Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Jul 2018 02:04:10 +0000 (UTC)
From:      Cy Schubert <cy@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r336529 - head/contrib/wpa/src/rsn_supp
Message-ID:  <201807200204.w6K24AiY020855@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: cy
Date: Fri Jul 20 02:04:10 2018
New Revision: 336529
URL: https://svnweb.freebsd.org/changeset/base/336529

Log:
  MFV: r336486
  
  Prevent reinstallation of an already in-use group key.
  Upline git commit cb5132bb35698cc0c743e34fe0e845dfc4c3e410.
  
  Obtained from:	https://w1.fi/security/2017-1/\
  		rebased-v2.6-0002-Prevent-reinstallation-\
  		of-an-already-in-use-group-ke.patch
  X-MFC-with:	r336203

Modified:
  head/contrib/wpa/src/rsn_supp/wpa.c

Modified: head/contrib/wpa/src/rsn_supp/wpa.c
==============================================================================
--- head/contrib/wpa/src/rsn_supp/wpa.c	Fri Jul 20 01:53:28 2018	(r336528)
+++ head/contrib/wpa/src/rsn_supp/wpa.c	Fri Jul 20 02:04:10 2018	(r336529)
@@ -860,7 +860,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *
 	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
 					       gtk_len, gtk_len,
 					       &gd.key_rsc_len, &gd.alg) ||
-	     wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0))) {
+	     wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
 			"RSN: Failed to install GTK");
 		os_memset(&gd, 0, sizeof(gd));
@@ -1592,13 +1592,13 @@ static void wpa_supplicant_process_1_of_2(struct wpa_s
 	if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
 		key_rsc = null_rsc;
 
-	if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0) ||
-	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
+	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
+	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
 		goto failed;
 	os_memset(&gd, 0, sizeof(gd));
 
 	if (rekey) {
-		wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Group rekeying "
+		wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
 			"completed with " MACSTR " [GTK=%s]",
 			MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
 		wpa_sm_cancel_auth_timeout(sm);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807200204.w6K24AiY020855>