wpa-supplicant: fix CVE-2018-14526

Ignore unauthenticated encrypted EAPOL-Key data in supplicant processing. When using WPA2, these are frames that have the Encrypted flag set, but not the MIC flag. (From OE-Core rev: a5a07887e73ebf0aa6b3b1fa247e44743b39322e) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Andrej Valek <andrej.valek@siemens.com> 2018-09-04 17:48:06 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-09-05 18:00:25 +0100
commit: f0386ed8ee9d6a43d0eb32ebcc89e94bbe458638 (patch)
tree: ad490b7c6f3318255d73df212b1bb0254b541973 /meta/recipes-connectivity/wpa-supplicant
parent: cb3d32f1653fc9afdd8a5e7e32441813a69fdb18 (diff)
download: poky-f0386ed8ee9d6a43d0eb32ebcc89e94bbe458638.tar.gz
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch
new file mode 100644
index 0000000000..e800a410ea
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch
@@ -0,0 +1,44 @@
+wpa_supplicant-2.6: Fix CVE-2018-14526
+[No upstream tracking] -- https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
+wpa: Ignore unauthenticated encrypted EAPOL-Key data
+Ignore unauthenticated encrypted EAPOL-Key data in supplicant
+processing. When using WPA2, these are frames that have the Encrypted
+flag set, but not the MIC flag.
+When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
+not the MIC flag, had their data field decrypted without first verifying
+the MIC. In case the data field was encrypted using RC4 (i.e., when
+negotiating TKIP as the pairwise cipher), this meant that
+unauthenticated but decrypted data would then be processed. An adversary
+could abuse this as a decryption oracle to recover sensitive information
+in the data field of EAPOL-Key messages (e.g., the group key).
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/src/rsn_supp/wpa.c?id=3e34cfdff6b192fe337c6fb3f487f73e96582961]
+CVE: CVE-2018-14526
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 3c47879..6bdf923 100644
+--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
+@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
+        if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
+            (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+               /*
+                * Only decrypt the Key Data field if the frame's authenticity
+                * was verified. When using AES-SIV (FILS), the MIC flag is not
+                * set, so this check should only be performed if mic_len != 0
+                * which is the case in this code branch.
+                */
+               if (!(key_info & WPA_KEY_INFO_MIC)) {
+                       wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+                               "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
+                       goto out;
+               }
+                if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
+                                                    &key_data_len))
+                        goto out;
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
index e684537486..aa4c4c2da0 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
@@ -32,6 +32,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz  \
           file://key-replay-cve-multiple6.patch \
           file://key-replay-cve-multiple7.patch \
           file://key-replay-cve-multiple8.patch \
+           file://wpa_supplicant-CVE-2018-14526.patch \
          "
 SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
 SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"
author	Andrej Valek <andrej.valek@siemens.com>	2018-09-04 17:48:06 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-09-05 18:00:25 +0100
commit	f0386ed8ee9d6a43d0eb32ebcc89e94bbe458638 (patch)
tree	ad490b7c6f3318255d73df212b1bb0254b541973 /meta/recipes-connectivity/wpa-supplicant
parent	cb3d32f1653fc9afdd8a5e7e32441813a69fdb18 (diff)
download	poky-f0386ed8ee9d6a43d0eb32ebcc89e94bbe458638.tar.gz

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch new file mode 100644 index 0000000000..e800a410ea --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch
@@ -0,0 +1,44 @@
		1	wpa_supplicant-2.6: Fix CVE-2018-14526
		2
		3	[No upstream tracking] -- https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
		4
		5	wpa: Ignore unauthenticated encrypted EAPOL-Key data
		6
		7	Ignore unauthenticated encrypted EAPOL-Key data in supplicant
		8	processing. When using WPA2, these are frames that have the Encrypted
		9	flag set, but not the MIC flag.
		10
		11	When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
		12	not the MIC flag, had their data field decrypted without first verifying
		13	the MIC. In case the data field was encrypted using RC4 (i.e., when
		14	negotiating TKIP as the pairwise cipher), this meant that
		15	unauthenticated but decrypted data would then be processed. An adversary
		16	could abuse this as a decryption oracle to recover sensitive information
		17	in the data field of EAPOL-Key messages (e.g., the group key).
		18
		19	Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/src/rsn_supp/wpa.c?id=3e34cfdff6b192fe337c6fb3f487f73e96582961]
		20	CVE: CVE-2018-14526
		21	Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
		22
		23	diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
		24	index 3c47879..6bdf923 100644
		25	--- a/src/rsn_supp/wpa.c
		26	+++ b/src/rsn_supp/wpa.c
		27	@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm sm, const u8 src_addr,
		28
		29	if ((sm->proto == WPA_PROTO_RSN \|\| sm->proto == WPA_PROTO_OSEN) &&
		30	(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
		31	+ /*
		32	+ * Only decrypt the Key Data field if the frame's authenticity
		33	+ * was verified. When using AES-SIV (FILS), the MIC flag is not
		34	+ * set, so this check should only be performed if mic_len != 0
		35	+ * which is the case in this code branch.
		36	+ */
		37	+ if (!(key_info & WPA_KEY_INFO_MIC)) {
		38	+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
		39	+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
		40	+ goto out;
		41	+ }
		42	if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
		43	&key_data_len))
		44	goto out;


diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb index e684537486..aa4c4c2da0 100644 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
@@ -32,6 +32,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
32	file://key-replay-cve-multiple6.patch \	32	file://key-replay-cve-multiple6.patch \
33	file://key-replay-cve-multiple7.patch \	33	file://key-replay-cve-multiple7.patch \
34	file://key-replay-cve-multiple8.patch \	34	file://key-replay-cve-multiple8.patch \
		35	file://wpa_supplicant-CVE-2018-14526.patch \
35	"	36	"
36	SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"	37	SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
37	SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"	38	SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"