daftaupe/opt
1
0
Fork 0
forked from ports/opt
Code Pull Requests Activity

[notify] wpa_supplicant: security fix for CVE-2018-14526

Browse Source 
see
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
This commit is contained in:
Juergen Daubert 2018-08-20 18:20:06 +02:00
parent 11251ad2d8
commit ffe0c53f2b
4 changed files with 51 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
wpa_supplicant/.md5sum
View File

@ -1,3 +1,4 @@
5cc415c6b43d12c049d76ecef0449679 rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
a209fe1510a138c0da3855854c38bf6f rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
a19510a630e870a100ccb56627df38b9 rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
1f9054638b4b142049aec620307e5bd2 rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch

5
wpa_supplicant/.signature
View File

@ -1,6 +1,6 @@
untrusted comment: verify with /etc/ports/opt.pub
RWSE3ohX2g5d/RQg80Uz1Uy8/Bmifa5WGQsdDvlhpP0B/f7QXNBbntGkSjOBRzIvuuCD5bHTgtmDSqyR5n964zy4w19JVo4Seg0=
SHA256 (Pkgfile) = 4b52b01a677225157876b502c8de725da63c7a5b1ff55469905f502783b73da3
RWSE3ohX2g5d/fb0pwxIzrpCLcq+WA+NjAfAFaG0XqredE1sAUGZ3W8EWJ4i2/a+WihNbsX4ee8bigW1Ei1vwAi3lYeQZ4+EUQY=
SHA256 (Pkgfile) = fb42fc05015785f706392ac8a2a89b6cf042113af596bc62c330780e1452f8f1
SHA256 (.footprint) = d3b2e0c4068fe789ca0c18c2c81faf906efdbd970fa00641c3e5381dcbc474a5
SHA256 (wpa_supplicant-2.6.tar.gz) = b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450
SHA256 (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b
@ -11,4 +11,5 @@ SHA256 (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 147
SHA256 (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 596d4d3b63ea859ed7ea9791b3a21cb11b6173b04c0a14a2afa47edf1666afa6
SHA256 (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = c5a17af84aec2d88c56ce0da2d6945be398fe7cab5c0c340deb30973900c2736
SHA256 (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1
SHA256 (rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch) = 960c3cf2a514479b0b4cf09665186a1a9f5d28e8b05dec23db75c6cc13eb1f7c
SHA256 (wlan) = 62f4c0bf8d5fedcf5b6ad79278f4be16f29841099f385acc4fc91e2d52ca1927

4
wpa_supplicant/Pkgfile
View File

@ -5,7 +5,7 @@
name=wpa_supplicant
version=2.6
release=3
release=4
source=(http://hostap.epitest.fi/releases/$name-$version.tar.gz
rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
@ -15,6 +15,7 @@ source=(http://hostap.epitest.fi/releases/$name-$version.tar.gz
rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
wlan)
build () {
@ -28,6 +29,7 @@ build () {
patch -d.. -p1 -i $SRC/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
patch -d.. -p1 -i $SRC/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
patch -d.. -p1 -i $SRC/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
patch -d.. -p1 -i $SRC/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
cp defconfig .config
echo "CONFIG_READLINE=y

44
wpa_supplicant/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch Normal file
View File

@ -0,0 +1,44 @@
From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Date: Sun, 15 Jul 2018 01:25:53 +0200
Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data
Ignore unauthenticated encrypted EAPOL-Key data in supplicant
processing. When using WPA2, these are frames that have the Encrypted
flag set, but not the MIC flag.
When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
not the MIC flag, had their data field decrypted without first verifying
the MIC. In case the data field was encrypted using RC4 (i.e., when
negotiating TKIP as the pairwise cipher), this meant that
unauthenticated but decrypted data would then be processed. An adversary
could abuse this as a decryption oracle to recover sensitive information
in the data field of EAPOL-Key messages (e.g., the group key).
(CVE-2018-14526)
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
---
src/rsn_supp/wpa.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c wpa_supplicant-2.6/src/rsn_supp/wpa.c
--- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c 2016-10-02 21:51:11.000000000 +0300
+++ wpa_supplicant-2.6/src/rsn_supp/wpa.c 2018-08-08 16:55:11.506831029 +0300
@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c
if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+ /*
+ * Only decrypt the Key Data field if the frame's authenticity
+ * was verified. When using AES-SIV (FILS), the MIC flag is not
+ * set, so this check should only be performed if mic_len != 0
+ * which is the case in this code branch.
+ */
+ if (!(key_info & WPA_KEY_INFO_MIC)) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
+ goto out;
+ }
if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
&key_data_len))
goto out;