自学教程：C++ wpabuf_alloc函数代码示例

static struct wpabuf * ikev2_build_sa_init(struct ikev2_initiator_data *data){	struct wpabuf *msg;	/* build IKE_SA_INIT: HDR, SAi, KEi, Ni */	if (os_get_random(data->i_spi, IKEV2_SPI_LEN))		return NULL;	wpa_hexdump(MSG_DEBUG, "IKEV2: IKE_SA Initiator's SPI",		    data->i_spi, IKEV2_SPI_LEN);	data->i_nonce_len = IKEV2_NONCE_MIN_LEN;	if (os_get_random(data->i_nonce, data->i_nonce_len))		return NULL;	wpa_hexdump(MSG_DEBUG, "IKEV2: Ni", data->i_nonce, data->i_nonce_len);	msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + 1000);	if (msg == NULL)		return NULL;	ikev2_build_hdr(data, msg, IKE_SA_INIT, IKEV2_PAYLOAD_SA, 0);	if (ikev2_build_sai(data, msg, IKEV2_PAYLOAD_KEY_EXCHANGE) ||	    ikev2_build_kei(data, msg, IKEV2_PAYLOAD_NONCE) ||	    ikev2_build_ni(data, msg, IKEV2_PAYLOAD_NO_NEXT_PAYLOAD)) {		wpabuf_free(msg);		return NULL;	}	ikev2_update_hdr(msg);	wpa_hexdump_buf(MSG_MSGDUMP, "IKEV2: Sending message (SA_INIT)", msg);	wpabuf_free(data->i_sign_msg);	data->i_sign_msg = wpabuf_dup(msg);	return msg;}

struct wpabuf * tncs_build_soh_request(void){    struct wpabuf *buf;    /*     * Build a SoH Request TLV (to be used inside SoH EAP Extensions     * Method)     */    buf = wpabuf_alloc(8 + 4);    if (buf == NULL)        return NULL;    /* Vendor-Specific TLV (Microsoft) - SoH Request */    wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* TLV Type */    wpabuf_put_be16(buf, 8); /* Length */    wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* Vendor_Id */    wpabuf_put_be16(buf, 0x02); /* TLV Type - SoH Request TLV */    wpabuf_put_be16(buf, 0); /* Length */    return buf;}

struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey,				  struct wpabuf **privkey,				  struct wpabuf **dev_pw){	struct wpabuf *priv = NULL, *pub = NULL, *pw;	void *dh_ctx;	u16 val;	pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN);	if (pw == NULL)		return NULL;	if (random_get_bytes(wpabuf_put(pw, WPS_OOB_DEVICE_PASSWORD_LEN),			     WPS_OOB_DEVICE_PASSWORD_LEN) ||	    random_get_bytes((u8 *) &val, sizeof(val))) {		wpabuf_free(pw);		return NULL;	}	dh_ctx = dh5_init(&priv, &pub);	if (dh_ctx == NULL) {		wpabuf_free(pw);		return NULL;	}	dh5_free(dh_ctx);	*id = 0x10 + val % 0xfff0;	wpabuf_free(*pubkey);	*pubkey = pub;	wpabuf_free(*privkey);	*privkey = priv;	wpabuf_free(*dev_pw);	*dev_pw = pw;	return wps_nfc_token_build(ndef, *id, *pubkey, *dev_pw);}

static int eap_server_tls_process_fragment(struct eap_ssl_data *data,					   u8 flags, u32 message_length,					   const u8 *buf, size_t len){	/* Process a fragment that is not the last one of the message */	if (data->tls_in == NULL && !(flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)) {		wpa_printf(MSG_DEBUG, "SSL: No Message Length field in a "			   "fragmented packet");		return -1;	}	if (data->tls_in == NULL) {		/* First fragment of the message */		/* Limit length to avoid rogue peers from causing large		 * memory allocations. */		if (message_length > 65536) {			wpa_printf(MSG_INFO, "SSL: Too long TLS fragment (size"				   " over 64 kB)");			return -1;		}		data->tls_in = wpabuf_alloc(message_length);		if (data->tls_in == NULL) {			wpa_printf(MSG_DEBUG, "SSL: No memory for message");			return -1;		}		wpabuf_put_data(data->tls_in, buf, len);		wpa_printf(MSG_DEBUG, "SSL: Received %lu bytes in first "			   "fragment, waiting for %lu bytes more",			   (unsigned long) len,			   (unsigned long) wpabuf_tailroom(data->tls_in));	}	return 0;}

static struct wpabuf * wps_build_m3(struct wps_data *wps){	struct wpabuf *msg;	wpa_printf(MSG_DEBUG, "WPS: Building Message M3");	if (wps->dev_password == NULL) {		wpa_printf(MSG_DEBUG, "WPS: No Device Password available");		return NULL;	}	if (wps_derive_psk(wps, wps->dev_password, wps->dev_password_len) < 0)		return NULL;	if (wps->wps->ap && random_pool_ready() != 1) {		wpa_printf(MSG_INFO,			   "WPS: Not enough entropy in random pool to proceed - do not allow AP PIN to be used");		return NULL;	}	msg = wpabuf_alloc(1000);	if (msg == NULL)		return NULL;	if (wps_build_version(msg) ||	    wps_build_msg_type(msg, WPS_M3) ||	    wps_build_registrar_nonce(wps, msg) ||	    wps_build_e_hash(wps, msg) ||	    wps_build_wfa_ext(msg, 0, NULL, 0) ||	    wps_build_authenticator(wps, msg)) {		wpabuf_free(msg);		return NULL;	}	wps->state = RECV_M4;	return msg;}

/** * wpabuf_concat - Concatenate two buffers into a newly allocated one * @a: First buffer * @b: Second buffer * Returns: wpabuf with concatenated a + b data or %NULL on failure * * Both buffers a and b will be freed regardless of the return value. Input * buffers can be %NULL which is interpreted as an empty buffer. */struct wpabuf * wpabuf_concat(struct wpabuf *a, struct wpabuf *b){	struct wpabuf *n = NULL;	size_t len = 0;	if (b == NULL)		return a;	if (a)		len += wpabuf_len(a);	len += wpabuf_len(b);	n = wpabuf_alloc(len);	if (n) {		if (a)			wpabuf_put_buf(n, a);		wpabuf_put_buf(n, b);	}	wpabuf_free(a);	wpabuf_free(b);	return n;}

/** * wps_build_assoc_resp_ie - Build WPS IE for (Re)Association Response * Returns: WPS IE or %NULL on failure * * The caller is responsible for freeing the buffer. */struct wpabuf *wps_build_assoc_resp_ie(void){	struct wpabuf *ie;	u8 *len;	wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for (Re)Association " "Response");	ie = wpabuf_alloc(100);	if (ie == NULL) {		return NULL;	}	wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC);	len = wpabuf_put(ie, 1);	wpabuf_put_be32(ie, WPS_DEV_OUI_WFA);	if (wps_build_version(ie) || wps_build_resp_type(ie, WPS_RESP_AP) || wps_build_wfa_ext(ie, 0, NULL, 0)) {		wpabuf_free(ie);		return NULL;	}	*len = wpabuf_len(ie) - 2;	return ie;}

static struct wpabuf *eap_wsc_process_fragment(struct eap_wsc_data *data, struct eap_method_ret *ret, u8 id, u8 flags, u8 op_code, u16 message_length, const u8 *buf, size_t len){	/* Process a fragment that is not the last one of the message */	if (data->in_buf == NULL && !(flags & WSC_FLAGS_LF)) {		wpa_printf(MSG_DEBUG, "EAP-WSC: No Message Length field in a " "fragmented packet");		ret->ignore = TRUE;		return NULL;	}	if (data->in_buf == NULL) {		/* First fragment of the message */		data->in_buf = wpabuf_alloc(message_length);		if (data->in_buf == NULL) {			wpa_printf(MSG_DEBUG, "EAP-WSC: No memory for " "message");			ret->ignore = TRUE;			return NULL;		}		data->in_op_code = op_code;		wpabuf_put_data(data->in_buf, buf, len);		wpa_printf(MSG_DEBUG, "EAP-WSC: Received %lu bytes in first " "fragment, waiting for %lu bytes more", (unsigned long)len, (unsigned long)wpabuf_tailroom(data->in_buf));	}	return eap_wsc_build_frag_ack(id, EAP_CODE_RESPONSE);}

static struct wpabuf * p2p_build_dev_disc_req(struct p2p_data *p2p,					      struct p2p_device *go,					      const u8 *dev_id){	struct wpabuf *buf;	u8 *len;	buf = wpabuf_alloc(100);	if (buf == NULL)		return NULL;	go->dialog_token++;	if (go->dialog_token == 0)		go->dialog_token = 1;	p2p_buf_add_public_action_hdr(buf, P2P_DEV_DISC_REQ, go->dialog_token);	len = p2p_buf_add_ie_hdr(buf);	p2p_buf_add_device_id(buf, dev_id);	p2p_buf_add_group_id(buf, go->info.p2p_device_addr, go->oper_ssid,			     go->oper_ssid_len);	p2p_buf_update_ie_hdr(buf, len);	return buf;}

static struct wpabuf * p2p_build_sd_query(u16 update_indic,					  struct wpabuf *tlvs){	struct wpabuf *buf;	u8 *len_pos, *len_pos2;	buf = wpabuf_alloc(1000 + wpabuf_len(tlvs));	if (buf == NULL)		return NULL;	wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC);	wpabuf_put_u8(buf, WLAN_PA_GAS_INITIAL_REQ);	wpabuf_put_u8(buf, 0); /* Dialog Token */	/* Advertisement Protocol IE */	wpabuf_put_u8(buf, WLAN_EID_ADV_PROTO);	wpabuf_put_u8(buf, 2); /* Length */	wpabuf_put_u8(buf, 0); /* QueryRespLenLimit | PAME-BI */	wpabuf_put_u8(buf, NATIVE_QUERY_PROTOCOL); /* Advertisement Protocol */	/* Query Request */	len_pos = wpabuf_put(buf, 2); /* Length (to be filled) */	/* NQP Query Request Frame */	wpabuf_put_le16(buf, NQP_VENDOR_SPECIFIC); /* Info ID */	len_pos2 = wpabuf_put(buf, 2); /* Length (to be filled) */	wpabuf_put_be24(buf, OUI_WFA);	wpabuf_put_u8(buf, P2P_OUI_TYPE);	wpabuf_put_le16(buf, update_indic); /* Service Update Indicator */	wpabuf_put_buf(buf, tlvs);	WPA_PUT_LE16(len_pos2, (u8 *) wpabuf_put(buf, 0) - len_pos2 - 2);	WPA_PUT_LE16(len_pos, (u8 *) wpabuf_put(buf, 0) - len_pos - 2);	return buf;}

/** * wps_build_assoc_req_ie - Build WPS IE for (Re)Association Request * @req_type: Value for Request Type attribute * Returns: WPS IE or %NULL on failure * * The caller is responsible for freeing the buffer. */struct wpabuf * wps_build_assoc_req_ie(enum wps_request_type req_type) {    struct wpabuf *ie;    u8 *len;    wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for (Re)Association "            "Request");    ie = wpabuf_alloc(100);    if (ie == NULL)        return NULL;    wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC);    len = wpabuf_put(ie, 1);    wpabuf_put_be32(ie, WPS_DEV_OUI_WFA);    if (wps_build_version(ie) ||            wps_build_req_type(ie, req_type)) {        wpabuf_free(ie);        return NULL;    }    *len = wpabuf_len(ie) - 2;    return ie;}

static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,						 struct wpa_ssid *ssid,						 const u8 *bssid){	struct wpabuf *buf;	size_t len;	if (ssid->passphrase == NULL) {		wpa_printf(MSG_DEBUG, "SAE: No password available");		return NULL;	}	if (sme_set_sae_group(wpa_s) < 0) {		wpa_printf(MSG_DEBUG, "SAE: Failed to select group");		return NULL;	}	if (sae_prepare_commit(wpa_s->own_addr, bssid,			       (u8 *) ssid->passphrase,			       os_strlen(ssid->passphrase),			       &wpa_s->sme.sae) < 0) {		wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");		return NULL;	}	len = wpa_s->sme.sae_token ? wpabuf_len(wpa_s->sme.sae_token) : 0;	buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + len);	if (buf == NULL)		return NULL;	wpabuf_put_le16(buf, 1); /* Transaction seq# */	wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);	sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token);	return buf;}

struct wpabuf * tls_connection_decrypt2(void *tls_ctx,					struct tls_connection *conn,					const struct wpabuf *in_data,					int *need_more_data){	if (need_more_data)		*need_more_data = 0;#ifdef CONFIG_TLS_INTERNAL_CLIENT	if (conn->client) {		return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),					    wpabuf_len(in_data),					    need_more_data);	}#endif /* CONFIG_TLS_INTERNAL_CLIENT */#ifdef CONFIG_TLS_INTERNAL_SERVER	if (conn->server) {		struct wpabuf *buf;		int res;		buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);		if (buf == NULL)			return NULL;		res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),					   wpabuf_len(in_data),					   wpabuf_mhead(buf),					   wpabuf_size(buf));		if (res < 0) {			wpabuf_free(buf);			return NULL;		}		wpabuf_put(buf, res);		return buf;	}#endif /* CONFIG_TLS_INTERNAL_SERVER */	return NULL;}

/* Given that we have received a header w/ GET, act upon it * * Format of GET (case-insensitive): * * First line must be: *      GET /<file> HTTP/1.1 * Since we don't do anything fancy we just ignore other lines. * * Our response (if no error) which includes only required lines is: * HTTP/1.1 200 OK * Connection: close * Content-Type: text/xml * Date: <rfc1123-date> * * Header lines must end with /r/n * Per RFC 2616, content-length: is not required but connection:close * would appear to be required (given that we will be closing it!). */static void web_connection_parse_get(struct upnp_wps_device_sm *sm,				     struct http_request *hreq, char *filename){	struct wpabuf *buf; /* output buffer, allocated */	char *put_length_here;	char *body_start;	enum {		GET_DEVICE_XML_FILE,		GET_SCPD_XML_FILE	} req;	size_t extra_len = 0;	int body_length;	char len_buf[10];	struct upnp_wps_device_interface *iface;	iface = dl_list_first(&sm->interfaces,			      struct upnp_wps_device_interface, list);	if (iface == NULL) {		http_request_deinit(hreq);		return;	}	/*	 * It is not required that filenames be case insensitive but it is	 * allowed and cannot hurt here.	 */	if (os_strcasecmp(filename, UPNP_WPS_DEVICE_XML_FILE) == 0) {		wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET for device XML");		req = GET_DEVICE_XML_FILE;		extra_len = 3000;		if (iface->wps->friendly_name)			extra_len += os_strlen(iface->wps->friendly_name);		if (iface->wps->manufacturer_url)			extra_len += os_strlen(iface->wps->manufacturer_url);		if (iface->wps->model_description)			extra_len += os_strlen(iface->wps->model_description);		if (iface->wps->model_url)			extra_len += os_strlen(iface->wps->model_url);		if (iface->wps->upc)			extra_len += os_strlen(iface->wps->upc);	} else if (!os_strcasecmp(filename, UPNP_WPS_SCPD_XML_FILE)) {		wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET for SCPD XML");		req = GET_SCPD_XML_FILE;		extra_len = os_strlen(wps_scpd_xml);	} else {		/* File not found */		wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET file not found: %s",			   filename);		buf = wpabuf_alloc(200);		if (buf == NULL) {			http_request_deinit(hreq);			return;		}		wpabuf_put_str(buf,			       "HTTP/1.1 404 Not Found/r/n"			       "Connection: close/r/n");		http_put_date(buf);		/* terminating empty line */		wpabuf_put_str(buf, "/r/n");		goto send_buf;	}	buf = wpabuf_alloc(1000 + extra_len);	if (buf == NULL) {		http_request_deinit(hreq);		return;	}	wpabuf_put_str(buf,		       "HTTP/1.1 200 OK/r/n"		       "Content-Type: text/xml; charset=/"utf-8/"/r/n");	wpabuf_put_str(buf, "Server: Unspecified, UPnP/1.0, Unspecified/r/n");	wpabuf_put_str(buf, "Connection: close/r/n");	wpabuf_put_str(buf, "Content-Length: ");	/*	 * We will paste the length in later, leaving some extra whitespace.	 * HTTP code is supposed to be tolerant of extra whitespace.	 */	put_length_here = wpabuf_put(buf, 0);//.........这里部分代码省略.........

static int hapd_wps_cred_cb(struct hostapd_data *hapd, void *ctx){	const struct wps_credential *cred = ctx;	FILE *oconf, *nconf;	size_t len, i;	char *tmp_fname;	char buf[1024];	int multi_bss;	int wpa;	if (hapd->wps == NULL)		return 0;	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",			cred->cred_attr, cred->cred_attr_len);	wpa_printf(MSG_DEBUG, "WPS: Received new AP Settings");	wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",		   cred->auth_type);	wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);	wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",			cred->key, cred->key_len);	wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,		   MAC2STR(cred->mac_addr));	if ((hapd->conf->wps_cred_processing == 1 ||	     hapd->conf->wps_cred_processing == 2) && cred->cred_attr) {		hapd_new_ap_event(hapd, cred->cred_attr, cred->cred_attr_len);	} else if (hapd->conf->wps_cred_processing == 1 ||		   hapd->conf->wps_cred_processing == 2) {		struct wpabuf *attr;		attr = wpabuf_alloc(200);		if (attr && wps_build_credential_wrap(attr, cred) == 0)			hapd_new_ap_event(hapd, wpabuf_head_u8(attr),					  wpabuf_len(attr));		wpabuf_free(attr);	} else		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_NEW_AP_SETTINGS);	if (hapd->conf->wps_cred_processing == 1)		return 0;	os_memcpy(hapd->wps->ssid, cred->ssid, cred->ssid_len);	hapd->wps->ssid_len = cred->ssid_len;	hapd->wps->encr_types = cred->encr_type;	hapd->wps->auth_types = cred->auth_type;	if (cred->key_len == 0) {		os_free(hapd->wps->network_key);		hapd->wps->network_key = NULL;		hapd->wps->network_key_len = 0;	} else {		if (hapd->wps->network_key == NULL ||		    hapd->wps->network_key_len < cred->key_len) {			hapd->wps->network_key_len = 0;			os_free(hapd->wps->network_key);			hapd->wps->network_key = os_malloc(cred->key_len);			if (hapd->wps->network_key == NULL)				return -1;		}		hapd->wps->network_key_len = cred->key_len;		os_memcpy(hapd->wps->network_key, cred->key, cred->key_len);	}	hapd->wps->wps_state = WPS_STATE_CONFIGURED;	if (hapd->iface->config_fname == NULL)		return 0;	len = os_strlen(hapd->iface->config_fname) + 5;	tmp_fname = os_malloc(len);	if (tmp_fname == NULL)		return -1;	os_snprintf(tmp_fname, len, "%s-new", hapd->iface->config_fname);	oconf = fopen(hapd->iface->config_fname, "r");	if (oconf == NULL) {		wpa_printf(MSG_WARNING, "WPS: Could not open current "			   "configuration file");		os_free(tmp_fname);		return -1;	}	nconf = fopen(tmp_fname, "w");	if (nconf == NULL) {		wpa_printf(MSG_WARNING, "WPS: Could not write updated "			   "configuration file");		os_free(tmp_fname);		fclose(oconf);		return -1;	}	fprintf(nconf, "# WPS configuration - START/n");	fprintf(nconf, "wps_state=2/n");	if (is_hex(cred->ssid, cred->ssid_len)) {		fprintf(nconf, "ssid2=");		for (i = 0; i < cred->ssid_len; i++)			fprintf(nconf, "%02x", cred->ssid[i]);		fprintf(nconf, "/n");//.........这里部分代码省略.........

static struct wpabuf *eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,		const struct wpabuf *reqData){	struct eap_pwd_data *data = priv;	struct wpabuf *resp = NULL;	const u8 *pos, *buf;	size_t len;	u16 tot_len = 0;	u8 lm_exch;	pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PWD, reqData, &len);	if ((pos == NULL) || (len < 1)) {		wpa_printf(MSG_DEBUG, "EAP-pwd: Got a frame but pos is %s and "			   "len is %d",			   pos == NULL ? "NULL" : "not NULL", (int) len);		ret->ignore = TRUE;		return NULL;	}	ret->ignore = FALSE;	ret->methodState = METHOD_MAY_CONT;	ret->decision = DECISION_FAIL;	ret->allowNotifications = FALSE;	lm_exch = *pos;	pos++;                  /* skip over the bits and the exch */	len--;	/*	 * we're fragmenting so send out the next fragment	 */	if (data->out_frag_pos) {		/*		 * this should be an ACK		 */		if (len)			wpa_printf(MSG_INFO, "Bad Response! Fragmenting but "				   "not an ACK");		wpa_printf(MSG_DEBUG, "EAP-pwd: Got an ACK for a fragment");		/*		 * check if there are going to be more fragments		 */		len = wpabuf_len(data->outbuf) - data->out_frag_pos;		if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {			len = data->mtu - EAP_PWD_HDR_SIZE;			EAP_PWD_SET_MORE_BIT(lm_exch);		}		resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD,				     EAP_PWD_HDR_SIZE + len,				     EAP_CODE_RESPONSE, eap_get_id(reqData));		if (resp == NULL) {			wpa_printf(MSG_INFO, "Unable to allocate memory for "				   "next fragment!");			return NULL;		}		wpabuf_put_u8(resp, lm_exch);		buf = wpabuf_head_u8(data->outbuf);		wpabuf_put_data(resp, buf + data->out_frag_pos, len);		data->out_frag_pos += len;		/*		 * this is the last fragment so get rid of the out buffer		 */		if (data->out_frag_pos >= wpabuf_len(data->outbuf)) {			wpabuf_free(data->outbuf);			data->outbuf = NULL;			data->out_frag_pos = 0;		}		wpa_printf(MSG_DEBUG, "EAP-pwd: Send %s fragment of %d bytes",			   data->out_frag_pos == 0 ? "last" : "next",			   (int) len);		return resp;	}	/*	 * see if this is a fragment that needs buffering	 *	 * if it's the first fragment there'll be a length field	 */	if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {		tot_len = WPA_GET_BE16(pos);		wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose "			   "total length = %d", tot_len);		data->inbuf = wpabuf_alloc(tot_len);		if (data->inbuf == NULL) {			wpa_printf(MSG_INFO, "Out of memory to buffer "				   "fragments!");			return NULL;		}		pos += sizeof(u16);		len -= sizeof(u16);	}	/*	 * buffer and ACK the fragment	 */	if (EAP_PWD_GET_MORE_BIT(lm_exch)) {		data->in_frag_pos += len;		if (data->in_frag_pos > wpabuf_size(data->inbuf)) {			wpa_printf(MSG_INFO, "EAP-pwd: Buffer overflow attack "//.........这里部分代码省略.........

//.........这里部分代码省略.........	}	wpa_printf(MSG_DEBUG, "EAP-pwd (peer): confirm verified");	/*	 * compute confirm:	 *  H(k | peer_element | peer_scalar | server_element | server_scalar |	 *    ciphersuite)	 */	hash = eap_pwd_h_init();	if (hash == NULL)		goto fin;	/* k */	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);	BN_bn2bin(data->k, cruft + offset);	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));	/* my element */	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,						 data->my_element, x, y,						 data->bnctx)) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): confirm point "			   "assignment fail");		goto fin;	}	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);	BN_bn2bin(x, cruft + offset);	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);	BN_bn2bin(y, cruft + offset);	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));	/* my scalar */	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));	offset = BN_num_bytes(data->grp->order) -		BN_num_bytes(data->my_scalar);	BN_bn2bin(data->my_scalar, cruft + offset);	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->order));	/* server element: x, y */	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,						 data->server_element, x, y,						 data->bnctx)) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): confirm point "			   "assignment fail");		goto fin;	}	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);	BN_bn2bin(x, cruft + offset);	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);	BN_bn2bin(y, cruft + offset);	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));	/* server scalar */	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));	offset = BN_num_bytes(data->grp->order) -		BN_num_bytes(data->server_scalar);	BN_bn2bin(data->server_scalar, cruft + offset);	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->order));	/* the ciphersuite */	eap_pwd_h_update(hash, (u8 *) &cs, sizeof(u32));	/* all done */	eap_pwd_h_final(hash, conf);	if (compute_keys(data->grp, data->bnctx, data->k,			 data->my_scalar, data->server_scalar, conf, ptr,			 &cs, data->msk, data->emsk) < 0) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to compute MSK | "			   "EMSK");		goto fin;	}	data->outbuf = wpabuf_alloc(SHA256_MAC_LEN);	if (data->outbuf == NULL)		goto fin;	wpabuf_put_data(data->outbuf, conf, SHA256_MAC_LEN);fin:	os_free(cruft);	BN_free(x);	BN_free(y);	ret->methodState = METHOD_DONE;	if (data->outbuf == NULL) {		ret->decision = DECISION_FAIL;		eap_pwd_state(data, FAILURE);	} else {		ret->decision = DECISION_UNCOND_SUCC;		eap_pwd_state(data, SUCCESS);	}}

//.........这里部分代码省略.........				   "is at infinity!/n");			goto fin;		}	}	/* compute the shared key, k */	if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe,			   data->server_scalar, data->bnctx)) ||	    (!EC_POINT_add(data->grp->group, K, K, data->server_element,			   data->bnctx)) ||	    (!EC_POINT_mul(data->grp->group, K, NULL, K, data->private_value,			   data->bnctx))) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): computing shared key "			   "fail");		goto fin;	}	/* ensure that the shared key isn't in a small sub-group */	if (BN_cmp(cofactor, BN_value_one())) {		if (!EC_POINT_mul(data->grp->group, K, NULL, K, cofactor,				  NULL)) {			wpa_printf(MSG_INFO, "EAP-PWD (peer): cannot multiply "				   "shared key point by order");			goto fin;		}	}	/*	 * This check is strictly speaking just for the case above where	 * co-factor > 1 but it was suggested that even though this is probably	 * never going to happen it is a simple and safe check "just to be	 * sure" so let's be safe.	 */	if (EC_POINT_is_at_infinity(data->grp->group, K)) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): shared key point is at "			   "infinity!/n");		goto fin;	}	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, K, data->k,						 NULL, data->bnctx)) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to extract "			   "shared secret from point");		goto fin;	}	/* now do the response */	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,						 data->my_element, x, y,						 data->bnctx)) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): point assignment fail");		goto fin;	}	if (((scalar = os_malloc(BN_num_bytes(data->grp->order))) == NULL) ||	    ((element = os_malloc(BN_num_bytes(data->grp->prime) * 2)) ==	     NULL)) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): data allocation fail");		goto fin;	}	/*	 * bignums occupy as little memory as possible so one that is	 * sufficiently smaller than the prime or order might need pre-pending	 * with zeros.	 */	os_memset(scalar, 0, BN_num_bytes(data->grp->order));	os_memset(element, 0, BN_num_bytes(data->grp->prime) * 2);	offset = BN_num_bytes(data->grp->order) -		BN_num_bytes(data->my_scalar);	BN_bn2bin(data->my_scalar, scalar + offset);	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);	BN_bn2bin(x, element + offset);	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);	BN_bn2bin(y, element + BN_num_bytes(data->grp->prime) + offset);	data->outbuf = wpabuf_alloc(BN_num_bytes(data->grp->order) +				    2 * BN_num_bytes(data->grp->prime));	if (data->outbuf == NULL)		goto fin;	/* we send the element as (x,y) follwed by the scalar */	wpabuf_put_data(data->outbuf, element,			2 * BN_num_bytes(data->grp->prime));	wpabuf_put_data(data->outbuf, scalar, BN_num_bytes(data->grp->order));fin:	os_free(scalar);	os_free(element);	BN_free(x);	BN_free(y);	BN_free(cofactor);	EC_POINT_free(K);	EC_POINT_free(point);	if (data->outbuf == NULL)		eap_pwd_state(data, FAILURE);	else		eap_pwd_state(data, PWD_Confirm_Req);}

static voideap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,			    struct eap_method_ret *ret,			    const struct wpabuf *reqData,			    const u8 *payload, size_t payload_len){	struct eap_pwd_id *id;	if (data->state != PWD_ID_Req) {		ret->ignore = TRUE;		eap_pwd_state(data, FAILURE);		return;	}	if (payload_len < sizeof(struct eap_pwd_id)) {		ret->ignore = TRUE;		eap_pwd_state(data, FAILURE);		return;	}	id = (struct eap_pwd_id *) payload;	data->group_num = be_to_host16(id->group_num);	if ((id->random_function != EAP_PWD_DEFAULT_RAND_FUNC) ||	    (id->prf != EAP_PWD_DEFAULT_PRF)) {		ret->ignore = TRUE;		eap_pwd_state(data, FAILURE);		return;	}	wpa_printf(MSG_DEBUG, "EAP-PWD (peer): using group %d",		   data->group_num);	data->id_server = os_malloc(payload_len - sizeof(struct eap_pwd_id));	if (data->id_server == NULL) {		wpa_printf(MSG_INFO, "EAP-PWD: memory allocation id fail");		eap_pwd_state(data, FAILURE);		return;	}	data->id_server_len = payload_len - sizeof(struct eap_pwd_id);	os_memcpy(data->id_server, id->identity, data->id_server_len);	wpa_hexdump_ascii(MSG_INFO, "EAP-PWD (peer): server sent id of",			  data->id_server, data->id_server_len);	if ((data->grp = (EAP_PWD_group *) os_malloc(sizeof(EAP_PWD_group))) ==	    NULL) {		wpa_printf(MSG_INFO, "EAP-PWD: failed to allocate memory for "			   "group");		eap_pwd_state(data, FAILURE);		return;	}	/* compute PWE */	if (compute_password_element(data->grp, data->group_num,				     data->password, data->password_len,				     data->id_server, data->id_server_len,				     data->id_peer, data->id_peer_len,				     id->token)) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to compute PWE");		eap_pwd_state(data, FAILURE);		return;	}	wpa_printf(MSG_DEBUG, "EAP-PWD (peer): computed %d bit PWE...",		   BN_num_bits(data->grp->prime));	data->outbuf = wpabuf_alloc(sizeof(struct eap_pwd_id) +				    data->id_peer_len);	if (data->outbuf == NULL) {		eap_pwd_state(data, FAILURE);		return;	}	wpabuf_put_be16(data->outbuf, data->group_num);	wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_RAND_FUNC);	wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_PRF);	wpabuf_put_data(data->outbuf, id->token, sizeof(id->token));	wpabuf_put_u8(data->outbuf, EAP_PWD_PREP_NONE);	wpabuf_put_data(data->outbuf, data->id_peer, data->id_peer_len);	eap_pwd_state(data, PWD_Commit_Req);}

/* event_send_tx_ready -- actually write event message * * Prequisite: subscription socket descriptor has become ready to * write (because connection to subscriber has been made). * * It is also possible that we are called because the connect has failed; * it is possible to test for this, or we can just go ahead and then * the write will fail. */static void event_send_tx_ready(int sock, void *eloop_ctx, void *sock_ctx){	struct wps_event_ *e = sock_ctx;	struct subscription *s = e->s;	struct wpabuf *buf;	char *b;	assert(e == s->current_event);	assert(e->sd == sock);	buf = wpabuf_alloc(1000 + wpabuf_len(e->data));	if (buf == NULL) {		event_retry(e, 0);		goto bad;	}	wpabuf_printf(buf, "NOTIFY %s HTTP/1.1/r/n", e->addr->path);	wpabuf_put_str(buf, "SERVER: Unspecified, UPnP/1.0, Unspecified/r/n");	wpabuf_printf(buf, "HOST: %s/r/n", e->addr->domain_and_port);	wpabuf_put_str(buf, "CONTENT-TYPE: text/xml; charset=/"utf-8/"/r/n"		       "NT: upnp:event/r/n"		       "NTS: upnp:propchange/r/n");	wpabuf_put_str(buf, "SID: uuid:");	b = wpabuf_put(buf, 0);	uuid_bin2str(s->uuid, b, 80);	wpabuf_put(buf, os_strlen(b));	wpabuf_put_str(buf, "/r/n");	wpabuf_printf(buf, "SEQ: %u/r/n", e->subscriber_sequence);	wpabuf_printf(buf, "CONTENT-LENGTH: %d/r/n",		      (int) wpabuf_len(e->data));	wpabuf_put_str(buf, "/r/n"); /* terminating empty line */	wpabuf_put_buf(buf, e->data);	/* Since the message size is pretty small, we should be	 * able to get the operating system to buffer what we give it	 * and not have to come back again later to write more...	 */#if 0	/* we could: Turn blocking back on? */	fcntl(e->sd, F_SETFL, 0);#endif	wpa_printf(MSG_DEBUG, "WPS UPnP: Sending event to %s",		   e->addr->domain_and_port);	if (send_wpabuf(e->sd, buf) < 0) {		event_retry(e, 1);		goto bad;	}	wpabuf_free(buf);	buf = NULL;	if (e->sd_registered) {		e->sd_registered = 0;		eloop_unregister_sock(e->sd, EVENT_TYPE_WRITE);	}	/* Set up to read the reply */	e->hread = httpread_create(e->sd, event_got_response_handler,				   e /* cookie */,				   0 /* no data expected */,				   EVENT_TIMEOUT_SEC);	if (e->hread == NULL) {		wpa_printf(MSG_ERROR, "WPS UPnP: httpread_create failed");		event_retry(e, 0);		goto bad;	}	return;bad:	/* Schedule sending more if there is more to send */	if (s->event_queue)		event_send_all_later(s->sm);	wpabuf_free(buf);}

static struct wpabuf * p2p_build_prov_disc_resp(struct p2p_data *p2p,						struct p2p_device *dev,						u8 dialog_token,						enum p2p_status_code status,						u16 config_methods,						u32 adv_id,						const u8 *group_id,						size_t group_id_len,						const u8 *persist_ssid,						size_t persist_ssid_len,						const u8 *fcap,						u16 fcap_len){	struct wpabuf *buf;	size_t extra = 0;	int persist = 0;#ifdef CONFIG_WIFI_DISPLAY	struct wpabuf *wfd_ie = p2p->wfd_ie_prov_disc_resp;	if (wfd_ie && group_id) {		size_t i;		for (i = 0; i < p2p->num_groups; i++) {			struct p2p_group *g = p2p->groups[i];			struct wpabuf *ie;			if (!p2p_group_is_group_id_match(g, group_id,							 group_id_len))				continue;			ie = p2p_group_get_wfd_ie(g);			if (ie) {				wfd_ie = ie;				break;			}		}	}	if (wfd_ie)		extra = wpabuf_len(wfd_ie);#endif /* CONFIG_WIFI_DISPLAY */	if (p2p->vendor_elem && p2p->vendor_elem[VENDOR_ELEM_P2P_PD_RESP])		extra += wpabuf_len(p2p->vendor_elem[VENDOR_ELEM_P2P_PD_RESP]);	buf = wpabuf_alloc(1000 + extra);	if (buf == NULL)		return NULL;	p2p_buf_add_public_action_hdr(buf, P2P_PROV_DISC_RESP, dialog_token);	/* Add P2P IE for P2PS */	if (p2p->p2ps_prov && p2p->p2ps_prov->adv_id == adv_id) {		u8 *len = p2p_buf_add_ie_hdr(buf);		struct p2ps_provision *prov = p2p->p2ps_prov;		u8 group_capab;		u8 conncap = 0;		if (status == P2P_SC_SUCCESS ||		    status == P2P_SC_SUCCESS_DEFERRED)			conncap = prov->conncap;		if (!status && prov->status != -1)			status = prov->status;		p2p_buf_add_status(buf, status);		group_capab = P2P_GROUP_CAPAB_PERSISTENT_GROUP |			P2P_GROUP_CAPAB_PERSISTENT_RECONN;		if (p2p->cross_connect)			group_capab |= P2P_GROUP_CAPAB_CROSS_CONN;		if (p2p->cfg->p2p_intra_bss)			group_capab |= P2P_GROUP_CAPAB_INTRA_BSS_DIST;		p2p_buf_add_capability(buf, p2p->dev_capab &				       ~P2P_DEV_CAPAB_CLIENT_DISCOVERABILITY,				       group_capab);		p2p_buf_add_device_info(buf, p2p, NULL);		if (persist_ssid && p2p->cfg->get_persistent_group && dev &&		    (status == P2P_SC_SUCCESS ||		     status == P2P_SC_SUCCESS_DEFERRED)) {			u8 ssid[SSID_MAX_LEN];			size_t ssid_len;			u8 go_dev_addr[ETH_ALEN];			u8 intended_addr[ETH_ALEN];			persist = p2p->cfg->get_persistent_group(				p2p->cfg->cb_ctx,				dev->info.p2p_device_addr,				persist_ssid, persist_ssid_len, go_dev_addr,				ssid, &ssid_len, intended_addr);			if (persist) {				p2p_buf_add_persistent_group_info(					buf, go_dev_addr, ssid, ssid_len);				if (!is_zero_ether_addr(intended_addr))					p2p_buf_add_intended_addr(						buf, intended_addr);			}		}		if (!persist && (conncap & P2PS_SETUP_GROUP_OWNER))			p2ps_add_new_group_info(p2p, dev, buf);		/* Add Operating Channel if conncap indicates GO */		if (persist || (conncap & P2PS_SETUP_GROUP_OWNER)) {//.........这里部分代码省略.........

//.........这里部分代码省略.........#ifdef CONFIG_IEEE80211W	wpa_s->sme.mfp = ssid->ieee80211w;	if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {		const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);		struct wpa_ie_data _ie;		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 &&		    _ie.capabilities &		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected AP supports "				"MFP: require MFP");			wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED;		}	}#endif /* CONFIG_IEEE80211W */#ifdef CONFIG_P2P	if (wpa_s->global->p2p) {		u8 *pos;		size_t len;		int res;		pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;		len = sizeof(wpa_s->sme.assoc_req_ie) -			wpa_s->sme.assoc_req_ie_len;		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,					    ssid->p2p_group);		if (res >= 0)			wpa_s->sme.assoc_req_ie_len += res;	}#endif /* CONFIG_P2P */#ifdef CONFIG_HS20	if (wpa_s->conf->hs20) {		struct wpabuf *hs20;		hs20 = wpabuf_alloc(20);		if (hs20) {			wpas_hs20_add_indication(hs20);			os_memcpy(wpa_s->sme.assoc_req_ie +				  wpa_s->sme.assoc_req_ie_len,				  wpabuf_head(hs20), wpabuf_len(hs20));			wpa_s->sme.assoc_req_ie_len += wpabuf_len(hs20);			wpabuf_free(hs20);		}	}#endif /* CONFIG_HS20 */#ifdef CONFIG_INTERWORKING	if (wpa_s->conf->interworking) {		u8 *pos = wpa_s->sme.assoc_req_ie;		if (wpa_s->sme.assoc_req_ie_len > 0 && pos[0] == WLAN_EID_RSN)			pos += 2 + pos[1];		os_memmove(pos + 6, pos,			   wpa_s->sme.assoc_req_ie_len -			   (pos - wpa_s->sme.assoc_req_ie));		wpa_s->sme.assoc_req_ie_len += 6;		*pos++ = WLAN_EID_EXT_CAPAB;		*pos++ = 4;		*pos++ = 0x00;		*pos++ = 0x00;		*pos++ = 0x00;		*pos++ = 0x80; /* Bit 31 - Interworking */	}#endif /* CONFIG_INTERWORKING */	wpa_supplicant_cancel_sched_scan(wpa_s);	wpa_supplicant_cancel_scan(wpa_s);

static void web_connection_send_reply(struct http_request *req,				      enum http_reply_code ret,				      const char *action, int action_len,				      const struct wpabuf *reply,				      const char *replyname){	struct wpabuf *buf;	char *replydata;	char *put_length_here = NULL;	char *body_start = NULL;	if (reply) {		size_t len;		replydata = (char *) base64_encode(wpabuf_head(reply),						   wpabuf_len(reply), &len);	} else		replydata = NULL;	/* Parameters of the response:	 *      action(action_len) -- action we are responding to	 *      replyname -- a name we need for the reply	 *      replydata -- NULL or null-terminated string	 */	buf = wpabuf_alloc(1000 + (replydata ? os_strlen(replydata) : 0U) +			   (action_len > 0 ? action_len * 2 : 0));	if (buf == NULL) {		wpa_printf(MSG_INFO, "WPS UPnP: Cannot allocate reply to "			   "POST");		os_free(replydata);		http_request_deinit(req);		return;	}	/*	 * Assuming we will be successful, put in the output header first.	 * Note: we do not keep connections alive (and httpread does	 * not support it)... therefore we must have Connection: close.	 */	if (ret == HTTP_OK) {		wpabuf_put_str(buf,			       "HTTP/1.1 200 OK/r/n"			       "Content-Type: text/xml; "			       "charset=/"utf-8/"/r/n");	} else {		wpabuf_printf(buf, "HTTP/1.1 %d Error/r/n", ret);	}	wpabuf_put_str(buf, http_connection_close);	wpabuf_put_str(buf, "Content-Length: ");	/*	 * We will paste the length in later, leaving some extra whitespace.	 * HTTP code is supposed to be tolerant of extra whitespace.	 */	put_length_here = wpabuf_put(buf, 0);	wpabuf_put_str(buf, "        /r/n");	http_put_date(buf);	/* terminating empty line */	wpabuf_put_str(buf, "/r/n");	body_start = wpabuf_put(buf, 0);	if (ret == HTTP_OK) {		wpabuf_put_str(buf, soap_prefix);		wpabuf_put_str(buf, "<u:");		wpabuf_put_data(buf, action, action_len);		wpabuf_put_str(buf, "Response xmlns:u=/"");		wpabuf_put_str(buf, urn_wfawlanconfig);		wpabuf_put_str(buf, "/">/n");		if (replydata && replyname) {			/* TODO: might possibly need to escape part of reply			 * data? ...			 * probably not, unlikely to have ampersand(&) or left			 * angle bracket (<) in it...			 */			wpabuf_printf(buf, "<%s>", replyname);			wpabuf_put_str(buf, replydata);			wpabuf_printf(buf, "</%s>/n", replyname);		}		wpabuf_put_str(buf, "</u:");		wpabuf_put_data(buf, action, action_len);		wpabuf_put_str(buf, "Response>/n");		wpabuf_put_str(buf, soap_postfix);	} else {		/* Error case */		wpabuf_put_str(buf, soap_prefix);		wpabuf_put_str(buf, soap_error_prefix);		wpabuf_printf(buf, "<errorCode>%d</errorCode>/n", ret);		wpabuf_put_str(buf, soap_error_postfix);		wpabuf_put_str(buf, soap_postfix);	}	os_free(replydata);	/* Now patch in the content length at the end */	if (body_start && put_length_here) {		int body_length = (char *) wpabuf_put(buf, 0) - body_start;		char len_buf[10];		os_snprintf(len_buf, sizeof(len_buf), "%d", body_length);		os_memcpy(put_length_here, len_buf, os_strlen(len_buf));//.........这里部分代码省略.........

/* Given that we have received a header w/ SUBSCRIBE, act upon it * * Format of SUBSCRIBE (case-insensitive): * * First line must be: *      SUBSCRIBE /wps_event HTTP/1.1 * * Our response (if no error) which includes only required lines is: * HTTP/1.1 200 OK * Server: xx, UPnP/1.0, xx * SID: uuid:xxxxxxxxx * Timeout: Second-<n> * Content-Length: 0 * Date: xxxx * * Header lines must end with /r/n * Per RFC 2616, content-length: is not required but connection:close * would appear to be required (given that we will be closing it!). */static void web_connection_parse_subscribe(struct upnp_wps_device_sm *sm,					   struct http_request *req,					   const char *filename){	struct wpabuf *buf;	char *b;	char *hdr = http_request_get_hdr(req);	char *h;	char *match;	int match_len;	char *end;	int len;	int got_nt = 0;	u8 uuid[UUID_LEN];	int got_uuid = 0;	char *callback_urls = NULL;	struct subscription *s = NULL;	enum http_reply_code ret = HTTP_INTERNAL_SERVER_ERROR;	buf = wpabuf_alloc(1000);	if (buf == NULL) {		http_request_deinit(req);		return;	}	wpa_hexdump_ascii(MSG_DEBUG, "WPS UPnP: HTTP SUBSCRIBE",			  (u8 *) hdr, os_strlen(hdr));	/* Parse/validate headers */	h = hdr;	/* First line: SUBSCRIBE /wps_event HTTP/1.1	 * has already been parsed.	 */	if (os_strcasecmp(filename, UPNP_WPS_DEVICE_EVENT_FILE) != 0) {		ret = HTTP_PRECONDITION_FAILED;		goto error;	}	wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP SUBSCRIBE for event");	end = os_strchr(h, '/n');	while (end) {		/* Option line by option line */		h = end + 1;		end = os_strchr(h, '/n');		if (end == NULL)			break; /* no unterminated lines allowed */		/* NT assures that it is our type of subscription;		 * not used for a renewal.		 **/		match = "NT:";		match_len = os_strlen(match);		if (os_strncasecmp(h, match, match_len) == 0) {			h += match_len;			while (*h == ' ' || *h == '/t')				h++;			match = "upnp:event";			match_len = os_strlen(match);			if (os_strncasecmp(h, match, match_len) != 0) {				ret = HTTP_BAD_REQUEST;				goto error;			}			got_nt = 1;			continue;		}		/* HOST should refer to us */#if 0		match = "HOST:";		match_len = os_strlen(match);		if (os_strncasecmp(h, match, match_len) == 0) {			h += match_len;			while (*h == ' ' || *h == '/t')				h++;			.....		}#endif		/* CALLBACK gives one or more URLs for NOTIFYs		 * to be sent as a result of the subscription.		 * Each URL is enclosed in angle brackets.		 */		match = "CALLBACK:";//.........这里部分代码省略.........

static struct wpabuf * ikev2_build_sa_init(struct ikev2_responder_data *data){	struct wpabuf *msg;	/* build IKE_SA_INIT: HDR, SAr1, KEr, Nr, [CERTREQ], [SK{IDr}] */	if (os_get_random(data->r_spi, IKEV2_SPI_LEN))		return NULL;	wpa_hexdump(MSG_DEBUG, "IKEV2: IKE_SA Responder's SPI",		    data->r_spi, IKEV2_SPI_LEN);	data->r_nonce_len = IKEV2_NONCE_MIN_LEN;	if (random_get_bytes(data->r_nonce, data->r_nonce_len))		return NULL;#ifdef CCNS_PL	/* Zeros are removed incorrectly from the beginning of the nonces in	 * key derivation; as a workaround, make sure Nr does not start with	 * zero.. */	if (data->r_nonce[0] == 0)		data->r_nonce[0] = 1;#endif /* CCNS_PL */	wpa_hexdump(MSG_DEBUG, "IKEV2: Nr", data->r_nonce, data->r_nonce_len);	msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1500);	if (msg == NULL)		return NULL;	ikev2_build_hdr(data, msg, IKE_SA_INIT, IKEV2_PAYLOAD_SA, 0);	if (ikev2_build_sar1(data, msg, IKEV2_PAYLOAD_KEY_EXCHANGE) ||	    ikev2_build_ker(data, msg, IKEV2_PAYLOAD_NONCE) ||	    ikev2_build_nr(data, msg, data->peer_auth == PEER_AUTH_SECRET ?			   IKEV2_PAYLOAD_ENCRYPTED :			   IKEV2_PAYLOAD_NO_NEXT_PAYLOAD)) {		wpabuf_free(msg);		return NULL;	}	if (ikev2_derive_keys(data)) {		wpabuf_free(msg);		return NULL;	}	if (data->peer_auth == PEER_AUTH_CERT) {		/* TODO: CERTREQ with SHA-1 hashes of Subject Public Key Info		 * for trust agents */	}	if (data->peer_auth == PEER_AUTH_SECRET) {		struct wpabuf *plain = wpabuf_alloc(data->IDr_len + 1000);		if (plain == NULL) {			wpabuf_free(msg);			return NULL;		}		if (ikev2_build_idr(data, plain,				    IKEV2_PAYLOAD_NO_NEXT_PAYLOAD) ||		    ikev2_build_encrypted(data->proposal.encr,					  data->proposal.integ,					  &data->keys, 0, msg, plain,					  IKEV2_PAYLOAD_IDr)) {			wpabuf_free(plain);			wpabuf_free(msg);			return NULL;		}		wpabuf_free(plain);	}	ikev2_update_hdr(msg);	wpa_hexdump_buf(MSG_MSGDUMP, "IKEV2: Sending message (SA_INIT)", msg);	data->state = SA_AUTH;	wpabuf_free(data->r_sign_msg);	data->r_sign_msg = wpabuf_dup(msg);	return msg;}

static struct wpabuf * p2p_build_prov_disc_req(struct p2p_data *p2p,					       struct p2p_device *dev,					       int join){	struct wpabuf *buf;	u8 *len;	size_t extra = 0;	u8 dialog_token = dev->dialog_token;	u16 config_methods = dev->req_config_methods;	struct p2p_device *go = join ? dev : NULL;	u8 group_capab;#ifdef CONFIG_WIFI_DISPLAY	if (p2p->wfd_ie_prov_disc_req)		extra = wpabuf_len(p2p->wfd_ie_prov_disc_req);#endif /* CONFIG_WIFI_DISPLAY */	if (p2p->vendor_elem && p2p->vendor_elem[VENDOR_ELEM_P2P_PD_REQ])		extra += wpabuf_len(p2p->vendor_elem[VENDOR_ELEM_P2P_PD_REQ]);	if (p2p->p2ps_prov)		extra += os_strlen(p2p->p2ps_prov->info) + 1 +			sizeof(struct p2ps_provision);	buf = wpabuf_alloc(1000 + extra);	if (buf == NULL)		return NULL;	p2p_buf_add_public_action_hdr(buf, P2P_PROV_DISC_REQ, dialog_token);	len = p2p_buf_add_ie_hdr(buf);	group_capab = 0;	if (p2p->p2ps_prov) {		group_capab |= P2P_GROUP_CAPAB_PERSISTENT_GROUP;		group_capab |= P2P_GROUP_CAPAB_PERSISTENT_RECONN;		if (p2p->cross_connect)			group_capab |= P2P_GROUP_CAPAB_CROSS_CONN;		if (p2p->cfg->p2p_intra_bss)			group_capab |= P2P_GROUP_CAPAB_INTRA_BSS_DIST;	}	p2p_buf_add_capability(buf, p2p->dev_capab &			       ~P2P_DEV_CAPAB_CLIENT_DISCOVERABILITY,			       group_capab);	p2p_buf_add_device_info(buf, p2p, NULL);	if (p2p->p2ps_prov) {		p2ps_add_pd_req_attrs(p2p, dev, buf, config_methods);	} else if (go) {		p2p_buf_add_group_id(buf, go->info.p2p_device_addr,				     go->oper_ssid, go->oper_ssid_len);	}	p2p_buf_update_ie_hdr(buf, len);	/* WPS IE with Config Methods attribute */	p2p_build_wps_ie_config_methods(buf, config_methods);#ifdef CONFIG_WIFI_DISPLAY	if (p2p->wfd_ie_prov_disc_req)		wpabuf_put_buf(buf, p2p->wfd_ie_prov_disc_req);#endif /* CONFIG_WIFI_DISPLAY */	if (p2p->vendor_elem && p2p->vendor_elem[VENDOR_ELEM_P2P_PD_REQ])		wpabuf_put_buf(buf, p2p->vendor_elem[VENDOR_ELEM_P2P_PD_REQ]);	return buf;}

static int ikev2_process_kei(struct ikev2_responder_data *data,			     const u8 *kei, size_t kei_len){	u16 group;	/*	 * Key Exchange Payload:	 * DH Group # (16 bits)	 * RESERVED (16 bits)	 * Key Exchange Data (Diffie-Hellman public value)	 */	if (kei == NULL) {		wpa_printf(MSG_INFO, "IKEV2: KEi not received");		return -1;	}	if (kei_len < 4 + 96) {		wpa_printf(MSG_INFO, "IKEV2: Too show Key Exchange Payload");		return -1;	}	group = WPA_GET_BE16(kei);	wpa_printf(MSG_DEBUG, "IKEV2: KEi DH Group #%u", group);	if (group != data->proposal.dh) {		wpa_printf(MSG_DEBUG, "IKEV2: KEi DH Group #%u does not match "			   "with the selected proposal (%u)",			   group, data->proposal.dh);		/* Reject message with Notify payload of type		 * INVALID_KE_PAYLOAD (RFC 4306, Sect. 3.4) */		data->error_type = INVALID_KE_PAYLOAD;		data->state = NOTIFY;		return -1;	}	if (data->dh == NULL) {		wpa_printf(MSG_INFO, "IKEV2: Unsupported DH group");		return -1;	}	/* RFC 4306, Section 3.4:	 * The length of DH public value MUST be equal to the length of the	 * prime modulus.	 */	if (kei_len - 4 != data->dh->prime_len) {		wpa_printf(MSG_INFO, "IKEV2: Invalid DH public value length "			   "%ld (expected %ld)",			   (long) (kei_len - 4), (long) data->dh->prime_len);		return -1;	}	wpabuf_free(data->i_dh_public);	data->i_dh_public = wpabuf_alloc(kei_len - 4);	if (data->i_dh_public == NULL)		return -1;	wpabuf_put_data(data->i_dh_public, kei + 4, kei_len - 4);	wpa_hexdump_buf(MSG_DEBUG, "IKEV2: KEi Diffie-Hellman Public Value",			data->i_dh_public);		return 0;}

//.........这里部分代码省略.........#ifdef CONFIG_IEEE80211W	wpa_s->sme.mfp = wpas_get_ssid_pmf(wpa_s, ssid);	if (wpa_s->sme.mfp != NO_MGMT_FRAME_PROTECTION) {		const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);		struct wpa_ie_data _ie;		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 &&		    _ie.capabilities &		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected AP supports "				"MFP: require MFP");			wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED;		}	}#endif /* CONFIG_IEEE80211W */#ifdef CONFIG_P2P	if (wpa_s->global->p2p) {		u8 *pos;		size_t len;		int res;		pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;		len = sizeof(wpa_s->sme.assoc_req_ie) -			wpa_s->sme.assoc_req_ie_len;		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,					    ssid->p2p_group);		if (res >= 0)			wpa_s->sme.assoc_req_ie_len += res;	}#endif /* CONFIG_P2P */#ifdef CONFIG_HS20	if (is_hs20_network(wpa_s, ssid, bss)) {		struct wpabuf *hs20;		hs20 = wpabuf_alloc(20);		if (hs20) {			int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);			size_t len;			wpas_hs20_add_indication(hs20, pps_mo_id);			len = sizeof(wpa_s->sme.assoc_req_ie) -				wpa_s->sme.assoc_req_ie_len;			if (wpabuf_len(hs20) <= len) {				os_memcpy(wpa_s->sme.assoc_req_ie +					  wpa_s->sme.assoc_req_ie_len,					  wpabuf_head(hs20), wpabuf_len(hs20));				wpa_s->sme.assoc_req_ie_len += wpabuf_len(hs20);			}			wpabuf_free(hs20);		}	}#endif /* CONFIG_HS20 */	ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,					     sizeof(ext_capab));	if (ext_capab_len > 0) {		u8 *pos = wpa_s->sme.assoc_req_ie;		if (wpa_s->sme.assoc_req_ie_len > 0 && pos[0] == WLAN_EID_RSN)			pos += 2 + pos[1];		os_memmove(pos + ext_capab_len, pos,			   wpa_s->sme.assoc_req_ie_len -			   (pos - wpa_s->sme.assoc_req_ie));		wpa_s->sme.assoc_req_ie_len += ext_capab_len;		os_memcpy(pos, ext_capab, ext_capab_len);	}	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {