Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Oct 2017 13:19:15 +0200
From:      Stefan Esser <se@freebsd.org>
To:        freebsd-current@freebsd.org
Subject:   Re: cve-2017-13077 - WPA2 security vulni
Message-ID:  <21896d6e-75be-3376-bc32-9d911227de5c@freebsd.org>
In-Reply-To: <CALM2mEnC3Ecb4mbJ%2BUxhtPwTWjj_DZeyRHWmvW-HHzwGU3fzBw@mail.gmail.com>
References:  <CALM2mEmawo7q7GNYLQZPovPVP3dQun5S4Aa4J8Cw2nK8g6Ux4Q@mail.gmail.com> <2230.1508150145@critter.freebsd.dk> <CALM2mEnC3Ecb4mbJ%2BUxhtPwTWjj_DZeyRHWmvW-HHzwGU3fzBw@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------FDEAD5A07F7807785CA9C662
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit

Am 16.10.17 um 12:38 schrieb blubee blubeeme:
> well, that's a cluster if I ever seen one.
> 
> On Mon, Oct 16, 2017 at 6:35 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>
> wrote:
> 
>> --------
>> In message <CALM2mEmawo7q7GNYLQZPovPVP3dQun5S4Aa4J8Cw2nK8g6Ux4Q@mail.
>> gmail.com>
>> , blubee blubeeme writes:
>>
>>> Does anyone on FreeBSD know if it's affected by this?
>>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13077
>>
>> It is, same as Linux, we use the same wpa_supplicant software

The attached patch includes the official patch applied by the WPA
developers in   https://w1.fi/cgit/hostap/commit/?id=a00e946   but
for our version of wpa_supplicant in /usr/src/contrib.

Regards, STefan

--------------FDEAD5A07F7807785CA9C662
Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0";
 name="wpa.c-CVE-2017-13077.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="wpa.c-CVE-2017-13077.patch"

Index: contrib/wpa/src/rsn_supp/wpa.c
===================================================================
--- contrib/wpa/src/rsn_supp/wpa.c	(Revision 324638)
+++ contrib/wpa/src/rsn_supp/wpa.c	(Arbeitskopie)
@@ -1534,6 +1534,14 @@
 			sm->ptk_set = 1;
 			os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
 			os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+			/*
+			 * This assures the same TPTK in sm->tptk can never be
+			 * copied twice to sm->pkt as the new PTK. In
+			 * combination with the installed flag in the wpa_ptk
+			 * struct, this assures the same PTK is only installed
+			 * once.
+			 */
+			sm->renew_snonce = 1;
 		}
 	}
 

--------------FDEAD5A07F7807785CA9C662--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21896d6e-75be-3376-bc32-9d911227de5c>