diff options
| author |   Ben Kohler <bkohler@gentoo.org> | 2020-08-12 14:35:33 -0500 |
|---|---|---|
| committer | Ben Kohler <bkohler@gentoo.org> | 2020-08-12 14:35:55 -0500 |
| commit | a46530b0bdb7fb5d12dbdbe518d52358c6b7c32e (patch) | |
| tree | e5d9b5710d5dc75834044262fe32c5fa439c5ed7 /net-wireless/iwd/files | |
| parent | media-libs/mesa: Version bump to 20.2.0_rc2 (diff) | |
| download | gentoo-a46530b0bdb7fb5d12dbdbe518d52358c6b7c32e.tar.gz gentoo-a46530b0bdb7fb5d12dbdbe518d52358c6b7c32e.tar.bz2 gentoo-a46530b0bdb7fb5d12dbdbe518d52358c6b7c32e.zip | |
net-wireless/iwd: add patch for CVE-2020-17497
Bug: https://bugs.gentoo.org/736906
Package-Manager: Portage-3.0.2, Repoman-2.3.23
Signed-off-by: Ben Kohler <bkohler@gentoo.org>
Diffstat (limited to 'net-wireless/iwd/files')
| -rw-r--r-- | net-wireless/iwd/files/iwd-1.8-eapol-prevent-key-reinstallation.patch | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/net-wireless/iwd/files/iwd-1.8-eapol-prevent-key-reinstallation.patch b/net-wireless/iwd/files/iwd-1.8-eapol-prevent-key-reinstallation.patch new file mode 100644 index 000000000000..dceb808297e3 --- /dev/null +++ b/net-wireless/iwd/files/iwd-1.8-eapol-prevent-key-reinstallation.patch @@ -0,0 +1,73 @@ +From f22ba5aebb569ca54521afd2babdc1f67e3904ea Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be> +Date: Wed, 12 Aug 2020 15:17:21 +0400 +Subject: eapol: prevent key reinstallation on retransmitted Msg4/4 + +Currently an adversary can retransmit EAPOL Msg4/4 to make the AP +reinstall the PTK. Against older Linux kernels this can subsequently +be used to decrypt, replay, and possibly decrypt frames. See the +KRACK attacks research at krackattacks.com for attack scenarios. +In this case no machine-in-the-middle position is needed to trigger +the key reinstallation. + +Fix this by using the ptk_complete boolean to track when the 4-way +handshake has completed (similar to its usage for clients). When +receiving a retransmitted Msg4/4 accept this frame but do not reinstall +the PTK. + +Credits to Chris M. Stone, Sam Thomas, and Tom Chothia of Birmingham +University to help discover this issue. +--- + src/eapol.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/src/eapol.c b/src/eapol.c +index b0036c10..e3581cfe 100644 +--- a/src/eapol.c ++++ b/src/eapol.c +@@ -1462,7 +1462,6 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm, + memcpy(sm->handshake->snonce, ek->key_nonce, + sizeof(sm->handshake->snonce)); + sm->handshake->have_snonce = true; +- sm->handshake->ptk_complete = true; + + sm->frame_retry = 0; + +@@ -1782,7 +1781,15 @@ static void eapol_handle_ptk_4_of_4(struct eapol_sm *sm, + l_timeout_remove(sm->timeout); + sm->timeout = NULL; + +- handshake_state_install_ptk(sm->handshake); ++ /* ++ * If ptk_complete is set, then we are receiving Message 4 again. ++ * This might be a retransmission, so accept but don't install ++ * the keys again. ++ */ ++ if (!sm->handshake->ptk_complete) ++ handshake_state_install_ptk(sm->handshake); ++ ++ sm->handshake->ptk_complete = true; + } + + static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm, +@@ -2185,6 +2192,7 @@ static void eapol_auth_key_handle(struct eapol_sm *sm, + size_t frame_len = 4 + L_BE16_TO_CPU(frame->header.packet_len); + const struct eapol_key *ek = eapol_key_validate((const void *) frame, + frame_len, sm->mic_len); ++ uint16_t key_data_len; + + if (!ek) + return; +@@ -2199,7 +2207,8 @@ static void eapol_auth_key_handle(struct eapol_sm *sm, + if (!sm->handshake->have_anonce) + return; /* Not expecting an EAPoL-Key yet */ + +- if (!sm->handshake->ptk_complete) ++ key_data_len = EAPOL_KEY_DATA_LEN(ek, sm->mic_len); ++ if (key_data_len != 0) + eapol_handle_ptk_2_of_4(sm, ek); + else + eapol_handle_ptk_4_of_4(sm, ek); +-- +cgit 1.2.3-1.el7 + |