jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-11-27 04:53:28 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix unauthenticated EAPOL-Key decryption vulnerability. [SA-18:11.hostapd]

Browse Source 
Approved by:	so
This commit is contained in:
Xin LI 2018-08-15 05:05:02 +00:00
parent b76f85cf57
commit 4e118cfb10
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/stable/10/; revision=337832
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
contrib/wpa/src/rsn_supp/wpa.c
View File

@ -1829,6 +1829,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
if (sm->proto == WPA_PROTO_RSN && if (sm->proto == WPA_PROTO_RSN &&
(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
/*
* Only decrypt the Key Data field if the frame's authenticity
* was verified. When using AES-SIV (FILS), the MIC flag is not
* set, so this check should only be performed if mic_len != 0
* which is the case in this code branch.
*/
if (!(key_info & WPA_KEY_INFO_MIC)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
goto out;
}
if (wpa_supplicant_decrypt_key_data(sm, key, ver)) if (wpa_supplicant_decrypt_key_data(sm, key, ver))
goto out; goto out;
extra_len = WPA_GET_BE16(key->key_data_length); extra_len = WPA_GET_BE16(key->key_data_length);