xref: /freebsd/contrib/wpa/hostapd/config_file.c (revision 39ee7a7a6bdd1557b1c3532abf60d139798ac88b)
1 /*
2  * hostapd / Configuration file parser
3  * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 #ifndef CONFIG_NATIVE_WINDOWS
11 #include <grp.h>
12 #endif /* CONFIG_NATIVE_WINDOWS */
13 
14 #include "utils/common.h"
15 #include "utils/uuid.h"
16 #include "common/ieee802_11_defs.h"
17 #include "drivers/driver.h"
18 #include "eap_server/eap.h"
19 #include "radius/radius_client.h"
20 #include "ap/wpa_auth.h"
21 #include "ap/ap_config.h"
22 #include "config_file.h"
23 
24 
25 #ifndef CONFIG_NO_RADIUS
26 #ifdef EAP_SERVER
27 static struct hostapd_radius_attr *
28 hostapd_parse_radius_attr(const char *value);
29 #endif /* EAP_SERVER */
30 #endif /* CONFIG_NO_RADIUS */
31 
32 
33 #ifndef CONFIG_NO_VLAN
34 static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss,
35 					 const char *fname)
36 {
37 	FILE *f;
38 	char buf[128], *pos, *pos2;
39 	int line = 0, vlan_id;
40 	struct hostapd_vlan *vlan;
41 
42 	f = fopen(fname, "r");
43 	if (!f) {
44 		wpa_printf(MSG_ERROR, "VLAN file '%s' not readable.", fname);
45 		return -1;
46 	}
47 
48 	while (fgets(buf, sizeof(buf), f)) {
49 		line++;
50 
51 		if (buf[0] == '#')
52 			continue;
53 		pos = buf;
54 		while (*pos != '\0') {
55 			if (*pos == '\n') {
56 				*pos = '\0';
57 				break;
58 			}
59 			pos++;
60 		}
61 		if (buf[0] == '\0')
62 			continue;
63 
64 		if (buf[0] == '*') {
65 			vlan_id = VLAN_ID_WILDCARD;
66 			pos = buf + 1;
67 		} else {
68 			vlan_id = strtol(buf, &pos, 10);
69 			if (buf == pos || vlan_id < 1 ||
70 			    vlan_id > MAX_VLAN_ID) {
71 				wpa_printf(MSG_ERROR, "Invalid VLAN ID at "
72 					   "line %d in '%s'", line, fname);
73 				fclose(f);
74 				return -1;
75 			}
76 		}
77 
78 		while (*pos == ' ' || *pos == '\t')
79 			pos++;
80 		pos2 = pos;
81 		while (*pos2 != ' ' && *pos2 != '\t' && *pos2 != '\0')
82 			pos2++;
83 		*pos2 = '\0';
84 		if (*pos == '\0' || os_strlen(pos) > IFNAMSIZ) {
85 			wpa_printf(MSG_ERROR, "Invalid VLAN ifname at line %d "
86 				   "in '%s'", line, fname);
87 			fclose(f);
88 			return -1;
89 		}
90 
91 		vlan = os_zalloc(sizeof(*vlan));
92 		if (vlan == NULL) {
93 			wpa_printf(MSG_ERROR, "Out of memory while reading "
94 				   "VLAN interfaces from '%s'", fname);
95 			fclose(f);
96 			return -1;
97 		}
98 
99 		vlan->vlan_id = vlan_id;
100 		os_strlcpy(vlan->ifname, pos, sizeof(vlan->ifname));
101 		vlan->next = bss->vlan;
102 		bss->vlan = vlan;
103 	}
104 
105 	fclose(f);
106 
107 	return 0;
108 }
109 #endif /* CONFIG_NO_VLAN */
110 
111 
112 static int hostapd_acl_comp(const void *a, const void *b)
113 {
114 	const struct mac_acl_entry *aa = a;
115 	const struct mac_acl_entry *bb = b;
116 	return os_memcmp(aa->addr, bb->addr, sizeof(macaddr));
117 }
118 
119 
120 static int hostapd_config_read_maclist(const char *fname,
121 				       struct mac_acl_entry **acl, int *num)
122 {
123 	FILE *f;
124 	char buf[128], *pos;
125 	int line = 0;
126 	u8 addr[ETH_ALEN];
127 	struct mac_acl_entry *newacl;
128 	int vlan_id;
129 
130 	if (!fname)
131 		return 0;
132 
133 	f = fopen(fname, "r");
134 	if (!f) {
135 		wpa_printf(MSG_ERROR, "MAC list file '%s' not found.", fname);
136 		return -1;
137 	}
138 
139 	while (fgets(buf, sizeof(buf), f)) {
140 		int i, rem = 0;
141 
142 		line++;
143 
144 		if (buf[0] == '#')
145 			continue;
146 		pos = buf;
147 		while (*pos != '\0') {
148 			if (*pos == '\n') {
149 				*pos = '\0';
150 				break;
151 			}
152 			pos++;
153 		}
154 		if (buf[0] == '\0')
155 			continue;
156 		pos = buf;
157 		if (buf[0] == '-') {
158 			rem = 1;
159 			pos++;
160 		}
161 
162 		if (hwaddr_aton(pos, addr)) {
163 			wpa_printf(MSG_ERROR, "Invalid MAC address '%s' at "
164 				   "line %d in '%s'", pos, line, fname);
165 			fclose(f);
166 			return -1;
167 		}
168 
169 		if (rem) {
170 			i = 0;
171 			while (i < *num) {
172 				if (os_memcmp((*acl)[i].addr, addr, ETH_ALEN) ==
173 				    0) {
174 					os_remove_in_array(*acl, *num,
175 							   sizeof(**acl), i);
176 					(*num)--;
177 				} else
178 					i++;
179 			}
180 			continue;
181 		}
182 		vlan_id = 0;
183 		pos = buf;
184 		while (*pos != '\0' && *pos != ' ' && *pos != '\t')
185 			pos++;
186 		while (*pos == ' ' || *pos == '\t')
187 			pos++;
188 		if (*pos != '\0')
189 			vlan_id = atoi(pos);
190 
191 		newacl = os_realloc_array(*acl, *num + 1, sizeof(**acl));
192 		if (newacl == NULL) {
193 			wpa_printf(MSG_ERROR, "MAC list reallocation failed");
194 			fclose(f);
195 			return -1;
196 		}
197 
198 		*acl = newacl;
199 		os_memcpy((*acl)[*num].addr, addr, ETH_ALEN);
200 		(*acl)[*num].vlan_id = vlan_id;
201 		(*num)++;
202 	}
203 
204 	fclose(f);
205 
206 	qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp);
207 
208 	return 0;
209 }
210 
211 
212 #ifdef EAP_SERVER
213 static int hostapd_config_read_eap_user(const char *fname,
214 					struct hostapd_bss_config *conf)
215 {
216 	FILE *f;
217 	char buf[512], *pos, *start, *pos2;
218 	int line = 0, ret = 0, num_methods;
219 	struct hostapd_eap_user *user = NULL, *tail = NULL, *new_user = NULL;
220 
221 	if (!fname)
222 		return 0;
223 
224 	if (os_strncmp(fname, "sqlite:", 7) == 0) {
225 #ifdef CONFIG_SQLITE
226 		os_free(conf->eap_user_sqlite);
227 		conf->eap_user_sqlite = os_strdup(fname + 7);
228 		return 0;
229 #else /* CONFIG_SQLITE */
230 		wpa_printf(MSG_ERROR,
231 			   "EAP user file in SQLite DB, but CONFIG_SQLITE was not enabled in the build.");
232 		return -1;
233 #endif /* CONFIG_SQLITE */
234 	}
235 
236 	f = fopen(fname, "r");
237 	if (!f) {
238 		wpa_printf(MSG_ERROR, "EAP user file '%s' not found.", fname);
239 		return -1;
240 	}
241 
242 	/* Lines: "user" METHOD,METHOD2 "password" (password optional) */
243 	while (fgets(buf, sizeof(buf), f)) {
244 		line++;
245 
246 		if (buf[0] == '#')
247 			continue;
248 		pos = buf;
249 		while (*pos != '\0') {
250 			if (*pos == '\n') {
251 				*pos = '\0';
252 				break;
253 			}
254 			pos++;
255 		}
256 		if (buf[0] == '\0')
257 			continue;
258 
259 #ifndef CONFIG_NO_RADIUS
260 		if (user && os_strncmp(buf, "radius_accept_attr=", 19) == 0) {
261 			struct hostapd_radius_attr *attr, *a;
262 			attr = hostapd_parse_radius_attr(buf + 19);
263 			if (attr == NULL) {
264 				wpa_printf(MSG_ERROR, "Invalid radius_auth_req_attr: %s",
265 					   buf + 19);
266 				user = NULL; /* already in the BSS list */
267 				goto failed;
268 			}
269 			if (user->accept_attr == NULL) {
270 				user->accept_attr = attr;
271 			} else {
272 				a = user->accept_attr;
273 				while (a->next)
274 					a = a->next;
275 				a->next = attr;
276 			}
277 			continue;
278 		}
279 #endif /* CONFIG_NO_RADIUS */
280 
281 		user = NULL;
282 
283 		if (buf[0] != '"' && buf[0] != '*') {
284 			wpa_printf(MSG_ERROR, "Invalid EAP identity (no \" in "
285 				   "start) on line %d in '%s'", line, fname);
286 			goto failed;
287 		}
288 
289 		user = os_zalloc(sizeof(*user));
290 		if (user == NULL) {
291 			wpa_printf(MSG_ERROR, "EAP user allocation failed");
292 			goto failed;
293 		}
294 		user->force_version = -1;
295 
296 		if (buf[0] == '*') {
297 			pos = buf;
298 		} else {
299 			pos = buf + 1;
300 			start = pos;
301 			while (*pos != '"' && *pos != '\0')
302 				pos++;
303 			if (*pos == '\0') {
304 				wpa_printf(MSG_ERROR, "Invalid EAP identity "
305 					   "(no \" in end) on line %d in '%s'",
306 					   line, fname);
307 				goto failed;
308 			}
309 
310 			user->identity = os_malloc(pos - start);
311 			if (user->identity == NULL) {
312 				wpa_printf(MSG_ERROR, "Failed to allocate "
313 					   "memory for EAP identity");
314 				goto failed;
315 			}
316 			os_memcpy(user->identity, start, pos - start);
317 			user->identity_len = pos - start;
318 
319 			if (pos[0] == '"' && pos[1] == '*') {
320 				user->wildcard_prefix = 1;
321 				pos++;
322 			}
323 		}
324 		pos++;
325 		while (*pos == ' ' || *pos == '\t')
326 			pos++;
327 
328 		if (*pos == '\0') {
329 			wpa_printf(MSG_ERROR, "No EAP method on line %d in "
330 				   "'%s'", line, fname);
331 			goto failed;
332 		}
333 
334 		start = pos;
335 		while (*pos != ' ' && *pos != '\t' && *pos != '\0')
336 			pos++;
337 		if (*pos == '\0') {
338 			pos = NULL;
339 		} else {
340 			*pos = '\0';
341 			pos++;
342 		}
343 		num_methods = 0;
344 		while (*start) {
345 			char *pos3 = os_strchr(start, ',');
346 			if (pos3) {
347 				*pos3++ = '\0';
348 			}
349 			user->methods[num_methods].method =
350 				eap_server_get_type(
351 					start,
352 					&user->methods[num_methods].vendor);
353 			if (user->methods[num_methods].vendor ==
354 			    EAP_VENDOR_IETF &&
355 			    user->methods[num_methods].method == EAP_TYPE_NONE)
356 			{
357 				if (os_strcmp(start, "TTLS-PAP") == 0) {
358 					user->ttls_auth |= EAP_TTLS_AUTH_PAP;
359 					goto skip_eap;
360 				}
361 				if (os_strcmp(start, "TTLS-CHAP") == 0) {
362 					user->ttls_auth |= EAP_TTLS_AUTH_CHAP;
363 					goto skip_eap;
364 				}
365 				if (os_strcmp(start, "TTLS-MSCHAP") == 0) {
366 					user->ttls_auth |=
367 						EAP_TTLS_AUTH_MSCHAP;
368 					goto skip_eap;
369 				}
370 				if (os_strcmp(start, "TTLS-MSCHAPV2") == 0) {
371 					user->ttls_auth |=
372 						EAP_TTLS_AUTH_MSCHAPV2;
373 					goto skip_eap;
374 				}
375 				if (os_strcmp(start, "MACACL") == 0) {
376 					user->macacl = 1;
377 					goto skip_eap;
378 				}
379 				wpa_printf(MSG_ERROR, "Unsupported EAP type "
380 					   "'%s' on line %d in '%s'",
381 					   start, line, fname);
382 				goto failed;
383 			}
384 
385 			num_methods++;
386 			if (num_methods >= EAP_MAX_METHODS)
387 				break;
388 		skip_eap:
389 			if (pos3 == NULL)
390 				break;
391 			start = pos3;
392 		}
393 		if (num_methods == 0 && user->ttls_auth == 0 && !user->macacl) {
394 			wpa_printf(MSG_ERROR, "No EAP types configured on "
395 				   "line %d in '%s'", line, fname);
396 			goto failed;
397 		}
398 
399 		if (pos == NULL)
400 			goto done;
401 
402 		while (*pos == ' ' || *pos == '\t')
403 			pos++;
404 		if (*pos == '\0')
405 			goto done;
406 
407 		if (os_strncmp(pos, "[ver=0]", 7) == 0) {
408 			user->force_version = 0;
409 			goto done;
410 		}
411 
412 		if (os_strncmp(pos, "[ver=1]", 7) == 0) {
413 			user->force_version = 1;
414 			goto done;
415 		}
416 
417 		if (os_strncmp(pos, "[2]", 3) == 0) {
418 			user->phase2 = 1;
419 			goto done;
420 		}
421 
422 		if (*pos == '"') {
423 			pos++;
424 			start = pos;
425 			while (*pos != '"' && *pos != '\0')
426 				pos++;
427 			if (*pos == '\0') {
428 				wpa_printf(MSG_ERROR, "Invalid EAP password "
429 					   "(no \" in end) on line %d in '%s'",
430 					   line, fname);
431 				goto failed;
432 			}
433 
434 			user->password = os_malloc(pos - start);
435 			if (user->password == NULL) {
436 				wpa_printf(MSG_ERROR, "Failed to allocate "
437 					   "memory for EAP password");
438 				goto failed;
439 			}
440 			os_memcpy(user->password, start, pos - start);
441 			user->password_len = pos - start;
442 
443 			pos++;
444 		} else if (os_strncmp(pos, "hash:", 5) == 0) {
445 			pos += 5;
446 			pos2 = pos;
447 			while (*pos2 != '\0' && *pos2 != ' ' &&
448 			       *pos2 != '\t' && *pos2 != '#')
449 				pos2++;
450 			if (pos2 - pos != 32) {
451 				wpa_printf(MSG_ERROR, "Invalid password hash "
452 					   "on line %d in '%s'", line, fname);
453 				goto failed;
454 			}
455 			user->password = os_malloc(16);
456 			if (user->password == NULL) {
457 				wpa_printf(MSG_ERROR, "Failed to allocate "
458 					   "memory for EAP password hash");
459 				goto failed;
460 			}
461 			if (hexstr2bin(pos, user->password, 16) < 0) {
462 				wpa_printf(MSG_ERROR, "Invalid hash password "
463 					   "on line %d in '%s'", line, fname);
464 				goto failed;
465 			}
466 			user->password_len = 16;
467 			user->password_hash = 1;
468 			pos = pos2;
469 		} else {
470 			pos2 = pos;
471 			while (*pos2 != '\0' && *pos2 != ' ' &&
472 			       *pos2 != '\t' && *pos2 != '#')
473 				pos2++;
474 			if ((pos2 - pos) & 1) {
475 				wpa_printf(MSG_ERROR, "Invalid hex password "
476 					   "on line %d in '%s'", line, fname);
477 				goto failed;
478 			}
479 			user->password = os_malloc((pos2 - pos) / 2);
480 			if (user->password == NULL) {
481 				wpa_printf(MSG_ERROR, "Failed to allocate "
482 					   "memory for EAP password");
483 				goto failed;
484 			}
485 			if (hexstr2bin(pos, user->password,
486 				       (pos2 - pos) / 2) < 0) {
487 				wpa_printf(MSG_ERROR, "Invalid hex password "
488 					   "on line %d in '%s'", line, fname);
489 				goto failed;
490 			}
491 			user->password_len = (pos2 - pos) / 2;
492 			pos = pos2;
493 		}
494 
495 		while (*pos == ' ' || *pos == '\t')
496 			pos++;
497 		if (os_strncmp(pos, "[2]", 3) == 0) {
498 			user->phase2 = 1;
499 		}
500 
501 	done:
502 		if (tail == NULL) {
503 			tail = new_user = user;
504 		} else {
505 			tail->next = user;
506 			tail = user;
507 		}
508 		continue;
509 
510 	failed:
511 		if (user)
512 			hostapd_config_free_eap_user(user);
513 		ret = -1;
514 		break;
515 	}
516 
517 	fclose(f);
518 
519 	if (ret == 0) {
520 		user = conf->eap_user;
521 		while (user) {
522 			struct hostapd_eap_user *prev;
523 
524 			prev = user;
525 			user = user->next;
526 			hostapd_config_free_eap_user(prev);
527 		}
528 		conf->eap_user = new_user;
529 	}
530 
531 	return ret;
532 }
533 #endif /* EAP_SERVER */
534 
535 
536 #ifndef CONFIG_NO_RADIUS
537 static int
538 hostapd_config_read_radius_addr(struct hostapd_radius_server **server,
539 				int *num_server, const char *val, int def_port,
540 				struct hostapd_radius_server **curr_serv)
541 {
542 	struct hostapd_radius_server *nserv;
543 	int ret;
544 	static int server_index = 1;
545 
546 	nserv = os_realloc_array(*server, *num_server + 1, sizeof(*nserv));
547 	if (nserv == NULL)
548 		return -1;
549 
550 	*server = nserv;
551 	nserv = &nserv[*num_server];
552 	(*num_server)++;
553 	(*curr_serv) = nserv;
554 
555 	os_memset(nserv, 0, sizeof(*nserv));
556 	nserv->port = def_port;
557 	ret = hostapd_parse_ip_addr(val, &nserv->addr);
558 	nserv->index = server_index++;
559 
560 	return ret;
561 }
562 
563 
564 static struct hostapd_radius_attr *
565 hostapd_parse_radius_attr(const char *value)
566 {
567 	const char *pos;
568 	char syntax;
569 	struct hostapd_radius_attr *attr;
570 	size_t len;
571 
572 	attr = os_zalloc(sizeof(*attr));
573 	if (attr == NULL)
574 		return NULL;
575 
576 	attr->type = atoi(value);
577 
578 	pos = os_strchr(value, ':');
579 	if (pos == NULL) {
580 		attr->val = wpabuf_alloc(1);
581 		if (attr->val == NULL) {
582 			os_free(attr);
583 			return NULL;
584 		}
585 		wpabuf_put_u8(attr->val, 0);
586 		return attr;
587 	}
588 
589 	pos++;
590 	if (pos[0] == '\0' || pos[1] != ':') {
591 		os_free(attr);
592 		return NULL;
593 	}
594 	syntax = *pos++;
595 	pos++;
596 
597 	switch (syntax) {
598 	case 's':
599 		attr->val = wpabuf_alloc_copy(pos, os_strlen(pos));
600 		break;
601 	case 'x':
602 		len = os_strlen(pos);
603 		if (len & 1)
604 			break;
605 		len /= 2;
606 		attr->val = wpabuf_alloc(len);
607 		if (attr->val == NULL)
608 			break;
609 		if (hexstr2bin(pos, wpabuf_put(attr->val, len), len) < 0) {
610 			wpabuf_free(attr->val);
611 			os_free(attr);
612 			return NULL;
613 		}
614 		break;
615 	case 'd':
616 		attr->val = wpabuf_alloc(4);
617 		if (attr->val)
618 			wpabuf_put_be32(attr->val, atoi(pos));
619 		break;
620 	default:
621 		os_free(attr);
622 		return NULL;
623 	}
624 
625 	if (attr->val == NULL) {
626 		os_free(attr);
627 		return NULL;
628 	}
629 
630 	return attr;
631 }
632 
633 
634 static int hostapd_parse_das_client(struct hostapd_bss_config *bss,
635 				    const char *val)
636 {
637 	char *secret;
638 
639 	secret = os_strchr(val, ' ');
640 	if (secret == NULL)
641 		return -1;
642 
643 	secret++;
644 
645 	if (hostapd_parse_ip_addr(val, &bss->radius_das_client_addr))
646 		return -1;
647 
648 	os_free(bss->radius_das_shared_secret);
649 	bss->radius_das_shared_secret = (u8 *) os_strdup(secret);
650 	if (bss->radius_das_shared_secret == NULL)
651 		return -1;
652 	bss->radius_das_shared_secret_len = os_strlen(secret);
653 
654 	return 0;
655 }
656 #endif /* CONFIG_NO_RADIUS */
657 
658 
659 static int hostapd_config_parse_key_mgmt(int line, const char *value)
660 {
661 	int val = 0, last;
662 	char *start, *end, *buf;
663 
664 	buf = os_strdup(value);
665 	if (buf == NULL)
666 		return -1;
667 	start = buf;
668 
669 	while (*start != '\0') {
670 		while (*start == ' ' || *start == '\t')
671 			start++;
672 		if (*start == '\0')
673 			break;
674 		end = start;
675 		while (*end != ' ' && *end != '\t' && *end != '\0')
676 			end++;
677 		last = *end == '\0';
678 		*end = '\0';
679 		if (os_strcmp(start, "WPA-PSK") == 0)
680 			val |= WPA_KEY_MGMT_PSK;
681 		else if (os_strcmp(start, "WPA-EAP") == 0)
682 			val |= WPA_KEY_MGMT_IEEE8021X;
683 #ifdef CONFIG_IEEE80211R
684 		else if (os_strcmp(start, "FT-PSK") == 0)
685 			val |= WPA_KEY_MGMT_FT_PSK;
686 		else if (os_strcmp(start, "FT-EAP") == 0)
687 			val |= WPA_KEY_MGMT_FT_IEEE8021X;
688 #endif /* CONFIG_IEEE80211R */
689 #ifdef CONFIG_IEEE80211W
690 		else if (os_strcmp(start, "WPA-PSK-SHA256") == 0)
691 			val |= WPA_KEY_MGMT_PSK_SHA256;
692 		else if (os_strcmp(start, "WPA-EAP-SHA256") == 0)
693 			val |= WPA_KEY_MGMT_IEEE8021X_SHA256;
694 #endif /* CONFIG_IEEE80211W */
695 #ifdef CONFIG_SAE
696 		else if (os_strcmp(start, "SAE") == 0)
697 			val |= WPA_KEY_MGMT_SAE;
698 		else if (os_strcmp(start, "FT-SAE") == 0)
699 			val |= WPA_KEY_MGMT_FT_SAE;
700 #endif /* CONFIG_SAE */
701 #ifdef CONFIG_SUITEB
702 		else if (os_strcmp(start, "WPA-EAP-SUITE-B") == 0)
703 			val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B;
704 #endif /* CONFIG_SUITEB */
705 #ifdef CONFIG_SUITEB192
706 		else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0)
707 			val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
708 #endif /* CONFIG_SUITEB192 */
709 		else {
710 			wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
711 				   line, start);
712 			os_free(buf);
713 			return -1;
714 		}
715 
716 		if (last)
717 			break;
718 		start = end + 1;
719 	}
720 
721 	os_free(buf);
722 	if (val == 0) {
723 		wpa_printf(MSG_ERROR, "Line %d: no key_mgmt values "
724 			   "configured.", line);
725 		return -1;
726 	}
727 
728 	return val;
729 }
730 
731 
732 static int hostapd_config_parse_cipher(int line, const char *value)
733 {
734 	int val = wpa_parse_cipher(value);
735 	if (val < 0) {
736 		wpa_printf(MSG_ERROR, "Line %d: invalid cipher '%s'.",
737 			   line, value);
738 		return -1;
739 	}
740 	if (val == 0) {
741 		wpa_printf(MSG_ERROR, "Line %d: no cipher values configured.",
742 			   line);
743 		return -1;
744 	}
745 	return val;
746 }
747 
748 
749 static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx,
750 				   char *val)
751 {
752 	size_t len = os_strlen(val);
753 
754 	if (keyidx < 0 || keyidx > 3 || wep->key[keyidx] != NULL)
755 		return -1;
756 
757 	if (val[0] == '"') {
758 		if (len < 2 || val[len - 1] != '"')
759 			return -1;
760 		len -= 2;
761 		wep->key[keyidx] = os_malloc(len);
762 		if (wep->key[keyidx] == NULL)
763 			return -1;
764 		os_memcpy(wep->key[keyidx], val + 1, len);
765 		wep->len[keyidx] = len;
766 	} else {
767 		if (len & 1)
768 			return -1;
769 		len /= 2;
770 		wep->key[keyidx] = os_malloc(len);
771 		if (wep->key[keyidx] == NULL)
772 			return -1;
773 		wep->len[keyidx] = len;
774 		if (hexstr2bin(val, wep->key[keyidx], len) < 0)
775 			return -1;
776 	}
777 
778 	wep->keys_set++;
779 
780 	return 0;
781 }
782 
783 
784 static int hostapd_parse_chanlist(struct hostapd_config *conf, char *val)
785 {
786 	char *pos;
787 
788 	/* for backwards compatibility, translate ' ' in conf str to ',' */
789 	pos = val;
790 	while (pos) {
791 		pos = os_strchr(pos, ' ');
792 		if (pos)
793 			*pos++ = ',';
794 	}
795 	if (freq_range_list_parse(&conf->acs_ch_list, val))
796 		return -1;
797 
798 	return 0;
799 }
800 
801 
802 static int hostapd_parse_intlist(int **int_list, char *val)
803 {
804 	int *list;
805 	int count;
806 	char *pos, *end;
807 
808 	os_free(*int_list);
809 	*int_list = NULL;
810 
811 	pos = val;
812 	count = 0;
813 	while (*pos != '\0') {
814 		if (*pos == ' ')
815 			count++;
816 		pos++;
817 	}
818 
819 	list = os_malloc(sizeof(int) * (count + 2));
820 	if (list == NULL)
821 		return -1;
822 	pos = val;
823 	count = 0;
824 	while (*pos != '\0') {
825 		end = os_strchr(pos, ' ');
826 		if (end)
827 			*end = '\0';
828 
829 		list[count++] = atoi(pos);
830 		if (!end)
831 			break;
832 		pos = end + 1;
833 	}
834 	list[count] = -1;
835 
836 	*int_list = list;
837 	return 0;
838 }
839 
840 
841 static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname)
842 {
843 	struct hostapd_bss_config **all, *bss;
844 
845 	if (*ifname == '\0')
846 		return -1;
847 
848 	all = os_realloc_array(conf->bss, conf->num_bss + 1,
849 			       sizeof(struct hostapd_bss_config *));
850 	if (all == NULL) {
851 		wpa_printf(MSG_ERROR, "Failed to allocate memory for "
852 			   "multi-BSS entry");
853 		return -1;
854 	}
855 	conf->bss = all;
856 
857 	bss = os_zalloc(sizeof(*bss));
858 	if (bss == NULL)
859 		return -1;
860 	bss->radius = os_zalloc(sizeof(*bss->radius));
861 	if (bss->radius == NULL) {
862 		wpa_printf(MSG_ERROR, "Failed to allocate memory for "
863 			   "multi-BSS RADIUS data");
864 		os_free(bss);
865 		return -1;
866 	}
867 
868 	conf->bss[conf->num_bss++] = bss;
869 	conf->last_bss = bss;
870 
871 	hostapd_config_defaults_bss(bss);
872 	os_strlcpy(bss->iface, ifname, sizeof(bss->iface));
873 	os_memcpy(bss->ssid.vlan, bss->iface, IFNAMSIZ + 1);
874 
875 	return 0;
876 }
877 
878 
879 /* convert floats with one decimal place to value*10 int, i.e.,
880  * "1.5" will return 15 */
881 static int hostapd_config_read_int10(const char *value)
882 {
883 	int i, d;
884 	char *pos;
885 
886 	i = atoi(value);
887 	pos = os_strchr(value, '.');
888 	d = 0;
889 	if (pos) {
890 		pos++;
891 		if (*pos >= '0' && *pos <= '9')
892 			d = *pos - '0';
893 	}
894 
895 	return i * 10 + d;
896 }
897 
898 
899 static int valid_cw(int cw)
900 {
901 	return (cw == 1 || cw == 3 || cw == 7 || cw == 15 || cw == 31 ||
902 		cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023 ||
903 		cw == 2047 || cw == 4095 || cw == 8191 || cw == 16383 ||
904 		cw == 32767);
905 }
906 
907 
908 enum {
909 	IEEE80211_TX_QUEUE_DATA0 = 0, /* used for EDCA AC_VO data */
910 	IEEE80211_TX_QUEUE_DATA1 = 1, /* used for EDCA AC_VI data */
911 	IEEE80211_TX_QUEUE_DATA2 = 2, /* used for EDCA AC_BE data */
912 	IEEE80211_TX_QUEUE_DATA3 = 3 /* used for EDCA AC_BK data */
913 };
914 
915 static int hostapd_config_tx_queue(struct hostapd_config *conf,
916 				   const char *name, const char *val)
917 {
918 	int num;
919 	const char *pos;
920 	struct hostapd_tx_queue_params *queue;
921 
922 	/* skip 'tx_queue_' prefix */
923 	pos = name + 9;
924 	if (os_strncmp(pos, "data", 4) == 0 &&
925 	    pos[4] >= '0' && pos[4] <= '9' && pos[5] == '_') {
926 		num = pos[4] - '0';
927 		pos += 6;
928 	} else if (os_strncmp(pos, "after_beacon_", 13) == 0 ||
929 		   os_strncmp(pos, "beacon_", 7) == 0) {
930 		wpa_printf(MSG_INFO, "DEPRECATED: '%s' not used", name);
931 		return 0;
932 	} else {
933 		wpa_printf(MSG_ERROR, "Unknown tx_queue name '%s'", pos);
934 		return -1;
935 	}
936 
937 	if (num >= NUM_TX_QUEUES) {
938 		/* for backwards compatibility, do not trigger failure */
939 		wpa_printf(MSG_INFO, "DEPRECATED: '%s' not used", name);
940 		return 0;
941 	}
942 
943 	queue = &conf->tx_queue[num];
944 
945 	if (os_strcmp(pos, "aifs") == 0) {
946 		queue->aifs = atoi(val);
947 		if (queue->aifs < 0 || queue->aifs > 255) {
948 			wpa_printf(MSG_ERROR, "Invalid AIFS value %d",
949 				   queue->aifs);
950 			return -1;
951 		}
952 	} else if (os_strcmp(pos, "cwmin") == 0) {
953 		queue->cwmin = atoi(val);
954 		if (!valid_cw(queue->cwmin)) {
955 			wpa_printf(MSG_ERROR, "Invalid cwMin value %d",
956 				   queue->cwmin);
957 			return -1;
958 		}
959 	} else if (os_strcmp(pos, "cwmax") == 0) {
960 		queue->cwmax = atoi(val);
961 		if (!valid_cw(queue->cwmax)) {
962 			wpa_printf(MSG_ERROR, "Invalid cwMax value %d",
963 				   queue->cwmax);
964 			return -1;
965 		}
966 	} else if (os_strcmp(pos, "burst") == 0) {
967 		queue->burst = hostapd_config_read_int10(val);
968 	} else {
969 		wpa_printf(MSG_ERROR, "Unknown tx_queue field '%s'", pos);
970 		return -1;
971 	}
972 
973 	return 0;
974 }
975 
976 
977 #ifdef CONFIG_IEEE80211R
978 static int add_r0kh(struct hostapd_bss_config *bss, char *value)
979 {
980 	struct ft_remote_r0kh *r0kh;
981 	char *pos, *next;
982 
983 	r0kh = os_zalloc(sizeof(*r0kh));
984 	if (r0kh == NULL)
985 		return -1;
986 
987 	/* 02:01:02:03:04:05 a.example.com 000102030405060708090a0b0c0d0e0f */
988 	pos = value;
989 	next = os_strchr(pos, ' ');
990 	if (next)
991 		*next++ = '\0';
992 	if (next == NULL || hwaddr_aton(pos, r0kh->addr)) {
993 		wpa_printf(MSG_ERROR, "Invalid R0KH MAC address: '%s'", pos);
994 		os_free(r0kh);
995 		return -1;
996 	}
997 
998 	pos = next;
999 	next = os_strchr(pos, ' ');
1000 	if (next)
1001 		*next++ = '\0';
1002 	if (next == NULL || next - pos > FT_R0KH_ID_MAX_LEN) {
1003 		wpa_printf(MSG_ERROR, "Invalid R0KH-ID: '%s'", pos);
1004 		os_free(r0kh);
1005 		return -1;
1006 	}
1007 	r0kh->id_len = next - pos - 1;
1008 	os_memcpy(r0kh->id, pos, r0kh->id_len);
1009 
1010 	pos = next;
1011 	if (hexstr2bin(pos, r0kh->key, sizeof(r0kh->key))) {
1012 		wpa_printf(MSG_ERROR, "Invalid R0KH key: '%s'", pos);
1013 		os_free(r0kh);
1014 		return -1;
1015 	}
1016 
1017 	r0kh->next = bss->r0kh_list;
1018 	bss->r0kh_list = r0kh;
1019 
1020 	return 0;
1021 }
1022 
1023 
1024 static int add_r1kh(struct hostapd_bss_config *bss, char *value)
1025 {
1026 	struct ft_remote_r1kh *r1kh;
1027 	char *pos, *next;
1028 
1029 	r1kh = os_zalloc(sizeof(*r1kh));
1030 	if (r1kh == NULL)
1031 		return -1;
1032 
1033 	/* 02:01:02:03:04:05 02:01:02:03:04:05
1034 	 * 000102030405060708090a0b0c0d0e0f */
1035 	pos = value;
1036 	next = os_strchr(pos, ' ');
1037 	if (next)
1038 		*next++ = '\0';
1039 	if (next == NULL || hwaddr_aton(pos, r1kh->addr)) {
1040 		wpa_printf(MSG_ERROR, "Invalid R1KH MAC address: '%s'", pos);
1041 		os_free(r1kh);
1042 		return -1;
1043 	}
1044 
1045 	pos = next;
1046 	next = os_strchr(pos, ' ');
1047 	if (next)
1048 		*next++ = '\0';
1049 	if (next == NULL || hwaddr_aton(pos, r1kh->id)) {
1050 		wpa_printf(MSG_ERROR, "Invalid R1KH-ID: '%s'", pos);
1051 		os_free(r1kh);
1052 		return -1;
1053 	}
1054 
1055 	pos = next;
1056 	if (hexstr2bin(pos, r1kh->key, sizeof(r1kh->key))) {
1057 		wpa_printf(MSG_ERROR, "Invalid R1KH key: '%s'", pos);
1058 		os_free(r1kh);
1059 		return -1;
1060 	}
1061 
1062 	r1kh->next = bss->r1kh_list;
1063 	bss->r1kh_list = r1kh;
1064 
1065 	return 0;
1066 }
1067 #endif /* CONFIG_IEEE80211R */
1068 
1069 
1070 #ifdef CONFIG_IEEE80211N
1071 static int hostapd_config_ht_capab(struct hostapd_config *conf,
1072 				   const char *capab)
1073 {
1074 	if (os_strstr(capab, "[LDPC]"))
1075 		conf->ht_capab |= HT_CAP_INFO_LDPC_CODING_CAP;
1076 	if (os_strstr(capab, "[HT40-]")) {
1077 		conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
1078 		conf->secondary_channel = -1;
1079 	}
1080 	if (os_strstr(capab, "[HT40+]")) {
1081 		conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
1082 		conf->secondary_channel = 1;
1083 	}
1084 	if (os_strstr(capab, "[SMPS-STATIC]")) {
1085 		conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK;
1086 		conf->ht_capab |= HT_CAP_INFO_SMPS_STATIC;
1087 	}
1088 	if (os_strstr(capab, "[SMPS-DYNAMIC]")) {
1089 		conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK;
1090 		conf->ht_capab |= HT_CAP_INFO_SMPS_DYNAMIC;
1091 	}
1092 	if (os_strstr(capab, "[GF]"))
1093 		conf->ht_capab |= HT_CAP_INFO_GREEN_FIELD;
1094 	if (os_strstr(capab, "[SHORT-GI-20]"))
1095 		conf->ht_capab |= HT_CAP_INFO_SHORT_GI20MHZ;
1096 	if (os_strstr(capab, "[SHORT-GI-40]"))
1097 		conf->ht_capab |= HT_CAP_INFO_SHORT_GI40MHZ;
1098 	if (os_strstr(capab, "[TX-STBC]"))
1099 		conf->ht_capab |= HT_CAP_INFO_TX_STBC;
1100 	if (os_strstr(capab, "[RX-STBC1]")) {
1101 		conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
1102 		conf->ht_capab |= HT_CAP_INFO_RX_STBC_1;
1103 	}
1104 	if (os_strstr(capab, "[RX-STBC12]")) {
1105 		conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
1106 		conf->ht_capab |= HT_CAP_INFO_RX_STBC_12;
1107 	}
1108 	if (os_strstr(capab, "[RX-STBC123]")) {
1109 		conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
1110 		conf->ht_capab |= HT_CAP_INFO_RX_STBC_123;
1111 	}
1112 	if (os_strstr(capab, "[DELAYED-BA]"))
1113 		conf->ht_capab |= HT_CAP_INFO_DELAYED_BA;
1114 	if (os_strstr(capab, "[MAX-AMSDU-7935]"))
1115 		conf->ht_capab |= HT_CAP_INFO_MAX_AMSDU_SIZE;
1116 	if (os_strstr(capab, "[DSSS_CCK-40]"))
1117 		conf->ht_capab |= HT_CAP_INFO_DSSS_CCK40MHZ;
1118 	if (os_strstr(capab, "[40-INTOLERANT]"))
1119 		conf->ht_capab |= HT_CAP_INFO_40MHZ_INTOLERANT;
1120 	if (os_strstr(capab, "[LSIG-TXOP-PROT]"))
1121 		conf->ht_capab |= HT_CAP_INFO_LSIG_TXOP_PROTECT_SUPPORT;
1122 
1123 	return 0;
1124 }
1125 #endif /* CONFIG_IEEE80211N */
1126 
1127 
1128 #ifdef CONFIG_IEEE80211AC
1129 static int hostapd_config_vht_capab(struct hostapd_config *conf,
1130 				    const char *capab)
1131 {
1132 	if (os_strstr(capab, "[MAX-MPDU-7991]"))
1133 		conf->vht_capab |= VHT_CAP_MAX_MPDU_LENGTH_7991;
1134 	if (os_strstr(capab, "[MAX-MPDU-11454]"))
1135 		conf->vht_capab |= VHT_CAP_MAX_MPDU_LENGTH_11454;
1136 	if (os_strstr(capab, "[VHT160]"))
1137 		conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
1138 	if (os_strstr(capab, "[VHT160-80PLUS80]"))
1139 		conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
1140 	if (os_strstr(capab, "[RXLDPC]"))
1141 		conf->vht_capab |= VHT_CAP_RXLDPC;
1142 	if (os_strstr(capab, "[SHORT-GI-80]"))
1143 		conf->vht_capab |= VHT_CAP_SHORT_GI_80;
1144 	if (os_strstr(capab, "[SHORT-GI-160]"))
1145 		conf->vht_capab |= VHT_CAP_SHORT_GI_160;
1146 	if (os_strstr(capab, "[TX-STBC-2BY1]"))
1147 		conf->vht_capab |= VHT_CAP_TXSTBC;
1148 	if (os_strstr(capab, "[RX-STBC-1]"))
1149 		conf->vht_capab |= VHT_CAP_RXSTBC_1;
1150 	if (os_strstr(capab, "[RX-STBC-12]"))
1151 		conf->vht_capab |= VHT_CAP_RXSTBC_2;
1152 	if (os_strstr(capab, "[RX-STBC-123]"))
1153 		conf->vht_capab |= VHT_CAP_RXSTBC_3;
1154 	if (os_strstr(capab, "[RX-STBC-1234]"))
1155 		conf->vht_capab |= VHT_CAP_RXSTBC_4;
1156 	if (os_strstr(capab, "[SU-BEAMFORMER]"))
1157 		conf->vht_capab |= VHT_CAP_SU_BEAMFORMER_CAPABLE;
1158 	if (os_strstr(capab, "[SU-BEAMFORMEE]"))
1159 		conf->vht_capab |= VHT_CAP_SU_BEAMFORMEE_CAPABLE;
1160 	if (os_strstr(capab, "[BF-ANTENNA-2]") &&
1161 	    (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE))
1162 		conf->vht_capab |= (1 << VHT_CAP_BEAMFORMEE_STS_OFFSET);
1163 	if (os_strstr(capab, "[BF-ANTENNA-3]") &&
1164 	    (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE))
1165 		conf->vht_capab |= (2 << VHT_CAP_BEAMFORMEE_STS_OFFSET);
1166 	if (os_strstr(capab, "[BF-ANTENNA-4]") &&
1167 	    (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE))
1168 		conf->vht_capab |= (3 << VHT_CAP_BEAMFORMEE_STS_OFFSET);
1169 	if (os_strstr(capab, "[SOUNDING-DIMENSION-2]") &&
1170 	    (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE))
1171 		conf->vht_capab |= (1 << VHT_CAP_SOUNDING_DIMENSION_OFFSET);
1172 	if (os_strstr(capab, "[SOUNDING-DIMENSION-3]") &&
1173 	    (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE))
1174 		conf->vht_capab |= (2 << VHT_CAP_SOUNDING_DIMENSION_OFFSET);
1175 	if (os_strstr(capab, "[SOUNDING-DIMENSION-4]") &&
1176 	    (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE))
1177 		conf->vht_capab |= (3 << VHT_CAP_SOUNDING_DIMENSION_OFFSET);
1178 	if (os_strstr(capab, "[MU-BEAMFORMER]"))
1179 		conf->vht_capab |= VHT_CAP_MU_BEAMFORMER_CAPABLE;
1180 	if (os_strstr(capab, "[VHT-TXOP-PS]"))
1181 		conf->vht_capab |= VHT_CAP_VHT_TXOP_PS;
1182 	if (os_strstr(capab, "[HTC-VHT]"))
1183 		conf->vht_capab |= VHT_CAP_HTC_VHT;
1184 	if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP7]"))
1185 		conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX;
1186 	else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP6]"))
1187 		conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_6;
1188 	else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP5]"))
1189 		conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_5;
1190 	else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP4]"))
1191 		conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_4;
1192 	else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP3]"))
1193 		conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_3;
1194 	else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP2]"))
1195 		conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_2;
1196 	else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP1]"))
1197 		conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_1;
1198 	if (os_strstr(capab, "[VHT-LINK-ADAPT2]") &&
1199 	    (conf->vht_capab & VHT_CAP_HTC_VHT))
1200 		conf->vht_capab |= VHT_CAP_VHT_LINK_ADAPTATION_VHT_UNSOL_MFB;
1201 	if (os_strstr(capab, "[VHT-LINK-ADAPT3]") &&
1202 	    (conf->vht_capab & VHT_CAP_HTC_VHT))
1203 		conf->vht_capab |= VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB;
1204 	if (os_strstr(capab, "[RX-ANTENNA-PATTERN]"))
1205 		conf->vht_capab |= VHT_CAP_RX_ANTENNA_PATTERN;
1206 	if (os_strstr(capab, "[TX-ANTENNA-PATTERN]"))
1207 		conf->vht_capab |= VHT_CAP_TX_ANTENNA_PATTERN;
1208 	return 0;
1209 }
1210 #endif /* CONFIG_IEEE80211AC */
1211 
1212 
1213 #ifdef CONFIG_INTERWORKING
1214 static int parse_roaming_consortium(struct hostapd_bss_config *bss, char *pos,
1215 				    int line)
1216 {
1217 	size_t len = os_strlen(pos);
1218 	u8 oi[MAX_ROAMING_CONSORTIUM_LEN];
1219 
1220 	struct hostapd_roaming_consortium *rc;
1221 
1222 	if ((len & 1) || len < 2 * 3 || len / 2 > MAX_ROAMING_CONSORTIUM_LEN ||
1223 	    hexstr2bin(pos, oi, len / 2)) {
1224 		wpa_printf(MSG_ERROR, "Line %d: invalid roaming_consortium "
1225 			   "'%s'", line, pos);
1226 		return -1;
1227 	}
1228 	len /= 2;
1229 
1230 	rc = os_realloc_array(bss->roaming_consortium,
1231 			      bss->roaming_consortium_count + 1,
1232 			      sizeof(struct hostapd_roaming_consortium));
1233 	if (rc == NULL)
1234 		return -1;
1235 
1236 	os_memcpy(rc[bss->roaming_consortium_count].oi, oi, len);
1237 	rc[bss->roaming_consortium_count].len = len;
1238 
1239 	bss->roaming_consortium = rc;
1240 	bss->roaming_consortium_count++;
1241 
1242 	return 0;
1243 }
1244 
1245 
1246 static int parse_lang_string(struct hostapd_lang_string **array,
1247 			     unsigned int *count, char *pos)
1248 {
1249 	char *sep, *str = NULL;
1250 	size_t clen, nlen, slen;
1251 	struct hostapd_lang_string *ls;
1252 	int ret = -1;
1253 
1254 	if (*pos == '"' || (*pos == 'P' && pos[1] == '"')) {
1255 		str = wpa_config_parse_string(pos, &slen);
1256 		if (!str)
1257 			return -1;
1258 		pos = str;
1259 	}
1260 
1261 	sep = os_strchr(pos, ':');
1262 	if (sep == NULL)
1263 		goto fail;
1264 	*sep++ = '\0';
1265 
1266 	clen = os_strlen(pos);
1267 	if (clen < 2 || clen > sizeof(ls->lang))
1268 		goto fail;
1269 	nlen = os_strlen(sep);
1270 	if (nlen > 252)
1271 		goto fail;
1272 
1273 	ls = os_realloc_array(*array, *count + 1,
1274 			      sizeof(struct hostapd_lang_string));
1275 	if (ls == NULL)
1276 		goto fail;
1277 
1278 	*array = ls;
1279 	ls = &(*array)[*count];
1280 	(*count)++;
1281 
1282 	os_memset(ls->lang, 0, sizeof(ls->lang));
1283 	os_memcpy(ls->lang, pos, clen);
1284 	ls->name_len = nlen;
1285 	os_memcpy(ls->name, sep, nlen);
1286 
1287 	ret = 0;
1288 fail:
1289 	os_free(str);
1290 	return ret;
1291 }
1292 
1293 
1294 static int parse_venue_name(struct hostapd_bss_config *bss, char *pos,
1295 			    int line)
1296 {
1297 	if (parse_lang_string(&bss->venue_name, &bss->venue_name_count, pos)) {
1298 		wpa_printf(MSG_ERROR, "Line %d: Invalid venue_name '%s'",
1299 			   line, pos);
1300 		return -1;
1301 	}
1302 	return 0;
1303 }
1304 
1305 
1306 static int parse_3gpp_cell_net(struct hostapd_bss_config *bss, char *buf,
1307 			       int line)
1308 {
1309 	size_t count;
1310 	char *pos;
1311 	u8 *info = NULL, *ipos;
1312 
1313 	/* format: <MCC1,MNC1>[;<MCC2,MNC2>][;...] */
1314 
1315 	count = 1;
1316 	for (pos = buf; *pos; pos++) {
1317 		if ((*pos < '0' || *pos > '9') && *pos != ';' && *pos != ',')
1318 			goto fail;
1319 		if (*pos == ';')
1320 			count++;
1321 	}
1322 	if (1 + count * 3 > 0x7f)
1323 		goto fail;
1324 
1325 	info = os_zalloc(2 + 3 + count * 3);
1326 	if (info == NULL)
1327 		return -1;
1328 
1329 	ipos = info;
1330 	*ipos++ = 0; /* GUD - Version 1 */
1331 	*ipos++ = 3 + count * 3; /* User Data Header Length (UDHL) */
1332 	*ipos++ = 0; /* PLMN List IEI */
1333 	/* ext(b8) | Length of PLMN List value contents(b7..1) */
1334 	*ipos++ = 1 + count * 3;
1335 	*ipos++ = count; /* Number of PLMNs */
1336 
1337 	pos = buf;
1338 	while (pos && *pos) {
1339 		char *mcc, *mnc;
1340 		size_t mnc_len;
1341 
1342 		mcc = pos;
1343 		mnc = os_strchr(pos, ',');
1344 		if (mnc == NULL)
1345 			goto fail;
1346 		*mnc++ = '\0';
1347 		pos = os_strchr(mnc, ';');
1348 		if (pos)
1349 			*pos++ = '\0';
1350 
1351 		mnc_len = os_strlen(mnc);
1352 		if (os_strlen(mcc) != 3 || (mnc_len != 2 && mnc_len != 3))
1353 			goto fail;
1354 
1355 		/* BC coded MCC,MNC */
1356 		/* MCC digit 2 | MCC digit 1 */
1357 		*ipos++ = ((mcc[1] - '0') << 4) | (mcc[0] - '0');
1358 		/* MNC digit 3 | MCC digit 3 */
1359 		*ipos++ = (((mnc_len == 2) ? 0xf0 : ((mnc[2] - '0') << 4))) |
1360 			(mcc[2] - '0');
1361 		/* MNC digit 2 | MNC digit 1 */
1362 		*ipos++ = ((mnc[1] - '0') << 4) | (mnc[0] - '0');
1363 	}
1364 
1365 	os_free(bss->anqp_3gpp_cell_net);
1366 	bss->anqp_3gpp_cell_net = info;
1367 	bss->anqp_3gpp_cell_net_len = 2 + 3 + 3 * count;
1368 	wpa_hexdump(MSG_MSGDUMP, "3GPP Cellular Network information",
1369 		    bss->anqp_3gpp_cell_net, bss->anqp_3gpp_cell_net_len);
1370 
1371 	return 0;
1372 
1373 fail:
1374 	wpa_printf(MSG_ERROR, "Line %d: Invalid anqp_3gpp_cell_net: %s",
1375 		   line, buf);
1376 	os_free(info);
1377 	return -1;
1378 }
1379 
1380 
1381 static int parse_nai_realm(struct hostapd_bss_config *bss, char *buf, int line)
1382 {
1383 	struct hostapd_nai_realm_data *realm;
1384 	size_t i, j, len;
1385 	int *offsets;
1386 	char *pos, *end, *rpos;
1387 
1388 	offsets = os_calloc(bss->nai_realm_count * MAX_NAI_REALMS,
1389 			    sizeof(int));
1390 	if (offsets == NULL)
1391 		return -1;
1392 
1393 	for (i = 0; i < bss->nai_realm_count; i++) {
1394 		realm = &bss->nai_realm_data[i];
1395 		for (j = 0; j < MAX_NAI_REALMS; j++) {
1396 			offsets[i * MAX_NAI_REALMS + j] =
1397 				realm->realm[j] ?
1398 				realm->realm[j] - realm->realm_buf : -1;
1399 		}
1400 	}
1401 
1402 	realm = os_realloc_array(bss->nai_realm_data, bss->nai_realm_count + 1,
1403 				 sizeof(struct hostapd_nai_realm_data));
1404 	if (realm == NULL) {
1405 		os_free(offsets);
1406 		return -1;
1407 	}
1408 	bss->nai_realm_data = realm;
1409 
1410 	/* patch the pointers after realloc */
1411 	for (i = 0; i < bss->nai_realm_count; i++) {
1412 		realm = &bss->nai_realm_data[i];
1413 		for (j = 0; j < MAX_NAI_REALMS; j++) {
1414 			int offs = offsets[i * MAX_NAI_REALMS + j];
1415 			if (offs >= 0)
1416 				realm->realm[j] = realm->realm_buf + offs;
1417 			else
1418 				realm->realm[j] = NULL;
1419 		}
1420 	}
1421 	os_free(offsets);
1422 
1423 	realm = &bss->nai_realm_data[bss->nai_realm_count];
1424 	os_memset(realm, 0, sizeof(*realm));
1425 
1426 	pos = buf;
1427 	realm->encoding = atoi(pos);
1428 	pos = os_strchr(pos, ',');
1429 	if (pos == NULL)
1430 		goto fail;
1431 	pos++;
1432 
1433 	end = os_strchr(pos, ',');
1434 	if (end) {
1435 		len = end - pos;
1436 		*end = '\0';
1437 	} else {
1438 		len = os_strlen(pos);
1439 	}
1440 
1441 	if (len > MAX_NAI_REALMLEN) {
1442 		wpa_printf(MSG_ERROR, "Too long a realm string (%d > max %d "
1443 			   "characters)", (int) len, MAX_NAI_REALMLEN);
1444 		goto fail;
1445 	}
1446 	os_memcpy(realm->realm_buf, pos, len);
1447 
1448 	if (end)
1449 		pos = end + 1;
1450 	else
1451 		pos = NULL;
1452 
1453 	while (pos && *pos) {
1454 		struct hostapd_nai_realm_eap *eap;
1455 
1456 		if (realm->eap_method_count >= MAX_NAI_EAP_METHODS) {
1457 			wpa_printf(MSG_ERROR, "Too many EAP methods");
1458 			goto fail;
1459 		}
1460 
1461 		eap = &realm->eap_method[realm->eap_method_count];
1462 		realm->eap_method_count++;
1463 
1464 		end = os_strchr(pos, ',');
1465 		if (end == NULL)
1466 			end = pos + os_strlen(pos);
1467 
1468 		eap->eap_method = atoi(pos);
1469 		for (;;) {
1470 			pos = os_strchr(pos, '[');
1471 			if (pos == NULL || pos > end)
1472 				break;
1473 			pos++;
1474 			if (eap->num_auths >= MAX_NAI_AUTH_TYPES) {
1475 				wpa_printf(MSG_ERROR, "Too many auth params");
1476 				goto fail;
1477 			}
1478 			eap->auth_id[eap->num_auths] = atoi(pos);
1479 			pos = os_strchr(pos, ':');
1480 			if (pos == NULL || pos > end)
1481 				goto fail;
1482 			pos++;
1483 			eap->auth_val[eap->num_auths] = atoi(pos);
1484 			pos = os_strchr(pos, ']');
1485 			if (pos == NULL || pos > end)
1486 				goto fail;
1487 			pos++;
1488 			eap->num_auths++;
1489 		}
1490 
1491 		if (*end != ',')
1492 			break;
1493 
1494 		pos = end + 1;
1495 	}
1496 
1497 	/* Split realm list into null terminated realms */
1498 	rpos = realm->realm_buf;
1499 	i = 0;
1500 	while (*rpos) {
1501 		if (i >= MAX_NAI_REALMS) {
1502 			wpa_printf(MSG_ERROR, "Too many realms");
1503 			goto fail;
1504 		}
1505 		realm->realm[i++] = rpos;
1506 		rpos = os_strchr(rpos, ';');
1507 		if (rpos == NULL)
1508 			break;
1509 		*rpos++ = '\0';
1510 	}
1511 
1512 	bss->nai_realm_count++;
1513 
1514 	return 0;
1515 
1516 fail:
1517 	wpa_printf(MSG_ERROR, "Line %d: invalid nai_realm '%s'", line, buf);
1518 	return -1;
1519 }
1520 
1521 
1522 static int parse_qos_map_set(struct hostapd_bss_config *bss,
1523 			     char *buf, int line)
1524 {
1525 	u8 qos_map_set[16 + 2 * 21], count = 0;
1526 	char *pos = buf;
1527 	int val;
1528 
1529 	for (;;) {
1530 		if (count == sizeof(qos_map_set)) {
1531 			wpa_printf(MSG_ERROR, "Line %d: Too many qos_map_set "
1532 				   "parameters '%s'", line, buf);
1533 			return -1;
1534 		}
1535 
1536 		val = atoi(pos);
1537 		if (val > 255 || val < 0) {
1538 			wpa_printf(MSG_ERROR, "Line %d: Invalid qos_map_set "
1539 				   "'%s'", line, buf);
1540 			return -1;
1541 		}
1542 
1543 		qos_map_set[count++] = val;
1544 		pos = os_strchr(pos, ',');
1545 		if (!pos)
1546 			break;
1547 		pos++;
1548 	}
1549 
1550 	if (count < 16 || count & 1) {
1551 		wpa_printf(MSG_ERROR, "Line %d: Invalid qos_map_set '%s'",
1552 			   line, buf);
1553 		return -1;
1554 	}
1555 
1556 	os_memcpy(bss->qos_map_set, qos_map_set, count);
1557 	bss->qos_map_set_len = count;
1558 
1559 	return 0;
1560 }
1561 
1562 #endif /* CONFIG_INTERWORKING */
1563 
1564 
1565 #ifdef CONFIG_HS20
1566 static int hs20_parse_conn_capab(struct hostapd_bss_config *bss, char *buf,
1567 				 int line)
1568 {
1569 	u8 *conn_cap;
1570 	char *pos;
1571 
1572 	if (bss->hs20_connection_capability_len >= 0xfff0)
1573 		return -1;
1574 
1575 	conn_cap = os_realloc(bss->hs20_connection_capability,
1576 			      bss->hs20_connection_capability_len + 4);
1577 	if (conn_cap == NULL)
1578 		return -1;
1579 
1580 	bss->hs20_connection_capability = conn_cap;
1581 	conn_cap += bss->hs20_connection_capability_len;
1582 	pos = buf;
1583 	conn_cap[0] = atoi(pos);
1584 	pos = os_strchr(pos, ':');
1585 	if (pos == NULL)
1586 		return -1;
1587 	pos++;
1588 	WPA_PUT_LE16(conn_cap + 1, atoi(pos));
1589 	pos = os_strchr(pos, ':');
1590 	if (pos == NULL)
1591 		return -1;
1592 	pos++;
1593 	conn_cap[3] = atoi(pos);
1594 	bss->hs20_connection_capability_len += 4;
1595 
1596 	return 0;
1597 }
1598 
1599 
1600 static int hs20_parse_wan_metrics(struct hostapd_bss_config *bss, char *buf,
1601 				  int line)
1602 {
1603 	u8 *wan_metrics;
1604 	char *pos;
1605 
1606 	/* <WAN Info>:<DL Speed>:<UL Speed>:<DL Load>:<UL Load>:<LMD> */
1607 
1608 	wan_metrics = os_zalloc(13);
1609 	if (wan_metrics == NULL)
1610 		return -1;
1611 
1612 	pos = buf;
1613 	/* WAN Info */
1614 	if (hexstr2bin(pos, wan_metrics, 1) < 0)
1615 		goto fail;
1616 	pos += 2;
1617 	if (*pos != ':')
1618 		goto fail;
1619 	pos++;
1620 
1621 	/* Downlink Speed */
1622 	WPA_PUT_LE32(wan_metrics + 1, atoi(pos));
1623 	pos = os_strchr(pos, ':');
1624 	if (pos == NULL)
1625 		goto fail;
1626 	pos++;
1627 
1628 	/* Uplink Speed */
1629 	WPA_PUT_LE32(wan_metrics + 5, atoi(pos));
1630 	pos = os_strchr(pos, ':');
1631 	if (pos == NULL)
1632 		goto fail;
1633 	pos++;
1634 
1635 	/* Downlink Load */
1636 	wan_metrics[9] = atoi(pos);
1637 	pos = os_strchr(pos, ':');
1638 	if (pos == NULL)
1639 		goto fail;
1640 	pos++;
1641 
1642 	/* Uplink Load */
1643 	wan_metrics[10] = atoi(pos);
1644 	pos = os_strchr(pos, ':');
1645 	if (pos == NULL)
1646 		goto fail;
1647 	pos++;
1648 
1649 	/* LMD */
1650 	WPA_PUT_LE16(wan_metrics + 11, atoi(pos));
1651 
1652 	os_free(bss->hs20_wan_metrics);
1653 	bss->hs20_wan_metrics = wan_metrics;
1654 
1655 	return 0;
1656 
1657 fail:
1658 	wpa_printf(MSG_ERROR, "Line %d: Invalid hs20_wan_metrics '%s'",
1659 		   line, buf);
1660 	os_free(wan_metrics);
1661 	return -1;
1662 }
1663 
1664 
1665 static int hs20_parse_oper_friendly_name(struct hostapd_bss_config *bss,
1666 					 char *pos, int line)
1667 {
1668 	if (parse_lang_string(&bss->hs20_oper_friendly_name,
1669 			      &bss->hs20_oper_friendly_name_count, pos)) {
1670 		wpa_printf(MSG_ERROR, "Line %d: Invalid "
1671 			   "hs20_oper_friendly_name '%s'", line, pos);
1672 		return -1;
1673 	}
1674 	return 0;
1675 }
1676 
1677 
1678 static int hs20_parse_icon(struct hostapd_bss_config *bss, char *pos)
1679 {
1680 	struct hs20_icon *icon;
1681 	char *end;
1682 
1683 	icon = os_realloc_array(bss->hs20_icons, bss->hs20_icons_count + 1,
1684 				sizeof(struct hs20_icon));
1685 	if (icon == NULL)
1686 		return -1;
1687 	bss->hs20_icons = icon;
1688 	icon = &bss->hs20_icons[bss->hs20_icons_count];
1689 	os_memset(icon, 0, sizeof(*icon));
1690 
1691 	icon->width = atoi(pos);
1692 	pos = os_strchr(pos, ':');
1693 	if (pos == NULL)
1694 		return -1;
1695 	pos++;
1696 
1697 	icon->height = atoi(pos);
1698 	pos = os_strchr(pos, ':');
1699 	if (pos == NULL)
1700 		return -1;
1701 	pos++;
1702 
1703 	end = os_strchr(pos, ':');
1704 	if (end == NULL || end - pos > 3)
1705 		return -1;
1706 	os_memcpy(icon->language, pos, end - pos);
1707 	pos = end + 1;
1708 
1709 	end = os_strchr(pos, ':');
1710 	if (end == NULL || end - pos > 255)
1711 		return -1;
1712 	os_memcpy(icon->type, pos, end - pos);
1713 	pos = end + 1;
1714 
1715 	end = os_strchr(pos, ':');
1716 	if (end == NULL || end - pos > 255)
1717 		return -1;
1718 	os_memcpy(icon->name, pos, end - pos);
1719 	pos = end + 1;
1720 
1721 	if (os_strlen(pos) > 255)
1722 		return -1;
1723 	os_memcpy(icon->file, pos, os_strlen(pos));
1724 
1725 	bss->hs20_icons_count++;
1726 
1727 	return 0;
1728 }
1729 
1730 
1731 static int hs20_parse_osu_ssid(struct hostapd_bss_config *bss,
1732 			       char *pos, int line)
1733 {
1734 	size_t slen;
1735 	char *str;
1736 
1737 	str = wpa_config_parse_string(pos, &slen);
1738 	if (str == NULL || slen < 1 || slen > SSID_MAX_LEN) {
1739 		wpa_printf(MSG_ERROR, "Line %d: Invalid SSID '%s'", line, pos);
1740 		os_free(str);
1741 		return -1;
1742 	}
1743 
1744 	os_memcpy(bss->osu_ssid, str, slen);
1745 	bss->osu_ssid_len = slen;
1746 	os_free(str);
1747 
1748 	return 0;
1749 }
1750 
1751 
1752 static int hs20_parse_osu_server_uri(struct hostapd_bss_config *bss,
1753 				     char *pos, int line)
1754 {
1755 	struct hs20_osu_provider *p;
1756 
1757 	p = os_realloc_array(bss->hs20_osu_providers,
1758 			     bss->hs20_osu_providers_count + 1, sizeof(*p));
1759 	if (p == NULL)
1760 		return -1;
1761 
1762 	bss->hs20_osu_providers = p;
1763 	bss->last_osu = &bss->hs20_osu_providers[bss->hs20_osu_providers_count];
1764 	bss->hs20_osu_providers_count++;
1765 	os_memset(bss->last_osu, 0, sizeof(*p));
1766 	bss->last_osu->server_uri = os_strdup(pos);
1767 
1768 	return 0;
1769 }
1770 
1771 
1772 static int hs20_parse_osu_friendly_name(struct hostapd_bss_config *bss,
1773 					char *pos, int line)
1774 {
1775 	if (bss->last_osu == NULL) {
1776 		wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
1777 		return -1;
1778 	}
1779 
1780 	if (parse_lang_string(&bss->last_osu->friendly_name,
1781 			      &bss->last_osu->friendly_name_count, pos)) {
1782 		wpa_printf(MSG_ERROR, "Line %d: Invalid osu_friendly_name '%s'",
1783 			   line, pos);
1784 		return -1;
1785 	}
1786 
1787 	return 0;
1788 }
1789 
1790 
1791 static int hs20_parse_osu_nai(struct hostapd_bss_config *bss,
1792 			      char *pos, int line)
1793 {
1794 	if (bss->last_osu == NULL) {
1795 		wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
1796 		return -1;
1797 	}
1798 
1799 	os_free(bss->last_osu->osu_nai);
1800 	bss->last_osu->osu_nai = os_strdup(pos);
1801 	if (bss->last_osu->osu_nai == NULL)
1802 		return -1;
1803 
1804 	return 0;
1805 }
1806 
1807 
1808 static int hs20_parse_osu_method_list(struct hostapd_bss_config *bss, char *pos,
1809 				      int line)
1810 {
1811 	if (bss->last_osu == NULL) {
1812 		wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
1813 		return -1;
1814 	}
1815 
1816 	if (hostapd_parse_intlist(&bss->last_osu->method_list, pos)) {
1817 		wpa_printf(MSG_ERROR, "Line %d: Invalid osu_method_list", line);
1818 		return -1;
1819 	}
1820 
1821 	return 0;
1822 }
1823 
1824 
1825 static int hs20_parse_osu_icon(struct hostapd_bss_config *bss, char *pos,
1826 			       int line)
1827 {
1828 	char **n;
1829 	struct hs20_osu_provider *p = bss->last_osu;
1830 
1831 	if (p == NULL) {
1832 		wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
1833 		return -1;
1834 	}
1835 
1836 	n = os_realloc_array(p->icons, p->icons_count + 1, sizeof(char *));
1837 	if (n == NULL)
1838 		return -1;
1839 	p->icons = n;
1840 	p->icons[p->icons_count] = os_strdup(pos);
1841 	if (p->icons[p->icons_count] == NULL)
1842 		return -1;
1843 	p->icons_count++;
1844 
1845 	return 0;
1846 }
1847 
1848 
1849 static int hs20_parse_osu_service_desc(struct hostapd_bss_config *bss,
1850 				       char *pos, int line)
1851 {
1852 	if (bss->last_osu == NULL) {
1853 		wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
1854 		return -1;
1855 	}
1856 
1857 	if (parse_lang_string(&bss->last_osu->service_desc,
1858 			      &bss->last_osu->service_desc_count, pos)) {
1859 		wpa_printf(MSG_ERROR, "Line %d: Invalid osu_service_desc '%s'",
1860 			   line, pos);
1861 		return -1;
1862 	}
1863 
1864 	return 0;
1865 }
1866 
1867 #endif /* CONFIG_HS20 */
1868 
1869 
1870 #ifdef CONFIG_WPS_NFC
1871 static struct wpabuf * hostapd_parse_bin(const char *buf)
1872 {
1873 	size_t len;
1874 	struct wpabuf *ret;
1875 
1876 	len = os_strlen(buf);
1877 	if (len & 0x01)
1878 		return NULL;
1879 	len /= 2;
1880 
1881 	ret = wpabuf_alloc(len);
1882 	if (ret == NULL)
1883 		return NULL;
1884 
1885 	if (hexstr2bin(buf, wpabuf_put(ret, len), len)) {
1886 		wpabuf_free(ret);
1887 		return NULL;
1888 	}
1889 
1890 	return ret;
1891 }
1892 #endif /* CONFIG_WPS_NFC */
1893 
1894 
1895 #ifdef CONFIG_ACS
1896 static int hostapd_config_parse_acs_chan_bias(struct hostapd_config *conf,
1897 					      char *pos)
1898 {
1899 	struct acs_bias *bias = NULL, *tmp;
1900 	unsigned int num = 0;
1901 	char *end;
1902 
1903 	while (*pos) {
1904 		tmp = os_realloc_array(bias, num + 1, sizeof(*bias));
1905 		if (!tmp)
1906 			goto fail;
1907 		bias = tmp;
1908 
1909 		bias[num].channel = atoi(pos);
1910 		if (bias[num].channel <= 0)
1911 			goto fail;
1912 		pos = os_strchr(pos, ':');
1913 		if (!pos)
1914 			goto fail;
1915 		pos++;
1916 		bias[num].bias = strtod(pos, &end);
1917 		if (end == pos || bias[num].bias < 0.0)
1918 			goto fail;
1919 		pos = end;
1920 		if (*pos != ' ' && *pos != '\0')
1921 			goto fail;
1922 		num++;
1923 	}
1924 
1925 	os_free(conf->acs_chan_bias);
1926 	conf->acs_chan_bias = bias;
1927 	conf->num_acs_chan_bias = num;
1928 
1929 	return 0;
1930 fail:
1931 	os_free(bias);
1932 	return -1;
1933 }
1934 #endif /* CONFIG_ACS */
1935 
1936 
1937 static int hostapd_config_fill(struct hostapd_config *conf,
1938 			       struct hostapd_bss_config *bss,
1939 			       const char *buf, char *pos, int line)
1940 {
1941 	if (os_strcmp(buf, "interface") == 0) {
1942 		os_strlcpy(conf->bss[0]->iface, pos,
1943 			   sizeof(conf->bss[0]->iface));
1944 	} else if (os_strcmp(buf, "bridge") == 0) {
1945 		os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
1946 	} else if (os_strcmp(buf, "vlan_bridge") == 0) {
1947 		os_strlcpy(bss->vlan_bridge, pos, sizeof(bss->vlan_bridge));
1948 	} else if (os_strcmp(buf, "wds_bridge") == 0) {
1949 		os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));
1950 	} else if (os_strcmp(buf, "driver") == 0) {
1951 		int j;
1952 		/* clear to get error below if setting is invalid */
1953 		conf->driver = NULL;
1954 		for (j = 0; wpa_drivers[j]; j++) {
1955 			if (os_strcmp(pos, wpa_drivers[j]->name) == 0) {
1956 				conf->driver = wpa_drivers[j];
1957 				break;
1958 			}
1959 		}
1960 		if (conf->driver == NULL) {
1961 			wpa_printf(MSG_ERROR,
1962 				   "Line %d: invalid/unknown driver '%s'",
1963 				   line, pos);
1964 			return 1;
1965 		}
1966 	} else if (os_strcmp(buf, "driver_params") == 0) {
1967 		os_free(conf->driver_params);
1968 		conf->driver_params = os_strdup(pos);
1969 	} else if (os_strcmp(buf, "debug") == 0) {
1970 		wpa_printf(MSG_DEBUG, "Line %d: DEPRECATED: 'debug' configuration variable is not used anymore",
1971 			   line);
1972 	} else if (os_strcmp(buf, "logger_syslog_level") == 0) {
1973 		bss->logger_syslog_level = atoi(pos);
1974 	} else if (os_strcmp(buf, "logger_stdout_level") == 0) {
1975 		bss->logger_stdout_level = atoi(pos);
1976 	} else if (os_strcmp(buf, "logger_syslog") == 0) {
1977 		bss->logger_syslog = atoi(pos);
1978 	} else if (os_strcmp(buf, "logger_stdout") == 0) {
1979 		bss->logger_stdout = atoi(pos);
1980 	} else if (os_strcmp(buf, "dump_file") == 0) {
1981 		wpa_printf(MSG_INFO, "Line %d: DEPRECATED: 'dump_file' configuration variable is not used anymore",
1982 			   line);
1983 	} else if (os_strcmp(buf, "ssid") == 0) {
1984 		bss->ssid.ssid_len = os_strlen(pos);
1985 		if (bss->ssid.ssid_len > SSID_MAX_LEN ||
1986 		    bss->ssid.ssid_len < 1) {
1987 			wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'",
1988 				   line, pos);
1989 			return 1;
1990 		}
1991 		os_memcpy(bss->ssid.ssid, pos, bss->ssid.ssid_len);
1992 		bss->ssid.ssid_set = 1;
1993 	} else if (os_strcmp(buf, "ssid2") == 0) {
1994 		size_t slen;
1995 		char *str = wpa_config_parse_string(pos, &slen);
1996 		if (str == NULL || slen < 1 || slen > SSID_MAX_LEN) {
1997 			wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'",
1998 				   line, pos);
1999 			os_free(str);
2000 			return 1;
2001 		}
2002 		os_memcpy(bss->ssid.ssid, str, slen);
2003 		bss->ssid.ssid_len = slen;
2004 		bss->ssid.ssid_set = 1;
2005 		os_free(str);
2006 	} else if (os_strcmp(buf, "utf8_ssid") == 0) {
2007 		bss->ssid.utf8_ssid = atoi(pos) > 0;
2008 	} else if (os_strcmp(buf, "macaddr_acl") == 0) {
2009 		bss->macaddr_acl = atoi(pos);
2010 		if (bss->macaddr_acl != ACCEPT_UNLESS_DENIED &&
2011 		    bss->macaddr_acl != DENY_UNLESS_ACCEPTED &&
2012 		    bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
2013 			wpa_printf(MSG_ERROR, "Line %d: unknown macaddr_acl %d",
2014 				   line, bss->macaddr_acl);
2015 		}
2016 	} else if (os_strcmp(buf, "accept_mac_file") == 0) {
2017 		if (hostapd_config_read_maclist(pos, &bss->accept_mac,
2018 						&bss->num_accept_mac)) {
2019 			wpa_printf(MSG_ERROR, "Line %d: Failed to read accept_mac_file '%s'",
2020 				   line, pos);
2021 			return 1;
2022 		}
2023 	} else if (os_strcmp(buf, "deny_mac_file") == 0) {
2024 		if (hostapd_config_read_maclist(pos, &bss->deny_mac,
2025 						&bss->num_deny_mac)) {
2026 			wpa_printf(MSG_ERROR, "Line %d: Failed to read deny_mac_file '%s'",
2027 				   line, pos);
2028 			return 1;
2029 		}
2030 	} else if (os_strcmp(buf, "wds_sta") == 0) {
2031 		bss->wds_sta = atoi(pos);
2032 	} else if (os_strcmp(buf, "start_disabled") == 0) {
2033 		bss->start_disabled = atoi(pos);
2034 	} else if (os_strcmp(buf, "ap_isolate") == 0) {
2035 		bss->isolate = atoi(pos);
2036 	} else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
2037 		bss->ap_max_inactivity = atoi(pos);
2038 	} else if (os_strcmp(buf, "skip_inactivity_poll") == 0) {
2039 		bss->skip_inactivity_poll = atoi(pos);
2040 	} else if (os_strcmp(buf, "country_code") == 0) {
2041 		os_memcpy(conf->country, pos, 2);
2042 		/* FIX: make this configurable */
2043 		conf->country[2] = ' ';
2044 	} else if (os_strcmp(buf, "ieee80211d") == 0) {
2045 		conf->ieee80211d = atoi(pos);
2046 	} else if (os_strcmp(buf, "ieee80211h") == 0) {
2047 		conf->ieee80211h = atoi(pos);
2048 	} else if (os_strcmp(buf, "ieee8021x") == 0) {
2049 		bss->ieee802_1x = atoi(pos);
2050 	} else if (os_strcmp(buf, "eapol_version") == 0) {
2051 		bss->eapol_version = atoi(pos);
2052 		if (bss->eapol_version < 1 || bss->eapol_version > 2) {
2053 			wpa_printf(MSG_ERROR,
2054 				   "Line %d: invalid EAPOL version (%d): '%s'.",
2055 				   line, bss->eapol_version, pos);
2056 			return 1;
2057 		}
2058 		wpa_printf(MSG_DEBUG, "eapol_version=%d", bss->eapol_version);
2059 #ifdef EAP_SERVER
2060 	} else if (os_strcmp(buf, "eap_authenticator") == 0) {
2061 		bss->eap_server = atoi(pos);
2062 		wpa_printf(MSG_ERROR, "Line %d: obsolete eap_authenticator used; this has been renamed to eap_server", line);
2063 	} else if (os_strcmp(buf, "eap_server") == 0) {
2064 		bss->eap_server = atoi(pos);
2065 	} else if (os_strcmp(buf, "eap_user_file") == 0) {
2066 		if (hostapd_config_read_eap_user(pos, bss))
2067 			return 1;
2068 	} else if (os_strcmp(buf, "ca_cert") == 0) {
2069 		os_free(bss->ca_cert);
2070 		bss->ca_cert = os_strdup(pos);
2071 	} else if (os_strcmp(buf, "server_cert") == 0) {
2072 		os_free(bss->server_cert);
2073 		bss->server_cert = os_strdup(pos);
2074 	} else if (os_strcmp(buf, "private_key") == 0) {
2075 		os_free(bss->private_key);
2076 		bss->private_key = os_strdup(pos);
2077 	} else if (os_strcmp(buf, "private_key_passwd") == 0) {
2078 		os_free(bss->private_key_passwd);
2079 		bss->private_key_passwd = os_strdup(pos);
2080 	} else if (os_strcmp(buf, "check_crl") == 0) {
2081 		bss->check_crl = atoi(pos);
2082 	} else if (os_strcmp(buf, "tls_session_lifetime") == 0) {
2083 		bss->tls_session_lifetime = atoi(pos);
2084 	} else if (os_strcmp(buf, "ocsp_stapling_response") == 0) {
2085 		os_free(bss->ocsp_stapling_response);
2086 		bss->ocsp_stapling_response = os_strdup(pos);
2087 	} else if (os_strcmp(buf, "dh_file") == 0) {
2088 		os_free(bss->dh_file);
2089 		bss->dh_file = os_strdup(pos);
2090 	} else if (os_strcmp(buf, "openssl_ciphers") == 0) {
2091 		os_free(bss->openssl_ciphers);
2092 		bss->openssl_ciphers = os_strdup(pos);
2093 	} else if (os_strcmp(buf, "fragment_size") == 0) {
2094 		bss->fragment_size = atoi(pos);
2095 #ifdef EAP_SERVER_FAST
2096 	} else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
2097 		os_free(bss->pac_opaque_encr_key);
2098 		bss->pac_opaque_encr_key = os_malloc(16);
2099 		if (bss->pac_opaque_encr_key == NULL) {
2100 			wpa_printf(MSG_ERROR,
2101 				   "Line %d: No memory for pac_opaque_encr_key",
2102 				   line);
2103 			return 1;
2104 		} else if (hexstr2bin(pos, bss->pac_opaque_encr_key, 16)) {
2105 			wpa_printf(MSG_ERROR, "Line %d: Invalid pac_opaque_encr_key",
2106 				   line);
2107 			return 1;
2108 		}
2109 	} else if (os_strcmp(buf, "eap_fast_a_id") == 0) {
2110 		size_t idlen = os_strlen(pos);
2111 		if (idlen & 1) {
2112 			wpa_printf(MSG_ERROR, "Line %d: Invalid eap_fast_a_id",
2113 				   line);
2114 			return 1;
2115 		}
2116 		os_free(bss->eap_fast_a_id);
2117 		bss->eap_fast_a_id = os_malloc(idlen / 2);
2118 		if (bss->eap_fast_a_id == NULL ||
2119 		    hexstr2bin(pos, bss->eap_fast_a_id, idlen / 2)) {
2120 			wpa_printf(MSG_ERROR, "Line %d: Failed to parse eap_fast_a_id",
2121 				   line);
2122 			os_free(bss->eap_fast_a_id);
2123 			bss->eap_fast_a_id = NULL;
2124 			return 1;
2125 		} else {
2126 			bss->eap_fast_a_id_len = idlen / 2;
2127 		}
2128 	} else if (os_strcmp(buf, "eap_fast_a_id_info") == 0) {
2129 		os_free(bss->eap_fast_a_id_info);
2130 		bss->eap_fast_a_id_info = os_strdup(pos);
2131 	} else if (os_strcmp(buf, "eap_fast_prov") == 0) {
2132 		bss->eap_fast_prov = atoi(pos);
2133 	} else if (os_strcmp(buf, "pac_key_lifetime") == 0) {
2134 		bss->pac_key_lifetime = atoi(pos);
2135 	} else if (os_strcmp(buf, "pac_key_refresh_time") == 0) {
2136 		bss->pac_key_refresh_time = atoi(pos);
2137 #endif /* EAP_SERVER_FAST */
2138 #ifdef EAP_SERVER_SIM
2139 	} else if (os_strcmp(buf, "eap_sim_db") == 0) {
2140 		os_free(bss->eap_sim_db);
2141 		bss->eap_sim_db = os_strdup(pos);
2142 	} else if (os_strcmp(buf, "eap_sim_aka_result_ind") == 0) {
2143 		bss->eap_sim_aka_result_ind = atoi(pos);
2144 #endif /* EAP_SERVER_SIM */
2145 #ifdef EAP_SERVER_TNC
2146 	} else if (os_strcmp(buf, "tnc") == 0) {
2147 		bss->tnc = atoi(pos);
2148 #endif /* EAP_SERVER_TNC */
2149 #ifdef EAP_SERVER_PWD
2150 	} else if (os_strcmp(buf, "pwd_group") == 0) {
2151 		bss->pwd_group = atoi(pos);
2152 #endif /* EAP_SERVER_PWD */
2153 	} else if (os_strcmp(buf, "eap_server_erp") == 0) {
2154 		bss->eap_server_erp = atoi(pos);
2155 #endif /* EAP_SERVER */
2156 	} else if (os_strcmp(buf, "eap_message") == 0) {
2157 		char *term;
2158 		os_free(bss->eap_req_id_text);
2159 		bss->eap_req_id_text = os_strdup(pos);
2160 		if (bss->eap_req_id_text == NULL) {
2161 			wpa_printf(MSG_ERROR, "Line %d: Failed to allocate memory for eap_req_id_text",
2162 				   line);
2163 			return 1;
2164 		}
2165 		bss->eap_req_id_text_len = os_strlen(bss->eap_req_id_text);
2166 		term = os_strstr(bss->eap_req_id_text, "\\0");
2167 		if (term) {
2168 			*term++ = '\0';
2169 			os_memmove(term, term + 1,
2170 				   bss->eap_req_id_text_len -
2171 				   (term - bss->eap_req_id_text) - 1);
2172 			bss->eap_req_id_text_len--;
2173 		}
2174 	} else if (os_strcmp(buf, "erp_send_reauth_start") == 0) {
2175 		bss->erp_send_reauth_start = atoi(pos);
2176 	} else if (os_strcmp(buf, "erp_domain") == 0) {
2177 		os_free(bss->erp_domain);
2178 		bss->erp_domain = os_strdup(pos);
2179 	} else if (os_strcmp(buf, "wep_key_len_broadcast") == 0) {
2180 		bss->default_wep_key_len = atoi(pos);
2181 		if (bss->default_wep_key_len > 13) {
2182 			wpa_printf(MSG_ERROR, "Line %d: invalid WEP key len %lu (= %lu bits)",
2183 				   line,
2184 				   (unsigned long) bss->default_wep_key_len,
2185 				   (unsigned long)
2186 				   bss->default_wep_key_len * 8);
2187 			return 1;
2188 		}
2189 	} else if (os_strcmp(buf, "wep_key_len_unicast") == 0) {
2190 		bss->individual_wep_key_len = atoi(pos);
2191 		if (bss->individual_wep_key_len < 0 ||
2192 		    bss->individual_wep_key_len > 13) {
2193 			wpa_printf(MSG_ERROR, "Line %d: invalid WEP key len %d (= %d bits)",
2194 				   line, bss->individual_wep_key_len,
2195 				   bss->individual_wep_key_len * 8);
2196 			return 1;
2197 		}
2198 	} else if (os_strcmp(buf, "wep_rekey_period") == 0) {
2199 		bss->wep_rekeying_period = atoi(pos);
2200 		if (bss->wep_rekeying_period < 0) {
2201 			wpa_printf(MSG_ERROR, "Line %d: invalid period %d",
2202 				   line, bss->wep_rekeying_period);
2203 			return 1;
2204 		}
2205 	} else if (os_strcmp(buf, "eap_reauth_period") == 0) {
2206 		bss->eap_reauth_period = atoi(pos);
2207 		if (bss->eap_reauth_period < 0) {
2208 			wpa_printf(MSG_ERROR, "Line %d: invalid period %d",
2209 				   line, bss->eap_reauth_period);
2210 			return 1;
2211 		}
2212 	} else if (os_strcmp(buf, "eapol_key_index_workaround") == 0) {
2213 		bss->eapol_key_index_workaround = atoi(pos);
2214 #ifdef CONFIG_IAPP
2215 	} else if (os_strcmp(buf, "iapp_interface") == 0) {
2216 		bss->ieee802_11f = 1;
2217 		os_strlcpy(bss->iapp_iface, pos, sizeof(bss->iapp_iface));
2218 #endif /* CONFIG_IAPP */
2219 	} else if (os_strcmp(buf, "own_ip_addr") == 0) {
2220 		if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
2221 			wpa_printf(MSG_ERROR,
2222 				   "Line %d: invalid IP address '%s'",
2223 				   line, pos);
2224 			return 1;
2225 		}
2226 	} else if (os_strcmp(buf, "nas_identifier") == 0) {
2227 		os_free(bss->nas_identifier);
2228 		bss->nas_identifier = os_strdup(pos);
2229 #ifndef CONFIG_NO_RADIUS
2230 	} else if (os_strcmp(buf, "radius_client_addr") == 0) {
2231 		if (hostapd_parse_ip_addr(pos, &bss->radius->client_addr)) {
2232 			wpa_printf(MSG_ERROR,
2233 				   "Line %d: invalid IP address '%s'",
2234 				   line, pos);
2235 			return 1;
2236 		}
2237 		bss->radius->force_client_addr = 1;
2238 	} else if (os_strcmp(buf, "auth_server_addr") == 0) {
2239 		if (hostapd_config_read_radius_addr(
2240 			    &bss->radius->auth_servers,
2241 			    &bss->radius->num_auth_servers, pos, 1812,
2242 			    &bss->radius->auth_server)) {
2243 			wpa_printf(MSG_ERROR,
2244 				   "Line %d: invalid IP address '%s'",
2245 				   line, pos);
2246 			return 1;
2247 		}
2248 	} else if (bss->radius->auth_server &&
2249 		   os_strcmp(buf, "auth_server_addr_replace") == 0) {
2250 		if (hostapd_parse_ip_addr(pos,
2251 					  &bss->radius->auth_server->addr)) {
2252 			wpa_printf(MSG_ERROR,
2253 				   "Line %d: invalid IP address '%s'",
2254 				   line, pos);
2255 			return 1;
2256 		}
2257 	} else if (bss->radius->auth_server &&
2258 		   os_strcmp(buf, "auth_server_port") == 0) {
2259 		bss->radius->auth_server->port = atoi(pos);
2260 	} else if (bss->radius->auth_server &&
2261 		   os_strcmp(buf, "auth_server_shared_secret") == 0) {
2262 		int len = os_strlen(pos);
2263 		if (len == 0) {
2264 			/* RFC 2865, Ch. 3 */
2265 			wpa_printf(MSG_ERROR, "Line %d: empty shared secret is not allowed",
2266 				   line);
2267 			return 1;
2268 		}
2269 		os_free(bss->radius->auth_server->shared_secret);
2270 		bss->radius->auth_server->shared_secret = (u8 *) os_strdup(pos);
2271 		bss->radius->auth_server->shared_secret_len = len;
2272 	} else if (os_strcmp(buf, "acct_server_addr") == 0) {
2273 		if (hostapd_config_read_radius_addr(
2274 			    &bss->radius->acct_servers,
2275 			    &bss->radius->num_acct_servers, pos, 1813,
2276 			    &bss->radius->acct_server)) {
2277 			wpa_printf(MSG_ERROR,
2278 				   "Line %d: invalid IP address '%s'",
2279 				   line, pos);
2280 			return 1;
2281 		}
2282 	} else if (bss->radius->acct_server &&
2283 		   os_strcmp(buf, "acct_server_addr_replace") == 0) {
2284 		if (hostapd_parse_ip_addr(pos,
2285 					  &bss->radius->acct_server->addr)) {
2286 			wpa_printf(MSG_ERROR,
2287 				   "Line %d: invalid IP address '%s'",
2288 				   line, pos);
2289 			return 1;
2290 		}
2291 	} else if (bss->radius->acct_server &&
2292 		   os_strcmp(buf, "acct_server_port") == 0) {
2293 		bss->radius->acct_server->port = atoi(pos);
2294 	} else if (bss->radius->acct_server &&
2295 		   os_strcmp(buf, "acct_server_shared_secret") == 0) {
2296 		int len = os_strlen(pos);
2297 		if (len == 0) {
2298 			/* RFC 2865, Ch. 3 */
2299 			wpa_printf(MSG_ERROR, "Line %d: empty shared secret is not allowed",
2300 				   line);
2301 			return 1;
2302 		}
2303 		os_free(bss->radius->acct_server->shared_secret);
2304 		bss->radius->acct_server->shared_secret = (u8 *) os_strdup(pos);
2305 		bss->radius->acct_server->shared_secret_len = len;
2306 	} else if (os_strcmp(buf, "radius_retry_primary_interval") == 0) {
2307 		bss->radius->retry_primary_interval = atoi(pos);
2308 	} else if (os_strcmp(buf, "radius_acct_interim_interval") == 0) {
2309 		bss->acct_interim_interval = atoi(pos);
2310 	} else if (os_strcmp(buf, "radius_request_cui") == 0) {
2311 		bss->radius_request_cui = atoi(pos);
2312 	} else if (os_strcmp(buf, "radius_auth_req_attr") == 0) {
2313 		struct hostapd_radius_attr *attr, *a;
2314 		attr = hostapd_parse_radius_attr(pos);
2315 		if (attr == NULL) {
2316 			wpa_printf(MSG_ERROR,
2317 				   "Line %d: invalid radius_auth_req_attr",
2318 				   line);
2319 			return 1;
2320 		} else if (bss->radius_auth_req_attr == NULL) {
2321 			bss->radius_auth_req_attr = attr;
2322 		} else {
2323 			a = bss->radius_auth_req_attr;
2324 			while (a->next)
2325 				a = a->next;
2326 			a->next = attr;
2327 		}
2328 	} else if (os_strcmp(buf, "radius_acct_req_attr") == 0) {
2329 		struct hostapd_radius_attr *attr, *a;
2330 		attr = hostapd_parse_radius_attr(pos);
2331 		if (attr == NULL) {
2332 			wpa_printf(MSG_ERROR,
2333 				   "Line %d: invalid radius_acct_req_attr",
2334 				   line);
2335 			return 1;
2336 		} else if (bss->radius_acct_req_attr == NULL) {
2337 			bss->radius_acct_req_attr = attr;
2338 		} else {
2339 			a = bss->radius_acct_req_attr;
2340 			while (a->next)
2341 				a = a->next;
2342 			a->next = attr;
2343 		}
2344 	} else if (os_strcmp(buf, "radius_das_port") == 0) {
2345 		bss->radius_das_port = atoi(pos);
2346 	} else if (os_strcmp(buf, "radius_das_client") == 0) {
2347 		if (hostapd_parse_das_client(bss, pos) < 0) {
2348 			wpa_printf(MSG_ERROR, "Line %d: invalid DAS client",
2349 				   line);
2350 			return 1;
2351 		}
2352 	} else if (os_strcmp(buf, "radius_das_time_window") == 0) {
2353 		bss->radius_das_time_window = atoi(pos);
2354 	} else if (os_strcmp(buf, "radius_das_require_event_timestamp") == 0) {
2355 		bss->radius_das_require_event_timestamp = atoi(pos);
2356 #endif /* CONFIG_NO_RADIUS */
2357 	} else if (os_strcmp(buf, "auth_algs") == 0) {
2358 		bss->auth_algs = atoi(pos);
2359 		if (bss->auth_algs == 0) {
2360 			wpa_printf(MSG_ERROR, "Line %d: no authentication algorithms allowed",
2361 				   line);
2362 			return 1;
2363 		}
2364 	} else if (os_strcmp(buf, "max_num_sta") == 0) {
2365 		bss->max_num_sta = atoi(pos);
2366 		if (bss->max_num_sta < 0 ||
2367 		    bss->max_num_sta > MAX_STA_COUNT) {
2368 			wpa_printf(MSG_ERROR, "Line %d: Invalid max_num_sta=%d; allowed range 0..%d",
2369 				   line, bss->max_num_sta, MAX_STA_COUNT);
2370 			return 1;
2371 		}
2372 	} else if (os_strcmp(buf, "wpa") == 0) {
2373 		bss->wpa = atoi(pos);
2374 	} else if (os_strcmp(buf, "wpa_group_rekey") == 0) {
2375 		bss->wpa_group_rekey = atoi(pos);
2376 	} else if (os_strcmp(buf, "wpa_strict_rekey") == 0) {
2377 		bss->wpa_strict_rekey = atoi(pos);
2378 	} else if (os_strcmp(buf, "wpa_gmk_rekey") == 0) {
2379 		bss->wpa_gmk_rekey = atoi(pos);
2380 	} else if (os_strcmp(buf, "wpa_ptk_rekey") == 0) {
2381 		bss->wpa_ptk_rekey = atoi(pos);
2382 	} else if (os_strcmp(buf, "wpa_passphrase") == 0) {
2383 		int len = os_strlen(pos);
2384 		if (len < 8 || len > 63) {
2385 			wpa_printf(MSG_ERROR, "Line %d: invalid WPA passphrase length %d (expected 8..63)",
2386 				   line, len);
2387 			return 1;
2388 		}
2389 		os_free(bss->ssid.wpa_passphrase);
2390 		bss->ssid.wpa_passphrase = os_strdup(pos);
2391 		if (bss->ssid.wpa_passphrase) {
2392 			hostapd_config_clear_wpa_psk(&bss->ssid.wpa_psk);
2393 			bss->ssid.wpa_passphrase_set = 1;
2394 		}
2395 	} else if (os_strcmp(buf, "wpa_psk") == 0) {
2396 		hostapd_config_clear_wpa_psk(&bss->ssid.wpa_psk);
2397 		bss->ssid.wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
2398 		if (bss->ssid.wpa_psk == NULL)
2399 			return 1;
2400 		if (hexstr2bin(pos, bss->ssid.wpa_psk->psk, PMK_LEN) ||
2401 		    pos[PMK_LEN * 2] != '\0') {
2402 			wpa_printf(MSG_ERROR, "Line %d: Invalid PSK '%s'.",
2403 				   line, pos);
2404 			hostapd_config_clear_wpa_psk(&bss->ssid.wpa_psk);
2405 			return 1;
2406 		}
2407 		bss->ssid.wpa_psk->group = 1;
2408 		os_free(bss->ssid.wpa_passphrase);
2409 		bss->ssid.wpa_passphrase = NULL;
2410 		bss->ssid.wpa_psk_set = 1;
2411 	} else if (os_strcmp(buf, "wpa_psk_file") == 0) {
2412 		os_free(bss->ssid.wpa_psk_file);
2413 		bss->ssid.wpa_psk_file = os_strdup(pos);
2414 		if (!bss->ssid.wpa_psk_file) {
2415 			wpa_printf(MSG_ERROR, "Line %d: allocation failed",
2416 				   line);
2417 			return 1;
2418 		}
2419 	} else if (os_strcmp(buf, "wpa_key_mgmt") == 0) {
2420 		bss->wpa_key_mgmt = hostapd_config_parse_key_mgmt(line, pos);
2421 		if (bss->wpa_key_mgmt == -1)
2422 			return 1;
2423 	} else if (os_strcmp(buf, "wpa_psk_radius") == 0) {
2424 		bss->wpa_psk_radius = atoi(pos);
2425 		if (bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
2426 		    bss->wpa_psk_radius != PSK_RADIUS_ACCEPTED &&
2427 		    bss->wpa_psk_radius != PSK_RADIUS_REQUIRED) {
2428 			wpa_printf(MSG_ERROR,
2429 				   "Line %d: unknown wpa_psk_radius %d",
2430 				   line, bss->wpa_psk_radius);
2431 			return 1;
2432 		}
2433 	} else if (os_strcmp(buf, "wpa_pairwise") == 0) {
2434 		bss->wpa_pairwise = hostapd_config_parse_cipher(line, pos);
2435 		if (bss->wpa_pairwise == -1 || bss->wpa_pairwise == 0)
2436 			return 1;
2437 		if (bss->wpa_pairwise &
2438 		    (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)) {
2439 			wpa_printf(MSG_ERROR, "Line %d: unsupported pairwise cipher suite '%s'",
2440 				   bss->wpa_pairwise, pos);
2441 			return 1;
2442 		}
2443 	} else if (os_strcmp(buf, "rsn_pairwise") == 0) {
2444 		bss->rsn_pairwise = hostapd_config_parse_cipher(line, pos);
2445 		if (bss->rsn_pairwise == -1 || bss->rsn_pairwise == 0)
2446 			return 1;
2447 		if (bss->rsn_pairwise &
2448 		    (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)) {
2449 			wpa_printf(MSG_ERROR, "Line %d: unsupported pairwise cipher suite '%s'",
2450 				   bss->rsn_pairwise, pos);
2451 			return 1;
2452 		}
2453 #ifdef CONFIG_RSN_PREAUTH
2454 	} else if (os_strcmp(buf, "rsn_preauth") == 0) {
2455 		bss->rsn_preauth = atoi(pos);
2456 	} else if (os_strcmp(buf, "rsn_preauth_interfaces") == 0) {
2457 		os_free(bss->rsn_preauth_interfaces);
2458 		bss->rsn_preauth_interfaces = os_strdup(pos);
2459 #endif /* CONFIG_RSN_PREAUTH */
2460 #ifdef CONFIG_PEERKEY
2461 	} else if (os_strcmp(buf, "peerkey") == 0) {
2462 		bss->peerkey = atoi(pos);
2463 #endif /* CONFIG_PEERKEY */
2464 #ifdef CONFIG_IEEE80211R
2465 	} else if (os_strcmp(buf, "mobility_domain") == 0) {
2466 		if (os_strlen(pos) != 2 * MOBILITY_DOMAIN_ID_LEN ||
2467 		    hexstr2bin(pos, bss->mobility_domain,
2468 			       MOBILITY_DOMAIN_ID_LEN) != 0) {
2469 			wpa_printf(MSG_ERROR,
2470 				   "Line %d: Invalid mobility_domain '%s'",
2471 				   line, pos);
2472 			return 1;
2473 		}
2474 	} else if (os_strcmp(buf, "r1_key_holder") == 0) {
2475 		if (os_strlen(pos) != 2 * FT_R1KH_ID_LEN ||
2476 		    hexstr2bin(pos, bss->r1_key_holder, FT_R1KH_ID_LEN) != 0) {
2477 			wpa_printf(MSG_ERROR,
2478 				   "Line %d: Invalid r1_key_holder '%s'",
2479 				   line, pos);
2480 			return 1;
2481 		}
2482 	} else if (os_strcmp(buf, "r0_key_lifetime") == 0) {
2483 		bss->r0_key_lifetime = atoi(pos);
2484 	} else if (os_strcmp(buf, "reassociation_deadline") == 0) {
2485 		bss->reassociation_deadline = atoi(pos);
2486 	} else if (os_strcmp(buf, "r0kh") == 0) {
2487 		if (add_r0kh(bss, pos) < 0) {
2488 			wpa_printf(MSG_DEBUG, "Line %d: Invalid r0kh '%s'",
2489 				   line, pos);
2490 			return 1;
2491 		}
2492 	} else if (os_strcmp(buf, "r1kh") == 0) {
2493 		if (add_r1kh(bss, pos) < 0) {
2494 			wpa_printf(MSG_DEBUG, "Line %d: Invalid r1kh '%s'",
2495 				   line, pos);
2496 			return 1;
2497 		}
2498 	} else if (os_strcmp(buf, "pmk_r1_push") == 0) {
2499 		bss->pmk_r1_push = atoi(pos);
2500 	} else if (os_strcmp(buf, "ft_over_ds") == 0) {
2501 		bss->ft_over_ds = atoi(pos);
2502 #endif /* CONFIG_IEEE80211R */
2503 #ifndef CONFIG_NO_CTRL_IFACE
2504 	} else if (os_strcmp(buf, "ctrl_interface") == 0) {
2505 		os_free(bss->ctrl_interface);
2506 		bss->ctrl_interface = os_strdup(pos);
2507 	} else if (os_strcmp(buf, "ctrl_interface_group") == 0) {
2508 #ifndef CONFIG_NATIVE_WINDOWS
2509 		struct group *grp;
2510 		char *endp;
2511 		const char *group = pos;
2512 
2513 		grp = getgrnam(group);
2514 		if (grp) {
2515 			bss->ctrl_interface_gid = grp->gr_gid;
2516 			bss->ctrl_interface_gid_set = 1;
2517 			wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d (from group name '%s')",
2518 				   bss->ctrl_interface_gid, group);
2519 			return 0;
2520 		}
2521 
2522 		/* Group name not found - try to parse this as gid */
2523 		bss->ctrl_interface_gid = strtol(group, &endp, 10);
2524 		if (*group == '\0' || *endp != '\0') {
2525 			wpa_printf(MSG_DEBUG, "Line %d: Invalid group '%s'",
2526 				   line, group);
2527 			return 1;
2528 		}
2529 		bss->ctrl_interface_gid_set = 1;
2530 		wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
2531 			   bss->ctrl_interface_gid);
2532 #endif /* CONFIG_NATIVE_WINDOWS */
2533 #endif /* CONFIG_NO_CTRL_IFACE */
2534 #ifdef RADIUS_SERVER
2535 	} else if (os_strcmp(buf, "radius_server_clients") == 0) {
2536 		os_free(bss->radius_server_clients);
2537 		bss->radius_server_clients = os_strdup(pos);
2538 	} else if (os_strcmp(buf, "radius_server_auth_port") == 0) {
2539 		bss->radius_server_auth_port = atoi(pos);
2540 	} else if (os_strcmp(buf, "radius_server_acct_port") == 0) {
2541 		bss->radius_server_acct_port = atoi(pos);
2542 	} else if (os_strcmp(buf, "radius_server_ipv6") == 0) {
2543 		bss->radius_server_ipv6 = atoi(pos);
2544 #endif /* RADIUS_SERVER */
2545 	} else if (os_strcmp(buf, "use_pae_group_addr") == 0) {
2546 		bss->use_pae_group_addr = atoi(pos);
2547 	} else if (os_strcmp(buf, "hw_mode") == 0) {
2548 		if (os_strcmp(pos, "a") == 0)
2549 			conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
2550 		else if (os_strcmp(pos, "b") == 0)
2551 			conf->hw_mode = HOSTAPD_MODE_IEEE80211B;
2552 		else if (os_strcmp(pos, "g") == 0)
2553 			conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
2554 		else if (os_strcmp(pos, "ad") == 0)
2555 			conf->hw_mode = HOSTAPD_MODE_IEEE80211AD;
2556 		else if (os_strcmp(pos, "any") == 0)
2557 			conf->hw_mode = HOSTAPD_MODE_IEEE80211ANY;
2558 		else {
2559 			wpa_printf(MSG_ERROR, "Line %d: unknown hw_mode '%s'",
2560 				   line, pos);
2561 			return 1;
2562 		}
2563 	} else if (os_strcmp(buf, "wps_rf_bands") == 0) {
2564 		if (os_strcmp(pos, "ad") == 0)
2565 			bss->wps_rf_bands = WPS_RF_60GHZ;
2566 		else if (os_strcmp(pos, "a") == 0)
2567 			bss->wps_rf_bands = WPS_RF_50GHZ;
2568 		else if (os_strcmp(pos, "g") == 0 ||
2569 			 os_strcmp(pos, "b") == 0)
2570 			bss->wps_rf_bands = WPS_RF_24GHZ;
2571 		else if (os_strcmp(pos, "ag") == 0 ||
2572 			 os_strcmp(pos, "ga") == 0)
2573 			bss->wps_rf_bands = WPS_RF_24GHZ | WPS_RF_50GHZ;
2574 		else {
2575 			wpa_printf(MSG_ERROR,
2576 				   "Line %d: unknown wps_rf_band '%s'",
2577 				   line, pos);
2578 			return 1;
2579 		}
2580 	} else if (os_strcmp(buf, "channel") == 0) {
2581 		if (os_strcmp(pos, "acs_survey") == 0) {
2582 #ifndef CONFIG_ACS
2583 			wpa_printf(MSG_ERROR, "Line %d: tries to enable ACS but CONFIG_ACS disabled",
2584 				   line);
2585 			return 1;
2586 #else /* CONFIG_ACS */
2587 			conf->acs = 1;
2588 			conf->channel = 0;
2589 #endif /* CONFIG_ACS */
2590 		} else {
2591 			conf->channel = atoi(pos);
2592 			conf->acs = conf->channel == 0;
2593 		}
2594 	} else if (os_strcmp(buf, "chanlist") == 0) {
2595 		if (hostapd_parse_chanlist(conf, pos)) {
2596 			wpa_printf(MSG_ERROR, "Line %d: invalid channel list",
2597 				   line);
2598 			return 1;
2599 		}
2600 	} else if (os_strcmp(buf, "beacon_int") == 0) {
2601 		int val = atoi(pos);
2602 		/* MIB defines range as 1..65535, but very small values
2603 		 * cause problems with the current implementation.
2604 		 * Since it is unlikely that this small numbers are
2605 		 * useful in real life scenarios, do not allow beacon
2606 		 * period to be set below 15 TU. */
2607 		if (val < 15 || val > 65535) {
2608 			wpa_printf(MSG_ERROR, "Line %d: invalid beacon_int %d (expected 15..65535)",
2609 				   line, val);
2610 			return 1;
2611 		}
2612 		conf->beacon_int = val;
2613 #ifdef CONFIG_ACS
2614 	} else if (os_strcmp(buf, "acs_num_scans") == 0) {
2615 		int val = atoi(pos);
2616 		if (val <= 0 || val > 100) {
2617 			wpa_printf(MSG_ERROR, "Line %d: invalid acs_num_scans %d (expected 1..100)",
2618 				   line, val);
2619 			return 1;
2620 		}
2621 		conf->acs_num_scans = val;
2622 	} else if (os_strcmp(buf, "acs_chan_bias") == 0) {
2623 		if (hostapd_config_parse_acs_chan_bias(conf, pos)) {
2624 			wpa_printf(MSG_ERROR, "Line %d: invalid acs_chan_bias",
2625 				   line);
2626 			return -1;
2627 		}
2628 #endif /* CONFIG_ACS */
2629 	} else if (os_strcmp(buf, "dtim_period") == 0) {
2630 		bss->dtim_period = atoi(pos);
2631 		if (bss->dtim_period < 1 || bss->dtim_period > 255) {
2632 			wpa_printf(MSG_ERROR, "Line %d: invalid dtim_period %d",
2633 				   line, bss->dtim_period);
2634 			return 1;
2635 		}
2636 	} else if (os_strcmp(buf, "bss_load_update_period") == 0) {
2637 		bss->bss_load_update_period = atoi(pos);
2638 		if (bss->bss_load_update_period < 0 ||
2639 		    bss->bss_load_update_period > 100) {
2640 			wpa_printf(MSG_ERROR,
2641 				   "Line %d: invalid bss_load_update_period %d",
2642 				   line, bss->bss_load_update_period);
2643 			return 1;
2644 		}
2645 	} else if (os_strcmp(buf, "rts_threshold") == 0) {
2646 		conf->rts_threshold = atoi(pos);
2647 		if (conf->rts_threshold < 0 || conf->rts_threshold > 2347) {
2648 			wpa_printf(MSG_ERROR,
2649 				   "Line %d: invalid rts_threshold %d",
2650 				   line, conf->rts_threshold);
2651 			return 1;
2652 		}
2653 	} else if (os_strcmp(buf, "fragm_threshold") == 0) {
2654 		conf->fragm_threshold = atoi(pos);
2655 		if (conf->fragm_threshold < 256 ||
2656 		    conf->fragm_threshold > 2346) {
2657 			wpa_printf(MSG_ERROR,
2658 				   "Line %d: invalid fragm_threshold %d",
2659 				   line, conf->fragm_threshold);
2660 			return 1;
2661 		}
2662 	} else if (os_strcmp(buf, "send_probe_response") == 0) {
2663 		int val = atoi(pos);
2664 		if (val != 0 && val != 1) {
2665 			wpa_printf(MSG_ERROR, "Line %d: invalid send_probe_response %d (expected 0 or 1)",
2666 				   line, val);
2667 			return 1;
2668 		}
2669 		conf->send_probe_response = val;
2670 	} else if (os_strcmp(buf, "supported_rates") == 0) {
2671 		if (hostapd_parse_intlist(&conf->supported_rates, pos)) {
2672 			wpa_printf(MSG_ERROR, "Line %d: invalid rate list",
2673 				   line);
2674 			return 1;
2675 		}
2676 	} else if (os_strcmp(buf, "basic_rates") == 0) {
2677 		if (hostapd_parse_intlist(&conf->basic_rates, pos)) {
2678 			wpa_printf(MSG_ERROR, "Line %d: invalid rate list",
2679 				   line);
2680 			return 1;
2681 		}
2682 	} else if (os_strcmp(buf, "preamble") == 0) {
2683 		if (atoi(pos))
2684 			conf->preamble = SHORT_PREAMBLE;
2685 		else
2686 			conf->preamble = LONG_PREAMBLE;
2687 	} else if (os_strcmp(buf, "ignore_broadcast_ssid") == 0) {
2688 		bss->ignore_broadcast_ssid = atoi(pos);
2689 	} else if (os_strcmp(buf, "wep_default_key") == 0) {
2690 		bss->ssid.wep.idx = atoi(pos);
2691 		if (bss->ssid.wep.idx > 3) {
2692 			wpa_printf(MSG_ERROR,
2693 				   "Invalid wep_default_key index %d",
2694 				   bss->ssid.wep.idx);
2695 			return 1;
2696 		}
2697 	} else if (os_strcmp(buf, "wep_key0") == 0 ||
2698 		   os_strcmp(buf, "wep_key1") == 0 ||
2699 		   os_strcmp(buf, "wep_key2") == 0 ||
2700 		   os_strcmp(buf, "wep_key3") == 0) {
2701 		if (hostapd_config_read_wep(&bss->ssid.wep,
2702 					    buf[7] - '0', pos)) {
2703 			wpa_printf(MSG_ERROR, "Line %d: invalid WEP key '%s'",
2704 				   line, buf);
2705 			return 1;
2706 		}
2707 #ifndef CONFIG_NO_VLAN
2708 	} else if (os_strcmp(buf, "dynamic_vlan") == 0) {
2709 		bss->ssid.dynamic_vlan = atoi(pos);
2710 	} else if (os_strcmp(buf, "vlan_file") == 0) {
2711 		if (hostapd_config_read_vlan_file(bss, pos)) {
2712 			wpa_printf(MSG_ERROR, "Line %d: failed to read VLAN file '%s'",
2713 				   line, pos);
2714 			return 1;
2715 		}
2716 	} else if (os_strcmp(buf, "vlan_naming") == 0) {
2717 		bss->ssid.vlan_naming = atoi(pos);
2718 		if (bss->ssid.vlan_naming >= DYNAMIC_VLAN_NAMING_END ||
2719 		    bss->ssid.vlan_naming < 0) {
2720 			wpa_printf(MSG_ERROR,
2721 				   "Line %d: invalid naming scheme %d",
2722 				   line, bss->ssid.vlan_naming);
2723 			return 1;
2724 		}
2725 #ifdef CONFIG_FULL_DYNAMIC_VLAN
2726 	} else if (os_strcmp(buf, "vlan_tagged_interface") == 0) {
2727 		os_free(bss->ssid.vlan_tagged_interface);
2728 		bss->ssid.vlan_tagged_interface = os_strdup(pos);
2729 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
2730 #endif /* CONFIG_NO_VLAN */
2731 	} else if (os_strcmp(buf, "ap_table_max_size") == 0) {
2732 		conf->ap_table_max_size = atoi(pos);
2733 	} else if (os_strcmp(buf, "ap_table_expiration_time") == 0) {
2734 		conf->ap_table_expiration_time = atoi(pos);
2735 	} else if (os_strncmp(buf, "tx_queue_", 9) == 0) {
2736 		if (hostapd_config_tx_queue(conf, buf, pos)) {
2737 			wpa_printf(MSG_ERROR, "Line %d: invalid TX queue item",
2738 				   line);
2739 			return 1;
2740 		}
2741 	} else if (os_strcmp(buf, "wme_enabled") == 0 ||
2742 		   os_strcmp(buf, "wmm_enabled") == 0) {
2743 		bss->wmm_enabled = atoi(pos);
2744 	} else if (os_strcmp(buf, "uapsd_advertisement_enabled") == 0) {
2745 		bss->wmm_uapsd = atoi(pos);
2746 	} else if (os_strncmp(buf, "wme_ac_", 7) == 0 ||
2747 		   os_strncmp(buf, "wmm_ac_", 7) == 0) {
2748 		if (hostapd_config_wmm_ac(conf->wmm_ac_params, buf, pos)) {
2749 			wpa_printf(MSG_ERROR, "Line %d: invalid WMM ac item",
2750 				   line);
2751 			return 1;
2752 		}
2753 	} else if (os_strcmp(buf, "bss") == 0) {
2754 		if (hostapd_config_bss(conf, pos)) {
2755 			wpa_printf(MSG_ERROR, "Line %d: invalid bss item",
2756 				   line);
2757 			return 1;
2758 		}
2759 	} else if (os_strcmp(buf, "bssid") == 0) {
2760 		if (hwaddr_aton(pos, bss->bssid)) {
2761 			wpa_printf(MSG_ERROR, "Line %d: invalid bssid item",
2762 				   line);
2763 			return 1;
2764 		}
2765 #ifdef CONFIG_IEEE80211W
2766 	} else if (os_strcmp(buf, "ieee80211w") == 0) {
2767 		bss->ieee80211w = atoi(pos);
2768 	} else if (os_strcmp(buf, "group_mgmt_cipher") == 0) {
2769 		if (os_strcmp(pos, "AES-128-CMAC") == 0) {
2770 			bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
2771 		} else if (os_strcmp(pos, "BIP-GMAC-128") == 0) {
2772 			bss->group_mgmt_cipher = WPA_CIPHER_BIP_GMAC_128;
2773 		} else if (os_strcmp(pos, "BIP-GMAC-256") == 0) {
2774 			bss->group_mgmt_cipher = WPA_CIPHER_BIP_GMAC_256;
2775 		} else if (os_strcmp(pos, "BIP-CMAC-256") == 0) {
2776 			bss->group_mgmt_cipher = WPA_CIPHER_BIP_CMAC_256;
2777 		} else {
2778 			wpa_printf(MSG_ERROR, "Line %d: invalid group_mgmt_cipher: %s",
2779 				   line, pos);
2780 			return 1;
2781 		}
2782 	} else if (os_strcmp(buf, "assoc_sa_query_max_timeout") == 0) {
2783 		bss->assoc_sa_query_max_timeout = atoi(pos);
2784 		if (bss->assoc_sa_query_max_timeout == 0) {
2785 			wpa_printf(MSG_ERROR, "Line %d: invalid assoc_sa_query_max_timeout",
2786 				   line);
2787 			return 1;
2788 		}
2789 	} else if (os_strcmp(buf, "assoc_sa_query_retry_timeout") == 0) {
2790 		bss->assoc_sa_query_retry_timeout = atoi(pos);
2791 		if (bss->assoc_sa_query_retry_timeout == 0) {
2792 			wpa_printf(MSG_ERROR, "Line %d: invalid assoc_sa_query_retry_timeout",
2793 				   line);
2794 			return 1;
2795 		}
2796 #endif /* CONFIG_IEEE80211W */
2797 #ifdef CONFIG_IEEE80211N
2798 	} else if (os_strcmp(buf, "ieee80211n") == 0) {
2799 		conf->ieee80211n = atoi(pos);
2800 	} else if (os_strcmp(buf, "ht_capab") == 0) {
2801 		if (hostapd_config_ht_capab(conf, pos) < 0) {
2802 			wpa_printf(MSG_ERROR, "Line %d: invalid ht_capab",
2803 				   line);
2804 			return 1;
2805 		}
2806 	} else if (os_strcmp(buf, "require_ht") == 0) {
2807 		conf->require_ht = atoi(pos);
2808 	} else if (os_strcmp(buf, "obss_interval") == 0) {
2809 		conf->obss_interval = atoi(pos);
2810 #endif /* CONFIG_IEEE80211N */
2811 #ifdef CONFIG_IEEE80211AC
2812 	} else if (os_strcmp(buf, "ieee80211ac") == 0) {
2813 		conf->ieee80211ac = atoi(pos);
2814 	} else if (os_strcmp(buf, "vht_capab") == 0) {
2815 		if (hostapd_config_vht_capab(conf, pos) < 0) {
2816 			wpa_printf(MSG_ERROR, "Line %d: invalid vht_capab",
2817 				   line);
2818 			return 1;
2819 		}
2820 	} else if (os_strcmp(buf, "require_vht") == 0) {
2821 		conf->require_vht = atoi(pos);
2822 	} else if (os_strcmp(buf, "vht_oper_chwidth") == 0) {
2823 		conf->vht_oper_chwidth = atoi(pos);
2824 	} else if (os_strcmp(buf, "vht_oper_centr_freq_seg0_idx") == 0) {
2825 		conf->vht_oper_centr_freq_seg0_idx = atoi(pos);
2826 	} else if (os_strcmp(buf, "vht_oper_centr_freq_seg1_idx") == 0) {
2827 		conf->vht_oper_centr_freq_seg1_idx = atoi(pos);
2828 	} else if (os_strcmp(buf, "vendor_vht") == 0) {
2829 		bss->vendor_vht = atoi(pos);
2830 #endif /* CONFIG_IEEE80211AC */
2831 	} else if (os_strcmp(buf, "max_listen_interval") == 0) {
2832 		bss->max_listen_interval = atoi(pos);
2833 	} else if (os_strcmp(buf, "disable_pmksa_caching") == 0) {
2834 		bss->disable_pmksa_caching = atoi(pos);
2835 	} else if (os_strcmp(buf, "okc") == 0) {
2836 		bss->okc = atoi(pos);
2837 #ifdef CONFIG_WPS
2838 	} else if (os_strcmp(buf, "wps_state") == 0) {
2839 		bss->wps_state = atoi(pos);
2840 		if (bss->wps_state < 0 || bss->wps_state > 2) {
2841 			wpa_printf(MSG_ERROR, "Line %d: invalid wps_state",
2842 				   line);
2843 			return 1;
2844 		}
2845 	} else if (os_strcmp(buf, "wps_independent") == 0) {
2846 		bss->wps_independent = atoi(pos);
2847 	} else if (os_strcmp(buf, "ap_setup_locked") == 0) {
2848 		bss->ap_setup_locked = atoi(pos);
2849 	} else if (os_strcmp(buf, "uuid") == 0) {
2850 		if (uuid_str2bin(pos, bss->uuid)) {
2851 			wpa_printf(MSG_ERROR, "Line %d: invalid UUID", line);
2852 			return 1;
2853 		}
2854 	} else if (os_strcmp(buf, "wps_pin_requests") == 0) {
2855 		os_free(bss->wps_pin_requests);
2856 		bss->wps_pin_requests = os_strdup(pos);
2857 	} else if (os_strcmp(buf, "device_name") == 0) {
2858 		if (os_strlen(pos) > WPS_DEV_NAME_MAX_LEN) {
2859 			wpa_printf(MSG_ERROR, "Line %d: Too long "
2860 				   "device_name", line);
2861 			return 1;
2862 		}
2863 		os_free(bss->device_name);
2864 		bss->device_name = os_strdup(pos);
2865 	} else if (os_strcmp(buf, "manufacturer") == 0) {
2866 		if (os_strlen(pos) > 64) {
2867 			wpa_printf(MSG_ERROR, "Line %d: Too long manufacturer",
2868 				   line);
2869 			return 1;
2870 		}
2871 		os_free(bss->manufacturer);
2872 		bss->manufacturer = os_strdup(pos);
2873 	} else if (os_strcmp(buf, "model_name") == 0) {
2874 		if (os_strlen(pos) > 32) {
2875 			wpa_printf(MSG_ERROR, "Line %d: Too long model_name",
2876 				   line);
2877 			return 1;
2878 		}
2879 		os_free(bss->model_name);
2880 		bss->model_name = os_strdup(pos);
2881 	} else if (os_strcmp(buf, "model_number") == 0) {
2882 		if (os_strlen(pos) > 32) {
2883 			wpa_printf(MSG_ERROR, "Line %d: Too long model_number",
2884 				   line);
2885 			return 1;
2886 		}
2887 		os_free(bss->model_number);
2888 		bss->model_number = os_strdup(pos);
2889 	} else if (os_strcmp(buf, "serial_number") == 0) {
2890 		if (os_strlen(pos) > 32) {
2891 			wpa_printf(MSG_ERROR, "Line %d: Too long serial_number",
2892 				   line);
2893 			return 1;
2894 		}
2895 		os_free(bss->serial_number);
2896 		bss->serial_number = os_strdup(pos);
2897 	} else if (os_strcmp(buf, "device_type") == 0) {
2898 		if (wps_dev_type_str2bin(pos, bss->device_type))
2899 			return 1;
2900 	} else if (os_strcmp(buf, "config_methods") == 0) {
2901 		os_free(bss->config_methods);
2902 		bss->config_methods = os_strdup(pos);
2903 	} else if (os_strcmp(buf, "os_version") == 0) {
2904 		if (hexstr2bin(pos, bss->os_version, 4)) {
2905 			wpa_printf(MSG_ERROR, "Line %d: invalid os_version",
2906 				   line);
2907 			return 1;
2908 		}
2909 	} else if (os_strcmp(buf, "ap_pin") == 0) {
2910 		os_free(bss->ap_pin);
2911 		bss->ap_pin = os_strdup(pos);
2912 	} else if (os_strcmp(buf, "skip_cred_build") == 0) {
2913 		bss->skip_cred_build = atoi(pos);
2914 	} else if (os_strcmp(buf, "extra_cred") == 0) {
2915 		os_free(bss->extra_cred);
2916 		bss->extra_cred = (u8 *) os_readfile(pos, &bss->extra_cred_len);
2917 		if (bss->extra_cred == NULL) {
2918 			wpa_printf(MSG_ERROR, "Line %d: could not read Credentials from '%s'",
2919 				   line, pos);
2920 			return 1;
2921 		}
2922 	} else if (os_strcmp(buf, "wps_cred_processing") == 0) {
2923 		bss->wps_cred_processing = atoi(pos);
2924 	} else if (os_strcmp(buf, "ap_settings") == 0) {
2925 		os_free(bss->ap_settings);
2926 		bss->ap_settings =
2927 			(u8 *) os_readfile(pos, &bss->ap_settings_len);
2928 		if (bss->ap_settings == NULL) {
2929 			wpa_printf(MSG_ERROR, "Line %d: could not read AP Settings from '%s'",
2930 				   line, pos);
2931 			return 1;
2932 		}
2933 	} else if (os_strcmp(buf, "upnp_iface") == 0) {
2934 		os_free(bss->upnp_iface);
2935 		bss->upnp_iface = os_strdup(pos);
2936 	} else if (os_strcmp(buf, "friendly_name") == 0) {
2937 		os_free(bss->friendly_name);
2938 		bss->friendly_name = os_strdup(pos);
2939 	} else if (os_strcmp(buf, "manufacturer_url") == 0) {
2940 		os_free(bss->manufacturer_url);
2941 		bss->manufacturer_url = os_strdup(pos);
2942 	} else if (os_strcmp(buf, "model_description") == 0) {
2943 		os_free(bss->model_description);
2944 		bss->model_description = os_strdup(pos);
2945 	} else if (os_strcmp(buf, "model_url") == 0) {
2946 		os_free(bss->model_url);
2947 		bss->model_url = os_strdup(pos);
2948 	} else if (os_strcmp(buf, "upc") == 0) {
2949 		os_free(bss->upc);
2950 		bss->upc = os_strdup(pos);
2951 	} else if (os_strcmp(buf, "pbc_in_m1") == 0) {
2952 		bss->pbc_in_m1 = atoi(pos);
2953 	} else if (os_strcmp(buf, "server_id") == 0) {
2954 		os_free(bss->server_id);
2955 		bss->server_id = os_strdup(pos);
2956 #ifdef CONFIG_WPS_NFC
2957 	} else if (os_strcmp(buf, "wps_nfc_dev_pw_id") == 0) {
2958 		bss->wps_nfc_dev_pw_id = atoi(pos);
2959 		if (bss->wps_nfc_dev_pw_id < 0x10 ||
2960 		    bss->wps_nfc_dev_pw_id > 0xffff) {
2961 			wpa_printf(MSG_ERROR, "Line %d: Invalid wps_nfc_dev_pw_id value",
2962 				   line);
2963 			return 1;
2964 		}
2965 		bss->wps_nfc_pw_from_config = 1;
2966 	} else if (os_strcmp(buf, "wps_nfc_dh_pubkey") == 0) {
2967 		wpabuf_free(bss->wps_nfc_dh_pubkey);
2968 		bss->wps_nfc_dh_pubkey = hostapd_parse_bin(pos);
2969 		bss->wps_nfc_pw_from_config = 1;
2970 	} else if (os_strcmp(buf, "wps_nfc_dh_privkey") == 0) {
2971 		wpabuf_free(bss->wps_nfc_dh_privkey);
2972 		bss->wps_nfc_dh_privkey = hostapd_parse_bin(pos);
2973 		bss->wps_nfc_pw_from_config = 1;
2974 	} else if (os_strcmp(buf, "wps_nfc_dev_pw") == 0) {
2975 		wpabuf_free(bss->wps_nfc_dev_pw);
2976 		bss->wps_nfc_dev_pw = hostapd_parse_bin(pos);
2977 		bss->wps_nfc_pw_from_config = 1;
2978 #endif /* CONFIG_WPS_NFC */
2979 #endif /* CONFIG_WPS */
2980 #ifdef CONFIG_P2P_MANAGER
2981 	} else if (os_strcmp(buf, "manage_p2p") == 0) {
2982 		if (atoi(pos))
2983 			bss->p2p |= P2P_MANAGE;
2984 		else
2985 			bss->p2p &= ~P2P_MANAGE;
2986 	} else if (os_strcmp(buf, "allow_cross_connection") == 0) {
2987 		if (atoi(pos))
2988 			bss->p2p |= P2P_ALLOW_CROSS_CONNECTION;
2989 		else
2990 			bss->p2p &= ~P2P_ALLOW_CROSS_CONNECTION;
2991 #endif /* CONFIG_P2P_MANAGER */
2992 	} else if (os_strcmp(buf, "disassoc_low_ack") == 0) {
2993 		bss->disassoc_low_ack = atoi(pos);
2994 	} else if (os_strcmp(buf, "tdls_prohibit") == 0) {
2995 		if (atoi(pos))
2996 			bss->tdls |= TDLS_PROHIBIT;
2997 		else
2998 			bss->tdls &= ~TDLS_PROHIBIT;
2999 	} else if (os_strcmp(buf, "tdls_prohibit_chan_switch") == 0) {
3000 		if (atoi(pos))
3001 			bss->tdls |= TDLS_PROHIBIT_CHAN_SWITCH;
3002 		else
3003 			bss->tdls &= ~TDLS_PROHIBIT_CHAN_SWITCH;
3004 #ifdef CONFIG_RSN_TESTING
3005 	} else if (os_strcmp(buf, "rsn_testing") == 0) {
3006 		extern int rsn_testing;
3007 		rsn_testing = atoi(pos);
3008 #endif /* CONFIG_RSN_TESTING */
3009 	} else if (os_strcmp(buf, "time_advertisement") == 0) {
3010 		bss->time_advertisement = atoi(pos);
3011 	} else if (os_strcmp(buf, "time_zone") == 0) {
3012 		size_t tz_len = os_strlen(pos);
3013 		if (tz_len < 4 || tz_len > 255) {
3014 			wpa_printf(MSG_DEBUG, "Line %d: invalid time_zone",
3015 				   line);
3016 			return 1;
3017 		}
3018 		os_free(bss->time_zone);
3019 		bss->time_zone = os_strdup(pos);
3020 		if (bss->time_zone == NULL)
3021 			return 1;
3022 #ifdef CONFIG_WNM
3023 	} else if (os_strcmp(buf, "wnm_sleep_mode") == 0) {
3024 		bss->wnm_sleep_mode = atoi(pos);
3025 	} else if (os_strcmp(buf, "bss_transition") == 0) {
3026 		bss->bss_transition = atoi(pos);
3027 #endif /* CONFIG_WNM */
3028 #ifdef CONFIG_INTERWORKING
3029 	} else if (os_strcmp(buf, "interworking") == 0) {
3030 		bss->interworking = atoi(pos);
3031 	} else if (os_strcmp(buf, "access_network_type") == 0) {
3032 		bss->access_network_type = atoi(pos);
3033 		if (bss->access_network_type < 0 ||
3034 		    bss->access_network_type > 15) {
3035 			wpa_printf(MSG_ERROR,
3036 				   "Line %d: invalid access_network_type",
3037 				   line);
3038 			return 1;
3039 		}
3040 	} else if (os_strcmp(buf, "internet") == 0) {
3041 		bss->internet = atoi(pos);
3042 	} else if (os_strcmp(buf, "asra") == 0) {
3043 		bss->asra = atoi(pos);
3044 	} else if (os_strcmp(buf, "esr") == 0) {
3045 		bss->esr = atoi(pos);
3046 	} else if (os_strcmp(buf, "uesa") == 0) {
3047 		bss->uesa = atoi(pos);
3048 	} else if (os_strcmp(buf, "venue_group") == 0) {
3049 		bss->venue_group = atoi(pos);
3050 		bss->venue_info_set = 1;
3051 	} else if (os_strcmp(buf, "venue_type") == 0) {
3052 		bss->venue_type = atoi(pos);
3053 		bss->venue_info_set = 1;
3054 	} else if (os_strcmp(buf, "hessid") == 0) {
3055 		if (hwaddr_aton(pos, bss->hessid)) {
3056 			wpa_printf(MSG_ERROR, "Line %d: invalid hessid", line);
3057 			return 1;
3058 		}
3059 	} else if (os_strcmp(buf, "roaming_consortium") == 0) {
3060 		if (parse_roaming_consortium(bss, pos, line) < 0)
3061 			return 1;
3062 	} else if (os_strcmp(buf, "venue_name") == 0) {
3063 		if (parse_venue_name(bss, pos, line) < 0)
3064 			return 1;
3065 	} else if (os_strcmp(buf, "network_auth_type") == 0) {
3066 		u8 auth_type;
3067 		u16 redirect_url_len;
3068 		if (hexstr2bin(pos, &auth_type, 1)) {
3069 			wpa_printf(MSG_ERROR,
3070 				   "Line %d: Invalid network_auth_type '%s'",
3071 				   line, pos);
3072 			return 1;
3073 		}
3074 		if (auth_type == 0 || auth_type == 2)
3075 			redirect_url_len = os_strlen(pos + 2);
3076 		else
3077 			redirect_url_len = 0;
3078 		os_free(bss->network_auth_type);
3079 		bss->network_auth_type = os_malloc(redirect_url_len + 3 + 1);
3080 		if (bss->network_auth_type == NULL)
3081 			return 1;
3082 		*bss->network_auth_type = auth_type;
3083 		WPA_PUT_LE16(bss->network_auth_type + 1, redirect_url_len);
3084 		if (redirect_url_len)
3085 			os_memcpy(bss->network_auth_type + 3, pos + 2,
3086 				  redirect_url_len);
3087 		bss->network_auth_type_len = 3 + redirect_url_len;
3088 	} else if (os_strcmp(buf, "ipaddr_type_availability") == 0) {
3089 		if (hexstr2bin(pos, &bss->ipaddr_type_availability, 1)) {
3090 			wpa_printf(MSG_ERROR, "Line %d: Invalid ipaddr_type_availability '%s'",
3091 				   line, pos);
3092 			bss->ipaddr_type_configured = 0;
3093 			return 1;
3094 		}
3095 		bss->ipaddr_type_configured = 1;
3096 	} else if (os_strcmp(buf, "domain_name") == 0) {
3097 		int j, num_domains, domain_len, domain_list_len = 0;
3098 		char *tok_start, *tok_prev;
3099 		u8 *domain_list, *domain_ptr;
3100 
3101 		domain_list_len = os_strlen(pos) + 1;
3102 		domain_list = os_malloc(domain_list_len);
3103 		if (domain_list == NULL)
3104 			return 1;
3105 
3106 		domain_ptr = domain_list;
3107 		tok_prev = pos;
3108 		num_domains = 1;
3109 		while ((tok_prev = os_strchr(tok_prev, ','))) {
3110 			num_domains++;
3111 			tok_prev++;
3112 		}
3113 		tok_prev = pos;
3114 		for (j = 0; j < num_domains; j++) {
3115 			tok_start = os_strchr(tok_prev, ',');
3116 			if (tok_start) {
3117 				domain_len = tok_start - tok_prev;
3118 				*domain_ptr = domain_len;
3119 				os_memcpy(domain_ptr + 1, tok_prev, domain_len);
3120 				domain_ptr += domain_len + 1;
3121 				tok_prev = ++tok_start;
3122 			} else {
3123 				domain_len = os_strlen(tok_prev);
3124 				*domain_ptr = domain_len;
3125 				os_memcpy(domain_ptr + 1, tok_prev, domain_len);
3126 				domain_ptr += domain_len + 1;
3127 			}
3128 		}
3129 
3130 		os_free(bss->domain_name);
3131 		bss->domain_name = domain_list;
3132 		bss->domain_name_len = domain_list_len;
3133 	} else if (os_strcmp(buf, "anqp_3gpp_cell_net") == 0) {
3134 		if (parse_3gpp_cell_net(bss, pos, line) < 0)
3135 			return 1;
3136 	} else if (os_strcmp(buf, "nai_realm") == 0) {
3137 		if (parse_nai_realm(bss, pos, line) < 0)
3138 			return 1;
3139 	} else if (os_strcmp(buf, "gas_frag_limit") == 0) {
3140 		bss->gas_frag_limit = atoi(pos);
3141 	} else if (os_strcmp(buf, "gas_comeback_delay") == 0) {
3142 		bss->gas_comeback_delay = atoi(pos);
3143 	} else if (os_strcmp(buf, "qos_map_set") == 0) {
3144 		if (parse_qos_map_set(bss, pos, line) < 0)
3145 			return 1;
3146 #endif /* CONFIG_INTERWORKING */
3147 #ifdef CONFIG_RADIUS_TEST
3148 	} else if (os_strcmp(buf, "dump_msk_file") == 0) {
3149 		os_free(bss->dump_msk_file);
3150 		bss->dump_msk_file = os_strdup(pos);
3151 #endif /* CONFIG_RADIUS_TEST */
3152 #ifdef CONFIG_HS20
3153 	} else if (os_strcmp(buf, "hs20") == 0) {
3154 		bss->hs20 = atoi(pos);
3155 	} else if (os_strcmp(buf, "disable_dgaf") == 0) {
3156 		bss->disable_dgaf = atoi(pos);
3157 	} else if (os_strcmp(buf, "proxy_arp") == 0) {
3158 		bss->proxy_arp = atoi(pos);
3159 	} else if (os_strcmp(buf, "na_mcast_to_ucast") == 0) {
3160 		bss->na_mcast_to_ucast = atoi(pos);
3161 	} else if (os_strcmp(buf, "osen") == 0) {
3162 		bss->osen = atoi(pos);
3163 	} else if (os_strcmp(buf, "anqp_domain_id") == 0) {
3164 		bss->anqp_domain_id = atoi(pos);
3165 	} else if (os_strcmp(buf, "hs20_deauth_req_timeout") == 0) {
3166 		bss->hs20_deauth_req_timeout = atoi(pos);
3167 	} else if (os_strcmp(buf, "hs20_oper_friendly_name") == 0) {
3168 		if (hs20_parse_oper_friendly_name(bss, pos, line) < 0)
3169 			return 1;
3170 	} else if (os_strcmp(buf, "hs20_wan_metrics") == 0) {
3171 		if (hs20_parse_wan_metrics(bss, pos, line) < 0)
3172 			return 1;
3173 	} else if (os_strcmp(buf, "hs20_conn_capab") == 0) {
3174 		if (hs20_parse_conn_capab(bss, pos, line) < 0) {
3175 			return 1;
3176 		}
3177 	} else if (os_strcmp(buf, "hs20_operating_class") == 0) {
3178 		u8 *oper_class;
3179 		size_t oper_class_len;
3180 		oper_class_len = os_strlen(pos);
3181 		if (oper_class_len < 2 || (oper_class_len & 0x01)) {
3182 			wpa_printf(MSG_ERROR,
3183 				   "Line %d: Invalid hs20_operating_class '%s'",
3184 				   line, pos);
3185 			return 1;
3186 		}
3187 		oper_class_len /= 2;
3188 		oper_class = os_malloc(oper_class_len);
3189 		if (oper_class == NULL)
3190 			return 1;
3191 		if (hexstr2bin(pos, oper_class, oper_class_len)) {
3192 			wpa_printf(MSG_ERROR,
3193 				   "Line %d: Invalid hs20_operating_class '%s'",
3194 				   line, pos);
3195 			os_free(oper_class);
3196 			return 1;
3197 		}
3198 		os_free(bss->hs20_operating_class);
3199 		bss->hs20_operating_class = oper_class;
3200 		bss->hs20_operating_class_len = oper_class_len;
3201 	} else if (os_strcmp(buf, "hs20_icon") == 0) {
3202 		if (hs20_parse_icon(bss, pos) < 0) {
3203 			wpa_printf(MSG_ERROR, "Line %d: Invalid hs20_icon '%s'",
3204 				   line, pos);
3205 			return 1;
3206 		}
3207 	} else if (os_strcmp(buf, "osu_ssid") == 0) {
3208 		if (hs20_parse_osu_ssid(bss, pos, line) < 0)
3209 			return 1;
3210 	} else if (os_strcmp(buf, "osu_server_uri") == 0) {
3211 		if (hs20_parse_osu_server_uri(bss, pos, line) < 0)
3212 			return 1;
3213 	} else if (os_strcmp(buf, "osu_friendly_name") == 0) {
3214 		if (hs20_parse_osu_friendly_name(bss, pos, line) < 0)
3215 			return 1;
3216 	} else if (os_strcmp(buf, "osu_nai") == 0) {
3217 		if (hs20_parse_osu_nai(bss, pos, line) < 0)
3218 			return 1;
3219 	} else if (os_strcmp(buf, "osu_method_list") == 0) {
3220 		if (hs20_parse_osu_method_list(bss, pos, line) < 0)
3221 			return 1;
3222 	} else if (os_strcmp(buf, "osu_icon") == 0) {
3223 		if (hs20_parse_osu_icon(bss, pos, line) < 0)
3224 			return 1;
3225 	} else if (os_strcmp(buf, "osu_service_desc") == 0) {
3226 		if (hs20_parse_osu_service_desc(bss, pos, line) < 0)
3227 			return 1;
3228 	} else if (os_strcmp(buf, "subscr_remediation_url") == 0) {
3229 		os_free(bss->subscr_remediation_url);
3230 		bss->subscr_remediation_url = os_strdup(pos);
3231 	} else if (os_strcmp(buf, "subscr_remediation_method") == 0) {
3232 		bss->subscr_remediation_method = atoi(pos);
3233 #endif /* CONFIG_HS20 */
3234 #ifdef CONFIG_TESTING_OPTIONS
3235 #define PARSE_TEST_PROBABILITY(_val)				\
3236 	} else if (os_strcmp(buf, #_val) == 0) {		\
3237 		char *end;					\
3238 								\
3239 		conf->_val = strtod(pos, &end);			\
3240 		if (*end || conf->_val < 0.0 ||			\
3241 		    conf->_val > 1.0) {				\
3242 			wpa_printf(MSG_ERROR,			\
3243 				   "Line %d: Invalid value '%s'", \
3244 				   line, pos);			\
3245 			return 1;				\
3246 		}
3247 	PARSE_TEST_PROBABILITY(ignore_probe_probability)
3248 	PARSE_TEST_PROBABILITY(ignore_auth_probability)
3249 	PARSE_TEST_PROBABILITY(ignore_assoc_probability)
3250 	PARSE_TEST_PROBABILITY(ignore_reassoc_probability)
3251 	PARSE_TEST_PROBABILITY(corrupt_gtk_rekey_mic_probability)
3252 	} else if (os_strcmp(buf, "bss_load_test") == 0) {
3253 		WPA_PUT_LE16(bss->bss_load_test, atoi(pos));
3254 		pos = os_strchr(pos, ':');
3255 		if (pos == NULL) {
3256 			wpa_printf(MSG_ERROR, "Line %d: Invalid bss_load_test",
3257 				   line);
3258 			return 1;
3259 		}
3260 		pos++;
3261 		bss->bss_load_test[2] = atoi(pos);
3262 		pos = os_strchr(pos, ':');
3263 		if (pos == NULL) {
3264 			wpa_printf(MSG_ERROR, "Line %d: Invalid bss_load_test",
3265 				   line);
3266 			return 1;
3267 		}
3268 		pos++;
3269 		WPA_PUT_LE16(&bss->bss_load_test[3], atoi(pos));
3270 		bss->bss_load_test_set = 1;
3271 	} else if (os_strcmp(buf, "radio_measurements") == 0) {
3272 		bss->radio_measurements = atoi(pos);
3273 	} else if (os_strcmp(buf, "own_ie_override") == 0) {
3274 		struct wpabuf *tmp;
3275 		size_t len = os_strlen(pos) / 2;
3276 
3277 		tmp = wpabuf_alloc(len);
3278 		if (!tmp)
3279 			return 1;
3280 
3281 		if (hexstr2bin(pos, wpabuf_put(tmp, len), len)) {
3282 			wpabuf_free(tmp);
3283 			wpa_printf(MSG_ERROR,
3284 				   "Line %d: Invalid own_ie_override '%s'",
3285 				   line, pos);
3286 			return 1;
3287 		}
3288 
3289 		wpabuf_free(bss->own_ie_override);
3290 		bss->own_ie_override = tmp;
3291 #endif /* CONFIG_TESTING_OPTIONS */
3292 	} else if (os_strcmp(buf, "vendor_elements") == 0) {
3293 		struct wpabuf *elems;
3294 		size_t len = os_strlen(pos);
3295 		if (len & 0x01) {
3296 			wpa_printf(MSG_ERROR,
3297 				   "Line %d: Invalid vendor_elements '%s'",
3298 				   line, pos);
3299 			return 1;
3300 		}
3301 		len /= 2;
3302 		if (len == 0) {
3303 			wpabuf_free(bss->vendor_elements);
3304 			bss->vendor_elements = NULL;
3305 			return 0;
3306 		}
3307 
3308 		elems = wpabuf_alloc(len);
3309 		if (elems == NULL)
3310 			return 1;
3311 
3312 		if (hexstr2bin(pos, wpabuf_put(elems, len), len)) {
3313 			wpabuf_free(elems);
3314 			wpa_printf(MSG_ERROR,
3315 				   "Line %d: Invalid vendor_elements '%s'",
3316 				   line, pos);
3317 			return 1;
3318 		}
3319 
3320 		wpabuf_free(bss->vendor_elements);
3321 		bss->vendor_elements = elems;
3322 	} else if (os_strcmp(buf, "sae_anti_clogging_threshold") == 0) {
3323 		bss->sae_anti_clogging_threshold = atoi(pos);
3324 	} else if (os_strcmp(buf, "sae_groups") == 0) {
3325 		if (hostapd_parse_intlist(&bss->sae_groups, pos)) {
3326 			wpa_printf(MSG_ERROR,
3327 				   "Line %d: Invalid sae_groups value '%s'",
3328 				   line, pos);
3329 			return 1;
3330 		}
3331 	} else if (os_strcmp(buf, "local_pwr_constraint") == 0) {
3332 		int val = atoi(pos);
3333 		if (val < 0 || val > 255) {
3334 			wpa_printf(MSG_ERROR, "Line %d: Invalid local_pwr_constraint %d (expected 0..255)",
3335 				   line, val);
3336 			return 1;
3337 		}
3338 		conf->local_pwr_constraint = val;
3339 	} else if (os_strcmp(buf, "spectrum_mgmt_required") == 0) {
3340 		conf->spectrum_mgmt_required = atoi(pos);
3341 	} else if (os_strcmp(buf, "wowlan_triggers") == 0) {
3342 		os_free(bss->wowlan_triggers);
3343 		bss->wowlan_triggers = os_strdup(pos);
3344 #ifdef CONFIG_FST
3345 	} else if (os_strcmp(buf, "fst_group_id") == 0) {
3346 		size_t len = os_strlen(pos);
3347 
3348 		if (!len || len >= sizeof(conf->fst_cfg.group_id)) {
3349 			wpa_printf(MSG_ERROR,
3350 				   "Line %d: Invalid fst_group_id value '%s'",
3351 				   line, pos);
3352 			return 1;
3353 		}
3354 
3355 		if (conf->fst_cfg.group_id[0]) {
3356 			wpa_printf(MSG_ERROR,
3357 				   "Line %d: Duplicate fst_group value '%s'",
3358 				   line, pos);
3359 			return 1;
3360 		}
3361 
3362 		os_strlcpy(conf->fst_cfg.group_id, pos,
3363 			   sizeof(conf->fst_cfg.group_id));
3364 	} else if (os_strcmp(buf, "fst_priority") == 0) {
3365 		char *endp;
3366 		long int val;
3367 
3368 		if (!*pos) {
3369 			wpa_printf(MSG_ERROR,
3370 				   "Line %d: fst_priority value not supplied (expected 1..%u)",
3371 				   line, FST_MAX_PRIO_VALUE);
3372 			return -1;
3373 		}
3374 
3375 		val = strtol(pos, &endp, 0);
3376 		if (*endp || val < 1 || val > FST_MAX_PRIO_VALUE) {
3377 			wpa_printf(MSG_ERROR,
3378 				   "Line %d: Invalid fst_priority %ld (%s) (expected 1..%u)",
3379 				   line, val, pos, FST_MAX_PRIO_VALUE);
3380 			return 1;
3381 		}
3382 		conf->fst_cfg.priority = (u8) val;
3383 	} else if (os_strcmp(buf, "fst_llt") == 0) {
3384 		char *endp;
3385 		long int val;
3386 
3387 		if (!*pos) {
3388 			wpa_printf(MSG_ERROR,
3389 				   "Line %d: fst_llt value not supplied (expected 1..%u)",
3390 				   line, FST_MAX_LLT_MS);
3391 			return -1;
3392 		}
3393 		val = strtol(pos, &endp, 0);
3394 		if (*endp || val < 1 || val > FST_MAX_LLT_MS) {
3395 			wpa_printf(MSG_ERROR,
3396 				   "Line %d: Invalid fst_llt %ld (%s) (expected 1..%u)",
3397 				   line, val, pos, FST_MAX_LLT_MS);
3398 			return 1;
3399 		}
3400 		conf->fst_cfg.llt = (u32) val;
3401 #endif /* CONFIG_FST */
3402 	} else if (os_strcmp(buf, "track_sta_max_num") == 0) {
3403 		conf->track_sta_max_num = atoi(pos);
3404 	} else if (os_strcmp(buf, "track_sta_max_age") == 0) {
3405 		conf->track_sta_max_age = atoi(pos);
3406 	} else if (os_strcmp(buf, "no_probe_resp_if_seen_on") == 0) {
3407 		os_free(bss->no_probe_resp_if_seen_on);
3408 		bss->no_probe_resp_if_seen_on = os_strdup(pos);
3409 	} else if (os_strcmp(buf, "no_auth_if_seen_on") == 0) {
3410 		os_free(bss->no_auth_if_seen_on);
3411 		bss->no_auth_if_seen_on = os_strdup(pos);
3412 	} else {
3413 		wpa_printf(MSG_ERROR,
3414 			   "Line %d: unknown configuration item '%s'",
3415 			   line, buf);
3416 		return 1;
3417 	}
3418 
3419 	return 0;
3420 }
3421 
3422 
3423 /**
3424  * hostapd_config_read - Read and parse a configuration file
3425  * @fname: Configuration file name (including path, if needed)
3426  * Returns: Allocated configuration data structure
3427  */
3428 struct hostapd_config * hostapd_config_read(const char *fname)
3429 {
3430 	struct hostapd_config *conf;
3431 	FILE *f;
3432 	char buf[512], *pos;
3433 	int line = 0;
3434 	int errors = 0;
3435 	size_t i;
3436 
3437 	f = fopen(fname, "r");
3438 	if (f == NULL) {
3439 		wpa_printf(MSG_ERROR, "Could not open configuration file '%s' "
3440 			   "for reading.", fname);
3441 		return NULL;
3442 	}
3443 
3444 	conf = hostapd_config_defaults();
3445 	if (conf == NULL) {
3446 		fclose(f);
3447 		return NULL;
3448 	}
3449 
3450 	/* set default driver based on configuration */
3451 	conf->driver = wpa_drivers[0];
3452 	if (conf->driver == NULL) {
3453 		wpa_printf(MSG_ERROR, "No driver wrappers registered!");
3454 		hostapd_config_free(conf);
3455 		fclose(f);
3456 		return NULL;
3457 	}
3458 
3459 	conf->last_bss = conf->bss[0];
3460 
3461 	while (fgets(buf, sizeof(buf), f)) {
3462 		struct hostapd_bss_config *bss;
3463 
3464 		bss = conf->last_bss;
3465 		line++;
3466 
3467 		if (buf[0] == '#')
3468 			continue;
3469 		pos = buf;
3470 		while (*pos != '\0') {
3471 			if (*pos == '\n') {
3472 				*pos = '\0';
3473 				break;
3474 			}
3475 			pos++;
3476 		}
3477 		if (buf[0] == '\0')
3478 			continue;
3479 
3480 		pos = os_strchr(buf, '=');
3481 		if (pos == NULL) {
3482 			wpa_printf(MSG_ERROR, "Line %d: invalid line '%s'",
3483 				   line, buf);
3484 			errors++;
3485 			continue;
3486 		}
3487 		*pos = '\0';
3488 		pos++;
3489 		errors += hostapd_config_fill(conf, bss, buf, pos, line);
3490 	}
3491 
3492 	fclose(f);
3493 
3494 	for (i = 0; i < conf->num_bss; i++)
3495 		hostapd_set_security_params(conf->bss[i], 1);
3496 
3497 	if (hostapd_config_check(conf, 1))
3498 		errors++;
3499 
3500 #ifndef WPA_IGNORE_CONFIG_ERRORS
3501 	if (errors) {
3502 		wpa_printf(MSG_ERROR, "%d errors found in configuration file "
3503 			   "'%s'", errors, fname);
3504 		hostapd_config_free(conf);
3505 		conf = NULL;
3506 	}
3507 #endif /* WPA_IGNORE_CONFIG_ERRORS */
3508 
3509 	return conf;
3510 }
3511 
3512 
3513 int hostapd_set_iface(struct hostapd_config *conf,
3514 		      struct hostapd_bss_config *bss, const char *field,
3515 		      char *value)
3516 {
3517 	int errors;
3518 	size_t i;
3519 
3520 	errors = hostapd_config_fill(conf, bss, field, value, 0);
3521 	if (errors) {
3522 		wpa_printf(MSG_INFO, "Failed to set configuration field '%s' "
3523 			   "to value '%s'", field, value);
3524 		return -1;
3525 	}
3526 
3527 	for (i = 0; i < conf->num_bss; i++)
3528 		hostapd_set_security_params(conf->bss[i], 0);
3529 
3530 	if (hostapd_config_check(conf, 0)) {
3531 		wpa_printf(MSG_ERROR, "Configuration check failed");
3532 		return -1;
3533 	}
3534 
3535 	return 0;
3536 }
3537