Date: Tue, 14 Aug 2018 13:17:58 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Cy Schubert <cy@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: Re: svn commit: r337818 - vendor/wpa/dist/src/rsn_supp Message-ID: <201808142017.w7EKHwj3053640@slippy.cwsent.com> In-Reply-To: Message from Cy Schubert <cy@FreeBSD.org> of "Tue, 14 Aug 2018 20:10:26 -0000." <201808142010.w7EKAQxP001144@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <201808142010.w7EKAQxP001144@repo.freebsd.org>, Cy Schubert writes: > Author: cy > Date: Tue Aug 14 20:10:25 2018 > New Revision: 337818 > URL: https://svnweb.freebsd.org/changeset/base/337818 > > Log: > WPA: Ignore unauthenticated encrypted EAPOL-Key data > > Ignore unauthenticated encrypted EAPOL-Key data in supplicant > processing. When using WPA2, these are frames that have the Encrypted > flag set, but not the MIC flag. > > When using WPA2, EAPOL-Key frames that had the Encrypted flag set but > not the MIC flag, had their data field decrypted without first verifying > the MIC. In case the data field was encrypted using RC4 (i.e., when > negotiating TKIP as the pairwise cipher), this meant that > unauthenticated but decrypted data would then be processed. An adversary > could abuse this as a decryption oracle to recover sensitive information > in the data field of EAPOL-Key messages (e.g., the group key). > (CVE-2018-14526) > > Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> > > Obtained from: git://w1.fi/hostap.git > MFC after: 1 day I got ahead of myself here. Ports and vuxml in progress. git-svn is disk intensive, as is svn for that matter. > Security: CVE-2018-14526 > Security: VuXML: 6bedc863-9fbe-11e8-945f-206a8a720317 > > Modified: > vendor/wpa/dist/src/rsn_supp/wpa.c > > Modified: vendor/wpa/dist/src/rsn_supp/wpa.c > ============================================================================= > = > --- vendor/wpa/dist/src/rsn_supp/wpa.c Tue Aug 14 20:02:01 2018 > (r337817) > +++ vendor/wpa/dist/src/rsn_supp/wpa.c Tue Aug 14 20:10:25 2018 > (r337818) > @@ -2072,6 +2072,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_a > > if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && > (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { > + /* > + * Only decrypt the Key Data field if the frame's authenticity > + * was verified. When using AES-SIV (FILS), the MIC flag is not > + * set, so this check should only be performed if mic_len != 0 > + * which is the case in this code branch. > + */ > + if (!(key_info & WPA_KEY_INFO_MIC)) { > + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, > + "WPA: Ignore EAPOL-Key with encrypted but unaut > henticated data"); > + goto out; > + } > if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data, > &key_data_len)) > goto out; -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808142017.w7EKHwj3053640>