wok-current diff wpa_supplicant/stuff/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch @ rev 24804
updated liblouis and liblouis-dev (3.13.0 -> 3.21.0)
| author | Hans-G?nter Theisgen |
|---|---|
| date | Tue Mar 22 10:57:54 2022 +0100 (2022-03-22) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/wpa_supplicant/stuff/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch Tue Mar 22 10:57:54 2022 +0100 1.3 @@ -0,0 +1,79 @@ 1.4 +From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 1.5 +From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> 1.6 +Date: Fri, 29 Sep 2017 04:22:51 +0200 1.7 +Subject: [PATCH 4/8] Prevent installation of an all-zero TK 1.8 + 1.9 +Properly track whether a PTK has already been installed to the driver 1.10 +and the TK part cleared from memory. This prevents an attacker from 1.11 +trying to trick the client into installing an all-zero TK. 1.12 + 1.13 +This fixes the earlier fix in commit 1.14 +ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the 1.15 +driver in EAPOL-Key 3/4 retry case') which did not take into account 1.16 +possibility of an extra message 1/4 showing up between retries of 1.17 +message 3/4. 1.18 + 1.19 +Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> 1.20 +--- 1.21 + src/common/wpa_common.h | 1 + 1.22 + src/rsn_supp/wpa.c | 5 ++--- 1.23 + src/rsn_supp/wpa_i.h | 1 - 1.24 + 3 files changed, 3 insertions(+), 4 deletions(-) 1.25 + 1.26 +diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h 1.27 +index d200285..1021ccb 100644 1.28 +--- a/src/common/wpa_common.h 1.29 ++++ b/src/common/wpa_common.h 1.30 +@@ -215,6 +215,7 @@ struct wpa_ptk { 1.31 + size_t kck_len; 1.32 + size_t kek_len; 1.33 + size_t tk_len; 1.34 ++ int installed; /* 1 if key has already been installed to driver */ 1.35 + }; 1.36 + 1.37 + struct wpa_gtk { 1.38 +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c 1.39 +index 7a2c68d..0550a41 100644 1.40 +--- a/src/rsn_supp/wpa.c 1.41 ++++ b/src/rsn_supp/wpa.c 1.42 +@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, 1.43 + os_memset(buf, 0, sizeof(buf)); 1.44 + } 1.45 + sm->tptk_set = 1; 1.46 +- sm->tk_to_set = 1; 1.47 + 1.48 + kde = sm->assoc_wpa_ie; 1.49 + kde_len = sm->assoc_wpa_ie_len; 1.50 +@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 1.51 + enum wpa_alg alg; 1.52 + const u8 *key_rsc; 1.53 + 1.54 +- if (!sm->tk_to_set) { 1.55 ++ if (sm->ptk.installed) { 1.56 + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1.57 + "WPA: Do not re-install same PTK to the driver"); 1.58 + return 0; 1.59 +@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 1.60 + 1.61 + /* TK is not needed anymore in supplicant */ 1.62 + os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); 1.63 +- sm->tk_to_set = 0; 1.64 ++ sm->ptk.installed = 1; 1.65 + 1.66 + if (sm->wpa_ptk_rekey) { 1.67 + eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 1.68 +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h 1.69 +index 9a54631..41f371f 100644 1.70 +--- a/src/rsn_supp/wpa_i.h 1.71 ++++ b/src/rsn_supp/wpa_i.h 1.72 +@@ -24,7 +24,6 @@ struct wpa_sm { 1.73 + struct wpa_ptk ptk, tptk; 1.74 + int ptk_set, tptk_set; 1.75 + unsigned int msg_3_of_4_ok:1; 1.76 +- unsigned int tk_to_set:1; 1.77 + u8 snonce[WPA_NONCE_LEN]; 1.78 + u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ 1.79 + int renew_snonce; 1.80 +-- 1.81 +2.7.4 1.82 +