diff options
Diffstat (limited to 'package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch')
-rw-r--r-- | package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch | 100 |
1 files changed, 0 insertions, 100 deletions
diff --git a/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch b/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch deleted file mode 100644 index 5cc2f7b17d..0000000000 --- a/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch +++ /dev/null @@ -1,100 +0,0 @@ -From a6ea665300919d6a3af22b1f4237203647fda93a Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Tue, 17 Oct 2017 00:01:11 +0300 -Subject: [PATCH] Additional consistentcy checks for PTK component lengths - -Verify that TK, KCK, and KEK lengths are set to consistent values within -struct wpa_ptk before using them in supplicant. This is an additional -layer of protection against unexpected states. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/common/wpa_common.c | 6 ++++++ - src/rsn_supp/wpa.c | 26 ++++++++++++++++++++------ - 2 files changed, 26 insertions(+), 6 deletions(-) - ---- a/src/common/wpa_common.c -+++ b/src/common/wpa_common.c -@@ -100,6 +100,12 @@ int wpa_eapol_key_mic(const u8 *key, siz - { - u8 hash[SHA512_MAC_LEN]; - -+ if (key_len == 0) { -+ wpa_printf(MSG_DEBUG, -+ "WPA: KCK not set - cannot calculate MIC"); -+ return -1; -+ } -+ - switch (ver) { - #ifndef CONFIG_FIPS - case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -725,6 +725,11 @@ static int wpa_supplicant_install_ptk(st - - alg = wpa_cipher_to_alg(sm->pairwise_cipher); - keylen = wpa_cipher_key_len(sm->pairwise_cipher); -+ if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) { -+ wpa_printf(MSG_DEBUG, "WPA: TK length mismatch: %d != %lu", -+ keylen, (long unsigned int) sm->ptk.tk_len); -+ return -1; -+ } - rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); - - if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { -@@ -745,6 +750,7 @@ static int wpa_supplicant_install_ptk(st - - /* TK is not needed anymore in supplicant */ - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); -+ sm->ptk.tk_len = 0; - sm->ptk.installed = 1; - - if (sm->wpa_ptk_rekey) { -@@ -1717,9 +1723,10 @@ static int wpa_supplicant_verify_eapol_k - os_memcpy(mic, key + 1, mic_len); - if (sm->tptk_set) { - os_memset(key + 1, 0, mic_len); -- wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt, -- ver, buf, len, (u8 *) (key + 1)); -- if (os_memcmp_const(mic, key + 1, mic_len) != 0) { -+ if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, -+ sm->key_mgmt, -+ ver, buf, len, (u8 *) (key + 1)) < 0 || -+ os_memcmp_const(mic, key + 1, mic_len) != 0) { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: Invalid EAPOL-Key MIC " - "when using TPTK - ignoring TPTK"); -@@ -1742,9 +1749,10 @@ static int wpa_supplicant_verify_eapol_k - - if (!ok && sm->ptk_set) { - os_memset(key + 1, 0, mic_len); -- wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt, -- ver, buf, len, (u8 *) (key + 1)); -- if (os_memcmp_const(mic, key + 1, mic_len) != 0) { -+ if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, -+ sm->key_mgmt, -+ ver, buf, len, (u8 *) (key + 1)) < 0 || -+ os_memcmp_const(mic, key + 1, mic_len) != 0) { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: Invalid EAPOL-Key MIC - " - "dropping packet"); -@@ -4167,6 +4175,11 @@ int fils_process_assoc_resp(struct wpa_s - - alg = wpa_cipher_to_alg(sm->pairwise_cipher); - keylen = wpa_cipher_key_len(sm->pairwise_cipher); -+ if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) { -+ wpa_printf(MSG_DEBUG, "FILS: TK length mismatch: %u != %lu", -+ keylen, (long unsigned int) sm->ptk.tk_len); -+ goto fail; -+ } - rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); - wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver", - sm->ptk.tk, keylen); -@@ -4183,6 +4196,7 @@ int fils_process_assoc_resp(struct wpa_s - * takes care of association frame encryption/decryption. */ - /* TK is not needed anymore in supplicant */ - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); -+ sm->ptk.tk_len = 0; - sm->ptk.installed = 1; - - /* FILS HLP Container */ |