Date: Wed, 15 Aug 2018 02:31:10 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r337829 - in releng/10.4: . contrib/wpa/src/rsn_supp share/man/man4 sys/conf Message-ID: <201808150231.w7F2VABY096059@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Wed Aug 15 02:31:10 2018 New Revision: 337829 URL: https://svnweb.freebsd.org/changeset/base/337829 Log: Revis manual pages. [SA-18:08.tcp] Fix unauthenticated EAPOL-Key decryption vulnerability. [SA-18:11.hostapd] Approved by: so Modified: releng/10.4/UPDATING releng/10.4/contrib/wpa/src/rsn_supp/wpa.c releng/10.4/share/man/man4/tcp.4 releng/10.4/sys/conf/newvers.sh Modified: releng/10.4/UPDATING ============================================================================== --- releng/10.4/UPDATING Wed Aug 15 02:30:11 2018 (r337828) +++ releng/10.4/UPDATING Wed Aug 15 02:31:10 2018 (r337829) @@ -16,6 +16,15 @@ from older versions of FreeBSD, try WITHOUT_CLANG to b stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. + +20180814 p11 FreeBSD-SA-18:08.tcp [revised] + FreeBSD-SA-18:11.hostapd + + Revise manual pages. [SA-18:08.tcp] + + Fixeunauthenticated EAPOL-Key decryption vulnerability. + [SA-18:11.hostapd] + 20180806 p10 FreeBSD-SA-18:08.tcp Fix resource exhaustion in TCP reassembly. Modified: releng/10.4/contrib/wpa/src/rsn_supp/wpa.c ============================================================================== --- releng/10.4/contrib/wpa/src/rsn_supp/wpa.c Wed Aug 15 02:30:11 2018 (r337828) +++ releng/10.4/contrib/wpa/src/rsn_supp/wpa.c Wed Aug 15 02:31:10 2018 (r337829) @@ -1829,6 +1829,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_a if (sm->proto == WPA_PROTO_RSN && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { + /* + * Only decrypt the Key Data field if the frame's authenticity + * was verified. When using AES-SIV (FILS), the MIC flag is not + * set, so this check should only be performed if mic_len != 0 + * which is the case in this code branch. + */ + if (!(key_info & WPA_KEY_INFO_MIC)) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data"); + goto out; + } if (wpa_supplicant_decrypt_key_data(sm, key, ver)) goto out; extra_len = WPA_GET_BE16(key->key_data_length); Modified: releng/10.4/share/man/man4/tcp.4 ============================================================================== --- releng/10.4/share/man/man4/tcp.4 Wed Aug 15 02:30:11 2018 (r337828) +++ releng/10.4/share/man/man4/tcp.4 Wed Aug 15 02:31:10 2018 (r337829) @@ -38,7 +38,7 @@ .\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd October 13, 2014 +.Dd August 6, 2018 .Dt TCP 4 .Os .Sh NAME Modified: releng/10.4/sys/conf/newvers.sh ============================================================================== --- releng/10.4/sys/conf/newvers.sh Wed Aug 15 02:30:11 2018 (r337828) +++ releng/10.4/sys/conf/newvers.sh Wed Aug 15 02:31:10 2018 (r337829) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.4" -BRANCH="RELEASE-p10" +BRANCH="RELEASE-p11" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808150231.w7F2VABY096059>