
 	struct tls_connection *conn;
+	long options;
 
 	conn = os_zalloc(sizeof(*conn));
 	if (conn == NULL)
@@ -884,9 +885,12 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
 	}
 
 	SSL_set_app_data(conn->ssl, conn);
-	SSL_set_options(conn->ssl,
-			SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
-			SSL_OP_SINGLE_DH_USE);
+	options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
+		SSL_OP_SINGLE_DH_USE;
+#ifdef SSL_OP_NO_COMPRESSION
+	options |= SSL_OP_NO_COMPRESSION;
+#endif /* SSL_OP_NO_COMPRESSION */
+	SSL_set_options(conn->ssl, options);
 
 	conn->ssl_in = BIO_new(BIO_s_mem());
 	if (!conn->ssl_in) {

contrib/wpa_supplicant/version.h

@@ -1,6 +1,6 @@
 #ifndef VERSION_H
 #define VERSION_H
 
-#define VERSION_STR "0.5.10"
+#define VERSION_STR "0.5.11"
 
 #endif /* VERSION_H */

contrib/wpa_supplicant/wpa.c

@@ -65,8 +65,7 @@ static const u8 WPA_CIPHER_SUITE_WEP104[] = { 0x00, 0x50, 0xf2, 5 };
 struct wpa_ie_hdr {
 	u8 elem_id;
 	u8 len;
-	u8 oui[3];
-	u8 oui_type;
+	u8 oui[4]; /* 24-bit OUI followed by 8-bit OUI type */
 	u8 version[2];
 } STRUCT_PACKED;
 
@@ -1406,7 +1405,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
 					   "caching attempt");
 				sm->cur_pmksa = NULL;
 				abort_cached = 1;
-			} else {
+			} else if (!abort_cached) {
 				return -1;
 			}
 		}
@@ -1567,7 +1566,6 @@ static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
 		MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
 		wpa_cipher_txt(sm->pairwise_cipher),
 		wpa_cipher_txt(sm->group_cipher));
-	eloop_cancel_timeout(sm->ctx->scan, sm->ctx->ctx, NULL);
 	wpa_sm_cancel_auth_timeout(sm);
 	wpa_sm_set_state(sm, WPA_COMPLETED);
 
@@ -1904,7 +1902,6 @@ static void wpa_report_ie_mismatch(struct wpa_sm *sm,
 	}
 
 	wpa_sm_disassociate(sm, REASON_IE_IN_4WAY_DIFFERS);
-	wpa_sm_req_scan(sm, 0, 0);
 }
 
 
@@ -3798,7 +3795,6 @@ static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
 
 		os_memset(sm->pmk, 0, sizeof(sm->pmk));
 		wpa_sm_deauthenticate(sm, REASON_UNSPECIFIED);
-		wpa_sm_req_scan(sm, 0, 0);
 	}
 }
 

contrib/wpa_supplicant/wpa.h

@@ -59,7 +59,6 @@ struct wpa_sm_ctx {
 
 	void (*set_state)(void *ctx, wpa_states state);
 	wpa_states (*get_state)(void *ctx);
-	void (*req_scan)(void *ctx, int sec, int usec);
 	void (*deauthenticate)(void * ctx, int reason_code); 
 	void (*disassociate)(void *ctx, int reason_code);
 	int (*set_key)(void *ctx, wpa_alg alg,

contrib/wpa_supplicant/wpa_cli.c

@@ -1081,6 +1081,7 @@ static int wpa_cli_exec(const char *program, const char *arg1,
 {
 	char *cmd;
 	size_t len;
+	int ret = 0;
 
 	len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
 	cmd = os_malloc(len);
@@ -1089,11 +1090,12 @@ static int wpa_cli_exec(const char *program, const char *arg1,
 	os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
 	cmd[len - 1] = '\0';
 #ifndef _WIN32_WCE
-	system(cmd);
+	if (system(cmd) < 0)
+		ret = -1;
 #endif /* _WIN32_WCE */
 	os_free(cmd);
 
-	return 0;
+	return ret;
 }
 
 

contrib/wpa_supplicant/wpa_gui-qt4/networkconfig.cpp

@@ -12,6 +12,7 @@
  * See README and COPYING for more details.
  */
 
+#include <cstdio>
 #include <QMessageBox>
 
 #include "networkconfig.h"

contrib/wpa_supplicant/wpa_gui-qt4/scanresults.cpp

@@ -14,6 +14,8 @@
 
 #include <QTimer>
 
+#include <cstdio>
+
 #include "scanresults.h"
 #include "wpagui.h"
 #include "networkconfig.h"

contrib/wpa_supplicant/wpa_gui-qt4/wpagui.cpp

@@ -17,6 +17,7 @@
 #include <unistd.h>
 #endif
 
+#include <cstdio>
 #include <QMessageBox>
 
 #include "wpagui.h"

contrib/wpa_supplicant/wpa_gui/networkconfig.ui.h

@@ -10,6 +10,7 @@
 ** destructor.
 *****************************************************************************/
 
+#include <stdlib.h>
 
 enum {
     AUTH_NONE = 0,

contrib/wpa_supplicant/wpa_gui/userdatarequest.ui.h

@@ -10,6 +10,8 @@
 ** destructor.
 *****************************************************************************/
 
+#include <stdlib.h>
+
 int UserDataRequest::setParams(WpaGui *_wpagui, const char *reqMsg)
 {
     char *tmp, *pos, *pos2;

contrib/wpa_supplicant/wpa_gui/wpagui.ui.h

@@ -16,6 +16,7 @@
 #include <unistd.h>
 #endif
 
+#include <stdlib.h>
 
 void WpaGui::init()
 {

contrib/wpa_supplicant/wpa_i.h

@@ -146,11 +146,6 @@ static inline wpa_states wpa_sm_get_state(struct wpa_sm *sm)
 	return sm->ctx->get_state(sm->ctx->ctx);
 }
 
-static inline void wpa_sm_req_scan(struct wpa_sm *sm, int sec, int usec)
-{
-	sm->ctx->req_scan(sm->ctx->ctx, sec, usec);
-}
-
 static inline void wpa_sm_deauthenticate(struct wpa_sm *sm, int reason_code)
 {
 	sm->ctx->deauthenticate(sm->ctx->ctx, reason_code);

contrib/wpa_supplicant/wpa_supplicant.c

@@ -364,7 +364,6 @@ static void wpa_supplicant_notify_eapol_done(void *ctx)
 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
 		wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
 	} else {
-		eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
 		wpa_supplicant_cancel_auth_timeout(wpa_s);
 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
 	}
@@ -492,6 +491,28 @@ void wpa_blacklist_clear(struct wpa_supplicant *wpa_s)
  */
 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec)
 {
+	/* If there's at least one network that should be specifically scanned
+	 * then don't cancel the scan and reschedule.  Some drivers do
+	 * background scanning which generates frequent scan results, and that
+	 * causes the specific SSID scan to get continually pushed back and
+	 * never happen, which causes hidden APs to never get probe-scanned.
+	 */
+	if (eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL) &&
+	    wpa_s->conf->ap_scan == 1) {
+		struct wpa_ssid *ssid = wpa_s->conf->ssid;
+
+		while (ssid) {
+			if (!ssid->disabled && ssid->scan_ssid)
+				break;
+			ssid = ssid->next;
+		}
+		if (ssid) {
+			wpa_msg(wpa_s, MSG_DEBUG, "Not rescheduling scan to "
+			        "ensure that specific SSID scans occur");
+			return;
+		}
+	}
+
 	wpa_msg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec",
 		sec, usec);
 	eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
@@ -1051,6 +1072,7 @@ static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
 
 	if (wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1) {
 		wpa_s->scan_res_tried++;
+		wpa_s->scan_req = scan_req;
 		wpa_printf(MSG_DEBUG, "Trying to get current scan results "
 			   "first without requesting a new scan to speed up "
 			   "initial association");
@@ -1521,13 +1543,15 @@ void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
 	} else {
 		/* Timeout for IEEE 802.11 authentication and association */
-		int timeout;
-		if (assoc_failed)
-			timeout = 5;
-		else if (wpa_s->conf->ap_scan == 1)
-			timeout = 10;
-		else
-			timeout = 60;
+		int timeout = 60;
+
+		if (assoc_failed) {
+			/* give IBSS a bit more time */
+ 			timeout = ssid->mode ? 10 : 5;
+		} else if (wpa_s->conf->ap_scan == 1) {
+			/* give IBSS a bit more time */
+ 			timeout = ssid->mode ? 20 : 10;
+		}
 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
 	}
 
@@ -1797,12 +1821,6 @@ static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
 }
 
 
-static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec)
-{
-	wpa_supplicant_req_scan(wpa_s, sec, usec);
-}
-
-
 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
 {
 	wpa_supplicant_cancel_auth_timeout(wpa_s);
@@ -1824,12 +1842,16 @@ static wpa_states _wpa_supplicant_get_state(void *wpa_s)
 static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code)
 {
 	wpa_supplicant_disassociate(wpa_s, reason_code);
+	/* Schedule a scan to make sure we continue looking for networks */
+	wpa_supplicant_req_scan(wpa_s, 0, 0);
 }
 
 
 static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
 {
 	wpa_supplicant_deauthenticate(wpa_s, reason_code);
+	/* Schedule a scan to make sure we continue looking for networks */
+	wpa_supplicant_req_scan(wpa_s, 0, 0);
 }
 
 
@@ -2207,7 +2229,6 @@ static int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
 	ctx->ctx = wpa_s;
 	ctx->set_state = _wpa_supplicant_set_state;
 	ctx->get_state = _wpa_supplicant_get_state;
-	ctx->req_scan = _wpa_supplicant_req_scan;
 	ctx->deauthenticate = _wpa_supplicant_deauthenticate;
 	ctx->disassociate = _wpa_supplicant_disassociate;
 	ctx->set_key = wpa_supplicant_set_key;