wpa-supplicant: fix the bug for PATCHTOOL = "patch"

When switch PATCHTOOL to patch, applying 'key-replay-cve-multiple.patch' failed: checking file src/ap/ieee802_11.c checking file src/ap/wpa_auth.c checking file src/ap/wpa_auth.h checking file src/ap/wpa_auth_ft.c checking file src/ap/wpa_auth_i.h checking file src/common/wpa_common.h checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/rsn_supp/wpa.c Hunk #1 FAILED at 709. Hunk #2 FAILED at 757. Hunk #3 succeeded at 840 (offset -12 lines). Hunk #4 FAILED at 868. Hunk #5 FAILED at 900. Hunk #6 FAILED at 924. Hunk #7 succeeded at 1536 (offset -38 lines). Hunk #8 FAILED at 2386. Hunk #9 FAILED at 2920. Hunk #10 succeeded at 2940 (offset -46 lines). Hunk #11 FAILED at 2998. 8 out of 11 hunks FAILED checking file src/rsn_supp/wpa_i.h Hunk #1 FAILED at 32. 1 out of 1 hunk FAILED checking file src/common/wpa_common.h Hunk #1 succeeded at 215 with fuzz 1. checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/ap/wpa_auth.c Hunk #1 succeeded at 1898 (offset -3 lines). Hunk #2 succeeded at 2470 (offset -3 lines). checking file src/rsn_supp/tdls.c checking file wpa_supplicant/wnm_sta.c checking file src/rsn_supp/wpa.c Hunk #1 succeeded at 2378 (offset -62 lines). checking file src/rsn_supp/wpa_ft.c checking file src/rsn_supp/wpa_i.h Hunk #1 succeeded at 123 (offset -5 lines). So split the wpa-supplicant/key-replay-cve-multiple to 8 patches. (From OE-Core rev: 4e9bc513c22b9a52c48588ef276e2ab7f7781526) Signed-off-by: Hong Liu <hongl.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hong Liu <hongl.fnst@cn.fujitsu.com> 2018-06-05 16:10:56 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-06-15 17:56:24 +0100
commit: 61e587b32d10c796503f98f16eb3d66f24835708 (patch)
tree: 3915b26534a782f7017a588c5b86f4f1b3285fa4 /meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
parent: c8a1e372f3aa962b483b4f2280c7c44392c8b2f7 (diff)
download: poky-61e587b32d10c796503f98f16eb3d66f24835708.tar.gz
1 files changed, 96 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
new file mode 100644
index 0000000000..6c1948696e
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
@@ -0,0 +1,96 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+Backport a number of patches from upstream to fix this.
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 29 Sep 2017 04:22:51 +0200
+Subject: [PATCH 4/8] Prevent installation of an all-zero TK
+Properly track whether a PTK has already been installed to the driver
+and the TK part cleared from memory. This prevents an attacker from
+trying to trick the client into installing an all-zero TK.
+This fixes the earlier fix in commit
+ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
+driver in EAPOL-Key 3/4 retry case') which did not take into account
+possibility of an extra message 1/4 showing up between retries of
+message 3/4.
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 1 +
+ src/rsn_supp/wpa.c      | 5 ++---
+ src/rsn_supp/wpa_i.h    | 1 -
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index d200285..1021ccb 100644
+--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
+@@ -215,6 +215,7 @@ struct wpa_ptk {
+        size_t kck_len;
+        size_t kek_len;
+        size_t tk_len;
+       int installed; /* 1 if key has already been installed to driver */
+ };
+ 
+ struct wpa_gtk {
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 7a2c68d..0550a41 100644
+--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
+@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+                os_memset(buf, 0, sizeof(buf));
+        }
+        sm->tptk_set = 1;
+-       sm->tk_to_set = 1;
+ 
+        kde = sm->assoc_wpa_ie;
+        kde_len = sm->assoc_wpa_ie_len;
+@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+        enum wpa_alg alg;
+        const u8 *key_rsc;
+ 
+-       if (!sm->tk_to_set) {
+       if (sm->ptk.installed) {
+                wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+                        "WPA: Do not re-install same PTK to the driver");
+                return 0;
+@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+ 
+        /* TK is not needed anymore in supplicant */
+        os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+-       sm->tk_to_set = 0;
+       sm->ptk.installed = 1;
+ 
+        if (sm->wpa_ptk_rekey) {
+                eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 9a54631..41f371f 100644
+--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
+@@ -24,7 +24,6 @@ struct wpa_sm {
+        struct wpa_ptk ptk, tptk;
+        int ptk_set, tptk_set;
+        unsigned int msg_3_of_4_ok:1;
+-       unsigned int tk_to_set:1;
+        u8 snonce[WPA_NONCE_LEN];
+        u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
+        int renew_snonce;
+-- 
+2.7.4
+\ No newline at end of file
author	Hong Liu <hongl.fnst@cn.fujitsu.com>	2018-06-05 16:10:56 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-06-15 17:56:24 +0100
commit	61e587b32d10c796503f98f16eb3d66f24835708 (patch)
tree	3915b26534a782f7017a588c5b86f4f1b3285fa4 /meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
parent	c8a1e372f3aa962b483b4f2280c7c44392c8b2f7 (diff)
download	poky-61e587b32d10c796503f98f16eb3d66f24835708.tar.gz

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch new file mode 100644 index 0000000000..6c1948696e --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
@@ -0,0 +1,96 @@
	1	The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
	2	result in unauthenticated clients gaining access to the network.
	3
	4	Backport a number of patches from upstream to fix this.
	5
	6	CVE: CVE-2017-13077
	7	CVE: CVE-2017-13078
	8	CVE: CVE-2017-13079
	9	CVE: CVE-2017-13080
	10	CVE: CVE-2017-13081
	11	CVE: CVE-2017-13082
	12	CVE: CVE-2017-13086
	13	CVE: CVE-2017-13087
	14	CVE: CVE-2017-13088
	15
	16	Upstream-Status: Backport
	17	Signed-off-by: Ross Burton <ross.burton@intel.com>
	18
	19	From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
	20	From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
	21	Date: Fri, 29 Sep 2017 04:22:51 +0200
	22	Subject: [PATCH 4/8] Prevent installation of an all-zero TK
	23
	24	Properly track whether a PTK has already been installed to the driver
	25	and the TK part cleared from memory. This prevents an attacker from
	26	trying to trick the client into installing an all-zero TK.
	27
	28	This fixes the earlier fix in commit
	29	ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
	30	driver in EAPOL-Key 3/4 retry case') which did not take into account
	31	possibility of an extra message 1/4 showing up between retries of
	32	message 3/4.
	33
	34	Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
	35	---
	36	src/common/wpa_common.h \| 1 +
	37	src/rsn_supp/wpa.c \| 5 ++---
	38	src/rsn_supp/wpa_i.h \| 1 -
	39	3 files changed, 3 insertions(+), 4 deletions(-)
	40
	41	diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
	42	index d200285..1021ccb 100644
	43	--- a/src/common/wpa_common.h
	44	+++ b/src/common/wpa_common.h
	45	@@ -215,6 +215,7 @@ struct wpa_ptk {
	46	size_t kck_len;
	47	size_t kek_len;
	48	size_t tk_len;
	49	+ int installed; /* 1 if key has already been installed to driver */
	50	};
	51
	52	struct wpa_gtk {
	53	diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
	54	index 7a2c68d..0550a41 100644
	55	--- a/src/rsn_supp/wpa.c
	56	+++ b/src/rsn_supp/wpa.c
	57	@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
	58	os_memset(buf, 0, sizeof(buf));
	59	}
	60	sm->tptk_set = 1;
	61	- sm->tk_to_set = 1;
	62
	63	kde = sm->assoc_wpa_ie;
	64	kde_len = sm->assoc_wpa_ie_len;
	65	@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
	66	enum wpa_alg alg;
	67	const u8 *key_rsc;
	68
	69	- if (!sm->tk_to_set) {
	70	+ if (sm->ptk.installed) {
	71	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
	72	"WPA: Do not re-install same PTK to the driver");
	73	return 0;
	74	@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
	75
	76	/* TK is not needed anymore in supplicant */
	77	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
	78	- sm->tk_to_set = 0;
	79	+ sm->ptk.installed = 1;
	80
	81	if (sm->wpa_ptk_rekey) {
	82	eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
	83	diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
	84	index 9a54631..41f371f 100644
	85	--- a/src/rsn_supp/wpa_i.h
	86	+++ b/src/rsn_supp/wpa_i.h
	87	@@ -24,7 +24,6 @@ struct wpa_sm {
	88	struct wpa_ptk ptk, tptk;
	89	int ptk_set, tptk_set;
	90	unsigned int msg_3_of_4_ok:1;
	91	- unsigned int tk_to_set:1;
	92	u8 snonce[WPA_NONCE_LEN];
	93	u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
	94	int renew_snonce;
	95	--
	96	2.7.4 \ No newline at end of file