Date: Mon, 16 Oct 2017 13:19:15 +0200 From: Stefan Esser <se@freebsd.org> To: freebsd-current@freebsd.org Subject: Re: cve-2017-13077 - WPA2 security vulni Message-ID: <21896d6e-75be-3376-bc32-9d911227de5c@freebsd.org> In-Reply-To: <CALM2mEnC3Ecb4mbJ%2BUxhtPwTWjj_DZeyRHWmvW-HHzwGU3fzBw@mail.gmail.com> References: <CALM2mEmawo7q7GNYLQZPovPVP3dQun5S4Aa4J8Cw2nK8g6Ux4Q@mail.gmail.com> <2230.1508150145@critter.freebsd.dk> <CALM2mEnC3Ecb4mbJ%2BUxhtPwTWjj_DZeyRHWmvW-HHzwGU3fzBw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------FDEAD5A07F7807785CA9C662 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Am 16.10.17 um 12:38 schrieb blubee blubeeme: > well, that's a cluster if I ever seen one. > > On Mon, Oct 16, 2017 at 6:35 PM, Poul-Henning Kamp <phk@phk.freebsd.dk> > wrote: > >> -------- >> In message <CALM2mEmawo7q7GNYLQZPovPVP3dQun5S4Aa4J8Cw2nK8g6Ux4Q@mail. >> gmail.com> >> , blubee blubeeme writes: >> >>> Does anyone on FreeBSD know if it's affected by this? >>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13077 >> >> It is, same as Linux, we use the same wpa_supplicant software The attached patch includes the official patch applied by the WPA developers in https://w1.fi/cgit/hostap/commit/?id=a00e946 but for our version of wpa_supplicant in /usr/src/contrib. Regards, STefan --------------FDEAD5A07F7807785CA9C662 Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0"; name="wpa.c-CVE-2017-13077.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="wpa.c-CVE-2017-13077.patch" Index: contrib/wpa/src/rsn_supp/wpa.c =================================================================== --- contrib/wpa/src/rsn_supp/wpa.c (Revision 324638) +++ contrib/wpa/src/rsn_supp/wpa.c (Arbeitskopie) @@ -1534,6 +1534,14 @@ sm->ptk_set = 1; os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); os_memset(&sm->tptk, 0, sizeof(sm->tptk)); + /* + * This assures the same TPTK in sm->tptk can never be + * copied twice to sm->pkt as the new PTK. In + * combination with the installed flag in the wpa_ptk + * struct, this assures the same PTK is only installed + * once. + */ + sm->renew_snonce = 1; } } --------------FDEAD5A07F7807785CA9C662--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21896d6e-75be-3376-bc32-9d911227de5c>