diff options
author | Hong Liu <hongl.fnst@cn.fujitsu.com> | 2018-06-05 16:10:56 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-06-15 17:56:24 +0100 |
commit | 61e587b32d10c796503f98f16eb3d66f24835708 (patch) | |
tree | 3915b26534a782f7017a588c5b86f4f1b3285fa4 /meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch | |
parent | c8a1e372f3aa962b483b4f2280c7c44392c8b2f7 (diff) | |
download | poky-61e587b32d10c796503f98f16eb3d66f24835708.tar.gz |
wpa-supplicant: fix the bug for PATCHTOOL = "patch"
When switch PATCHTOOL to patch, applying 'key-replay-cve-multiple.patch' failed:
checking file src/ap/ieee802_11.c
checking file src/ap/wpa_auth.c
checking file src/ap/wpa_auth.h
checking file src/ap/wpa_auth_ft.c
checking file src/ap/wpa_auth_i.h
checking file src/common/wpa_common.h
checking file src/rsn_supp/wpa.c
checking file src/rsn_supp/wpa_i.h
checking file src/rsn_supp/wpa.c
Hunk #1 FAILED at 709.
Hunk #2 FAILED at 757.
Hunk #3 succeeded at 840 (offset -12 lines).
Hunk #4 FAILED at 868.
Hunk #5 FAILED at 900.
Hunk #6 FAILED at 924.
Hunk #7 succeeded at 1536 (offset -38 lines).
Hunk #8 FAILED at 2386.
Hunk #9 FAILED at 2920.
Hunk #10 succeeded at 2940 (offset -46 lines).
Hunk #11 FAILED at 2998.
8 out of 11 hunks FAILED
checking file src/rsn_supp/wpa_i.h
Hunk #1 FAILED at 32.
1 out of 1 hunk FAILED
checking file src/common/wpa_common.h
Hunk #1 succeeded at 215 with fuzz 1.
checking file src/rsn_supp/wpa.c
checking file src/rsn_supp/wpa_i.h
checking file src/ap/wpa_auth.c
Hunk #1 succeeded at 1898 (offset -3 lines).
Hunk #2 succeeded at 2470 (offset -3 lines).
checking file src/rsn_supp/tdls.c
checking file wpa_supplicant/wnm_sta.c
checking file src/rsn_supp/wpa.c
Hunk #1 succeeded at 2378 (offset -62 lines).
checking file src/rsn_supp/wpa_ft.c
checking file src/rsn_supp/wpa_i.h
Hunk #1 succeeded at 123 (offset -5 lines).
So split the wpa-supplicant/key-replay-cve-multiple to 8 patches.
(From OE-Core rev: 4e9bc513c22b9a52c48588ef276e2ab7f7781526)
Signed-off-by: Hong Liu <hongl.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch')
-rw-r--r-- | meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch new file mode 100644 index 0000000000..2e12bc7555 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch | |||
@@ -0,0 +1,60 @@ | |||
1 | The WPA2 four-way handshake protocol is vulnerable to replay attacks which can | ||
2 | result in unauthenticated clients gaining access to the network. | ||
3 | |||
4 | Backport a number of patches from upstream to fix this. | ||
5 | |||
6 | CVE: CVE-2017-13077 | ||
7 | CVE: CVE-2017-13078 | ||
8 | CVE: CVE-2017-13079 | ||
9 | CVE: CVE-2017-13080 | ||
10 | CVE: CVE-2017-13081 | ||
11 | CVE: CVE-2017-13082 | ||
12 | CVE: CVE-2017-13086 | ||
13 | CVE: CVE-2017-13087 | ||
14 | CVE: CVE-2017-13088 | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
18 | |||
19 | From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001 | ||
20 | From: Jouni Malinen <j@w1.fi> | ||
21 | Date: Fri, 22 Sep 2017 11:25:02 +0300 | ||
22 | Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending | ||
23 | request | ||
24 | |||
25 | Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep | ||
26 | Mode Response if WNM-Sleep Mode has not been used') started ignoring the | ||
27 | response when no WNM-Sleep Mode Request had been used during the | ||
28 | association. This can be made tighter by clearing the used flag when | ||
29 | successfully processing a response. This adds an additional layer of | ||
30 | protection against unexpected retransmissions of the response frame. | ||
31 | |||
32 | Signed-off-by: Jouni Malinen <j@w1.fi> | ||
33 | --- | ||
34 | wpa_supplicant/wnm_sta.c | 4 +++- | ||
35 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
36 | |||
37 | diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c | ||
38 | index 1b3409c..67a07ff 100644 | ||
39 | --- a/wpa_supplicant/wnm_sta.c | ||
40 | +++ b/wpa_supplicant/wnm_sta.c | ||
41 | @@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, | ||
42 | |||
43 | if (!wpa_s->wnmsleep_used) { | ||
44 | wpa_printf(MSG_DEBUG, | ||
45 | - "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association"); | ||
46 | + "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); | ||
47 | return; | ||
48 | } | ||
49 | |||
50 | @@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, | ||
51 | return; | ||
52 | } | ||
53 | |||
54 | + wpa_s->wnmsleep_used = 0; | ||
55 | + | ||
56 | if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || | ||
57 | wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { | ||
58 | wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " | ||
59 | -- | ||
60 | 2.7.4 \ No newline at end of file | ||