From bbda81ce3077dfade2a43a39f772cfec2e82a9a5 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 16 Oct 2017 11:39:23 +0200 Subject: hostapd: merge fixes for WPA packet number reuse with replayed messages and key reinstallation Fixes: - CERT case ID: VU#228519 - CVE-2017-13077 - CVE-2017-13078 - CVE-2017-13079 - CVE-2017-13080 - CVE-2017-13081 - CVE-2017-13082 - CVE-2017-13086 - CVE-2017-13087 - CVE-2017-13088 For more information see: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt Signed-off-by: Felix Fietkau --- .../hostapd/patches/600-ubus_support.patch | 26 +++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'package/network/services/hostapd/patches/600-ubus_support.patch') diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch index 86f388997e..0c85a27ca5 100644 --- a/package/network/services/hostapd/patches/600-ubus_support.patch +++ b/package/network/services/hostapd/patches/600-ubus_support.patch @@ -104,8 +104,8 @@ + .frame_info = fi, + }; - if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { - wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", + if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { + wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", @@ -1757,6 +1763,12 @@ static void handle_auth(struct hostapd_d resp = WLAN_STATUS_UNSPECIFIED_FAILURE; goto fail; @@ -116,10 +116,10 @@ + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto fail; + } - if (res == HOSTAPD_ACL_PENDING) - return; - -@@ -2860,7 +2872,7 @@ void fils_hlp_timeout(void *eloop_ctx, v + if (res == HOSTAPD_ACL_PENDING) + return; + +@@ -2870,7 +2882,7 @@ void fils_hlp_timeout(void *eloop_ctx, v static void handle_assoc(struct hostapd_data *hapd, const struct ieee80211_mgmt *mgmt, size_t len, @@ -128,9 +128,9 @@ { u16 capab_info, listen_interval, seq_ctrl, fc; u16 resp = WLAN_STATUS_SUCCESS, reply_res; -@@ -2874,6 +2886,11 @@ static void handle_assoc(struct hostapd_ +@@ -2884,6 +2896,11 @@ static void handle_assoc(struct hostapd_ #ifdef CONFIG_FILS - int delay_assoc = 0; + int delay_assoc = 0; #endif /* CONFIG_FILS */ + struct hostapd_ubus_request req = { + .type = HOSTAPD_UBUS_ASSOC_REQ, @@ -140,7 +140,7 @@ if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : sizeof(mgmt->u.assoc_req))) { -@@ -3041,6 +3058,13 @@ static void handle_assoc(struct hostapd_ +@@ -3051,6 +3068,13 @@ static void handle_assoc(struct hostapd_ } #endif /* CONFIG_MBO */ @@ -154,7 +154,7 @@ /* * sta->capability is used in check_assoc_ies() for RRM enabled * capability element. -@@ -3248,6 +3272,7 @@ static void handle_disassoc(struct hosta +@@ -3258,6 +3282,7 @@ static void handle_disassoc(struct hosta wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", MAC2STR(mgmt->sa), le_to_host16(mgmt->u.disassoc.reason_code)); @@ -162,7 +162,7 @@ sta = ap_get_sta(hapd, mgmt->sa); if (sta == NULL) { -@@ -3313,6 +3338,8 @@ static void handle_deauth(struct hostapd +@@ -3323,6 +3348,8 @@ static void handle_deauth(struct hostapd " reason_code=%d", MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); @@ -171,7 +171,7 @@ sta = ap_get_sta(hapd, mgmt->sa); if (sta == NULL) { wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " -@@ -3627,7 +3654,7 @@ int ieee802_11_mgmt(struct hostapd_data +@@ -3637,7 +3664,7 @@ int ieee802_11_mgmt(struct hostapd_data if (stype == WLAN_FC_STYPE_PROBE_REQ) { @@ -180,7 +180,7 @@ return 1; } -@@ -3647,17 +3674,17 @@ int ieee802_11_mgmt(struct hostapd_data +@@ -3657,17 +3684,17 @@ int ieee802_11_mgmt(struct hostapd_data switch (stype) { case WLAN_FC_STYPE_AUTH: wpa_printf(MSG_DEBUG, "mgmt::auth"); -- cgit v1.2.3