From 4e118cfb10f60b203b4f85aea0a4ebeb9c4fe3bb Mon Sep 17 00:00:00 2001 From: Xin LI Date: Wed, 15 Aug 2018 05:05:02 +0000 Subject: [PATCH] Fix unauthenticated EAPOL-Key decryption vulnerability. [SA-18:11.hostapd] Approved by: so --- contrib/wpa/src/rsn_supp/wpa.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/contrib/wpa/src/rsn_supp/wpa.c b/contrib/wpa/src/rsn_supp/wpa.c index 65f28f3457bd..7d043259b886 100644 --- a/contrib/wpa/src/rsn_supp/wpa.c +++ b/contrib/wpa/src/rsn_supp/wpa.c @@ -1829,6 +1829,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, if (sm->proto == WPA_PROTO_RSN && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { + /* + * Only decrypt the Key Data field if the frame's authenticity + * was verified. When using AES-SIV (FILS), the MIC flag is not + * set, so this check should only be performed if mic_len != 0 + * which is the case in this code branch. + */ + if (!(key_info & WPA_KEY_INFO_MIC)) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data"); + goto out; + } if (wpa_supplicant_decrypt_key_data(sm, key, ver)) goto out; extra_len = WPA_GET_BE16(key->key_data_length);