mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-11-27 04:53:28 +00:00
Fix unauthenticated EAPOL-Key decryption vulnerability. [SA-18:11.hostapd]
Approved by: so
This commit is contained in:
parent
b76f85cf57
commit
4e118cfb10
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/stable/10/; revision=337832
@ -1829,6 +1829,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
|
||||
|
||||
if (sm->proto == WPA_PROTO_RSN &&
|
||||
(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
|
||||
/*
|
||||
* Only decrypt the Key Data field if the frame's authenticity
|
||||
* was verified. When using AES-SIV (FILS), the MIC flag is not
|
||||
* set, so this check should only be performed if mic_len != 0
|
||||
* which is the case in this code branch.
|
||||
*/
|
||||
if (!(key_info & WPA_KEY_INFO_MIC)) {
|
||||
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||
"WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
|
||||
goto out;
|
||||
}
|
||||
if (wpa_supplicant_decrypt_key_data(sm, key, ver))
|
||||
goto out;
|
||||
extra_len = WPA_GET_BE16(key->key_data_length);
|
||||
|
Loading…
Reference in New Issue
Block a user