| The WPA2 four-way handshake protocol is vulnerable to replay attacks which can |
| result in unauthenticated clients gaining access to the network. |
| |
| Backport a number of patches from upstream to fix this. |
| |
| CVE: CVE-2017-13077 |
| CVE: CVE-2017-13078 |
| CVE: CVE-2017-13079 |
| CVE: CVE-2017-13080 |
| CVE: CVE-2017-13081 |
| CVE: CVE-2017-13082 |
| CVE: CVE-2017-13086 |
| CVE: CVE-2017-13087 |
| CVE: CVE-2017-13088 |
| |
| Upstream-Status: Backport |
| Signed-off-by: Ross Burton <ross.burton@intel.com> |
| |
| From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 |
| From: Jouni Malinen <j@w1.fi> |
| Date: Fri, 22 Sep 2017 12:06:37 +0300 |
| Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames |
| |
| The driver is expected to not report a second association event without |
| the station having explicitly request a new association. As such, this |
| case should not be reachable. However, since reconfiguring the same |
| pairwise or group keys to the driver could result in nonce reuse issues, |
| be extra careful here and do an additional state check to avoid this |
| even if the local driver ends up somehow accepting an unexpected |
| Reassociation Response frame. |
| |
| Signed-off-by: Jouni Malinen <j@w1.fi> |
| --- |
| src/rsn_supp/wpa.c | 3 +++ |
| src/rsn_supp/wpa_ft.c | 8 ++++++++ |
| src/rsn_supp/wpa_i.h | 1 + |
| 3 files changed, 12 insertions(+) |
| |
| diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c |
| index 0550a41..2a53c6f 100644 |
| --- a/src/rsn_supp/wpa.c |
| +++ b/src/rsn_supp/wpa.c |
| @@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) |
| #ifdef CONFIG_TDLS |
| wpa_tdls_disassoc(sm); |
| #endif /* CONFIG_TDLS */ |
| +#ifdef CONFIG_IEEE80211R |
| + sm->ft_reassoc_completed = 0; |
| +#endif /* CONFIG_IEEE80211R */ |
| |
| /* Keys are not needed in the WPA state machine anymore */ |
| wpa_sm_drop_sa(sm); |
| diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c |
| index 205793e..d45bb45 100644 |
| --- a/src/rsn_supp/wpa_ft.c |
| +++ b/src/rsn_supp/wpa_ft.c |
| @@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, |
| u16 capab; |
| |
| sm->ft_completed = 0; |
| + sm->ft_reassoc_completed = 0; |
| |
| buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + |
| 2 + sm->r0kh_id_len + ric_ies_len + 100; |
| @@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, |
| return -1; |
| } |
| |
| + if (sm->ft_reassoc_completed) { |
| + wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); |
| + return 0; |
| + } |
| + |
| if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { |
| wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); |
| return -1; |
| @@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, |
| return -1; |
| } |
| |
| + sm->ft_reassoc_completed = 1; |
| + |
| if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) |
| return -1; |
| |
| diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h |
| index 41f371f..56f88dc 100644 |
| --- a/src/rsn_supp/wpa_i.h |
| +++ b/src/rsn_supp/wpa_i.h |
| @@ -128,6 +128,7 @@ struct wpa_sm { |
| size_t r0kh_id_len; |
| u8 r1kh_id[FT_R1KH_ID_LEN]; |
| int ft_completed; |
| + int ft_reassoc_completed; |
| int over_the_ds_in_progress; |
| u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ |
| int set_ptk_after_assoc; |
| -- |
| 2.7.4 |