Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/wpa/dist/src/rsn_supp From FreeBSD:
details: https://anonhg.NetBSD.org/src/rev/fc1f3724ffd0
branches: trunk
changeset: 365466:fc1f3724ffd0
user: christos <christos%NetBSD.org@localhost>
date: Thu Aug 16 11:34:41 2018 +0000
description:
>From FreeBSD:
When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC
flag set, the data field was decrypted first without verifying the MIC. When
the dta field was encrypted using RC4, for example, when negotiating TKIP as
a pairwise cipher, the unauthenticated but decrypted data was subsequently
processed. This opened wpa_supplicant(8) to abuse by decryption and recovery
of sensitive information contained in EAPOL-Key messages.
See https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
for a detailed description of the bug.
XXX: pullup-8
diffstat:
external/bsd/wpa/dist/src/rsn_supp/wpa.c | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diffs (21 lines):
diff -r e2b1c36b6ed9 -r fc1f3724ffd0 external/bsd/wpa/dist/src/rsn_supp/wpa.c
--- a/external/bsd/wpa/dist/src/rsn_supp/wpa.c Thu Aug 16 11:04:10 2018 +0000
+++ b/external/bsd/wpa/dist/src/rsn_supp/wpa.c Thu Aug 16 11:34:41 2018 +0000
@@ -2072,6 +2072,17 @@
if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+ /*
+ * Only decrypt the Key Data field if the frame's authenticity
+ * was verified. When using AES-SIV (FILS), the MIC flag is not
+ * set, so this check should only be performed if mic_len != 0
+ * which is the case in this code branch.
+ */
+ if (!(key_info & WPA_KEY_INFO_MIC)) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
+ goto out;
+ }
if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
&key_data_len))
goto out;
Home |
Main Index |
Thread Index |
Old Index