aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2018-08-14 20:10:25 +0000
committerCy Schubert <cy@FreeBSD.org>2018-08-14 20:10:25 +0000
commit765ef8a7642d07aa9616f2b1a9cdebb8e3552f6a (patch)
tree64b930dcbd5c34a8f7aac1b4f7d94a8268aa7881
parent63696d5028b91f9fa4607f778587311502810783 (diff)
downloadsrc-765ef8a7642d07aa9616f2b1a9cdebb8e3552f6a.tar.gz
src-765ef8a7642d07aa9616f2b1a9cdebb8e3552f6a.zip
WPA: Ignore unauthenticated encrypted EAPOL-Key data
Ignore unauthenticated encrypted EAPOL-Key data in supplicant processing. When using WPA2, these are frames that have the Encrypted flag set, but not the MIC flag. When using WPA2, EAPOL-Key frames that had the Encrypted flag set but not the MIC flag, had their data field decrypted without first verifying the MIC. In case the data field was encrypted using RC4 (i.e., when negotiating TKIP as the pairwise cipher), this meant that unauthenticated but decrypted data would then be processed. An adversary could abuse this as a decryption oracle to recover sensitive information in the data field of EAPOL-Key messages (e.g., the group key). (CVE-2018-14526) Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> Obtained from: git://w1.fi/hostap.git MFC after: 1 day Security: CVE-2018-14526 Security: VuXML: 6bedc863-9fbe-11e8-945f-206a8a720317
Notes
Notes: svn path=/vendor/wpa/dist/; revision=337818
-rw-r--r--src/rsn_supp/wpa.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 2a53c6f4a55f..dcd75272151f 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -2072,6 +2072,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+ /*
+ * Only decrypt the Key Data field if the frame's authenticity
+ * was verified. When using AES-SIV (FILS), the MIC flag is not
+ * set, so this check should only be performed if mic_len != 0
+ * which is the case in this code branch.
+ */
+ if (!(key_info & WPA_KEY_INFO_MIC)) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
+ goto out;
+ }
if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
&key_data_len))
goto out;