summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch44
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb1
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch
new file mode 100644
index 0000000000..e800a410ea
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch
@@ -0,0 +1,44 @@
1wpa_supplicant-2.6: Fix CVE-2018-14526
2
3[No upstream tracking] -- https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
4
5wpa: Ignore unauthenticated encrypted EAPOL-Key data
6
7Ignore unauthenticated encrypted EAPOL-Key data in supplicant
8processing. When using WPA2, these are frames that have the Encrypted
9flag set, but not the MIC flag.
10
11When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
12not the MIC flag, had their data field decrypted without first verifying
13the MIC. In case the data field was encrypted using RC4 (i.e., when
14negotiating TKIP as the pairwise cipher), this meant that
15unauthenticated but decrypted data would then be processed. An adversary
16could abuse this as a decryption oracle to recover sensitive information
17in the data field of EAPOL-Key messages (e.g., the group key).
18
19Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/src/rsn_supp/wpa.c?id=3e34cfdff6b192fe337c6fb3f487f73e96582961]
20CVE: CVE-2018-14526
21Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
22
23diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
24index 3c47879..6bdf923 100644
25--- a/src/rsn_supp/wpa.c
26+++ b/src/rsn_supp/wpa.c
27@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
28
29 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
30 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
31+ /*
32+ * Only decrypt the Key Data field if the frame's authenticity
33+ * was verified. When using AES-SIV (FILS), the MIC flag is not
34+ * set, so this check should only be performed if mic_len != 0
35+ * which is the case in this code branch.
36+ */
37+ if (!(key_info & WPA_KEY_INFO_MIC)) {
38+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
39+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
40+ goto out;
41+ }
42 if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
43 &key_data_len))
44 goto out;
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
index e684537486..aa4c4c2da0 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
@@ -32,6 +32,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
32 file://key-replay-cve-multiple6.patch \ 32 file://key-replay-cve-multiple6.patch \
33 file://key-replay-cve-multiple7.patch \ 33 file://key-replay-cve-multiple7.patch \
34 file://key-replay-cve-multiple8.patch \ 34 file://key-replay-cve-multiple8.patch \
35 file://wpa_supplicant-CVE-2018-14526.patch \
35 " 36 "
36SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c" 37SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
37SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450" 38SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"