Author: cy Date: Thu Jul 19 19:22:26 2018 New Revision: 336501 URL: https://svnweb.freebsd.org/changeset/base/336501
Log: MFV: r336486 Prevent reinstallation of an already in-use group key. Upline git commit cb5132bb35698cc0c743e34fe0e845dfc4c3e410. Obtained from: https://w1.fi/security/2017-1/\ rebased-v2.6-0002-Prevent-reinstallation-\ of-an-already-in-use-group-ke.patch X-MFC-with: r336203 Modified: head/contrib/wpa/src/rsn_supp/wpa.c Directory Properties: head/contrib/wpa/ (props changed) Modified: head/contrib/wpa/src/rsn_supp/wpa.c ============================================================================== --- head/contrib/wpa/src/rsn_supp/wpa.c Thu Jul 19 19:07:25 2018 (r336500) +++ head/contrib/wpa/src/rsn_supp/wpa.c Thu Jul 19 19:22:26 2018 (r336501) @@ -943,6 +943,15 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, return -1; igtk = (const struct wpa_igtk_kde *) ie->igtk; + keyidx = WPA_GET_LE16(igtk->keyid); + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " + "pn %02x%02x%02x%02x%02x%02x", + keyidx, MAC2STR(igtk->pn)); + wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", + igtk->igtk, len); + if (keyidx > 4095) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Invalid IGTK KeyID %d", keyidx); if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) return -1; } @@ -3023,6 +3032,23 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 sub } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { const struct wpa_igtk_kde *igtk; + os_memset(&igd, 0, sizeof(igd)); + keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); + os_memcpy(igd.keyid, buf + 2, 2); + os_memcpy(igd.pn, buf + 4, 6); + + keyidx = WPA_GET_LE16(igd.keyid); + os_memcpy(igd.igtk, buf + 10, keylen); + + wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", + igd.igtk, keylen); + if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), + broadcast_ether_addr, + keyidx, 0, igd.pn, sizeof(igd.pn), + igd.igtk, keylen) < 0) { + wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " + "WNM mode"); + os_memset(&igd, 0, sizeof(igd)); igtk = (const struct wpa_igtk_kde *) (buf + 2); if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) return -1; _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"