commit hostapd for openSUSE:Factory

Tue, 23 Oct 2018 11:38:48 -0700 

Hello community,

here is the log from the commit of package hostapd for openSUSE:Factory checked 
in at 2018-10-23 20:38:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/hostapd (Old)
 and      /work/SRC/openSUSE:Factory/.hostapd.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "hostapd"

Tue Oct 23 20:38:15 2018 rev:33 rq:643671 version:2.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/hostapd/hostapd.changes  2017-10-19 
19:34:13.231026770 +0200
+++ /work/SRC/openSUSE:Factory/.hostapd.new/hostapd.changes     2018-10-23 
20:38:22.184689147 +0200
@@ -1,0 +2,6 @@
+Fri Oct 19 10:32:25 UTC 2018 - Karol Babioch <[email protected]>
+
+- Added 
rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
+  Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526, 
bsc#1104205).
+
+-------------------------------------------------------------------

New:
----
  rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ hostapd.spec ++++++
--- /var/tmp/diff_new_pack.vOUHv5/_old  2018-10-23 20:38:24.428686466 +0200
+++ /var/tmp/diff_new_pack.vOUHv5/_new  2018-10-23 20:38:24.432686461 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package hostapd
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -24,7 +24,7 @@
 BuildRequires:  pkgconfig(libnl-3.0) >= 3.0
 BuildRequires:  pkgconfig(systemd)
 Summary:        Turns Your WLAN Card into a WPA capable Access Point
-License:        GPL-2.0 or BSD-3-Clause
+License:        GPL-2.0-only OR BSD-3-Clause
 Group:          Hardware/Wifi
 Version:        2.6
 Release:        0
@@ -40,6 +40,7 @@
 Patch5:         
rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
 Patch6:         rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
 Patch7:         
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+Patch8:         
rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
 %{?systemd_requires}
 
 %description
@@ -61,6 +62,7 @@
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
 
 cd hostapd
 cp defconfig .config

++++++ 
rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch 
++++++
>From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <[email protected]>
Date: Sun, 15 Jul 2018 01:25:53 +0200
Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data

Ignore unauthenticated encrypted EAPOL-Key data in supplicant
processing. When using WPA2, these are frames that have the Encrypted
flag set, but not the MIC flag.

When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
not the MIC flag, had their data field decrypted without first verifying
the MIC. In case the data field was encrypted using RC4 (i.e., when
negotiating TKIP as the pairwise cipher), this meant that
unauthenticated but decrypted data would then be processed. An adversary
could abuse this as a decryption oracle to recover sensitive information
in the data field of EAPOL-Key messages (e.g., the group key).
(CVE-2018-14526)

Signed-off-by: Mathy Vanhoef <[email protected]>
---
 src/rsn_supp/wpa.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c 
wpa_supplicant-2.6/src/rsn_supp/wpa.c
--- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c  2016-10-02 21:51:11.000000000 
+0300
+++ wpa_supplicant-2.6/src/rsn_supp/wpa.c       2018-08-08 16:55:11.506831029 
+0300
@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c
 
        if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
            (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+               /*
+                * Only decrypt the Key Data field if the frame's authenticity
+                * was verified. When using AES-SIV (FILS), the MIC flag is not
+                * set, so this check should only be performed if mic_len != 0
+                * which is the case in this code branch.
+                */
+               if (!(key_info & WPA_KEY_INFO_MIC)) {
+                       wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+                               "WPA: Ignore EAPOL-Key with encrypted but 
unauthenticated data");
+                       goto out;
+               }
                if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
                                                    &key_data_len))
                        goto out;

Reply via email to