diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-04-05 15:28:33 -0400 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-04-05 19:31:28 +0000 |
commit | 193236933b0f4ab91b1625b64e2187e2db4e0e8f (patch) | |
tree | e12769d7c76d8b0517d6de3d3c72189753d253ed /poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch | |
parent | bd93df9478f2f56ffcbc8cb88f1709c735dcd85b (diff) | |
download | talos-openbmc-193236933b0f4ab91b1625b64e2187e2db4e0e8f.tar.gz talos-openbmc-193236933b0f4ab91b1625b64e2187e2db4e0e8f.zip |
reset upstream subtrees to HEAD
Reset the following subtrees on HEAD:
poky: 8217b477a1(master)
meta-xilinx: 64aa3d35ae(master)
meta-openembedded: 0435c9e193(master)
meta-raspberrypi: 490a4441ac(master)
meta-security: cb6d1c85ee(master)
Squashed patches:
meta-phosphor: drop systemd 239 patches
meta-phosphor: mrw-api: use correct install path
Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch')
-rw-r--r-- | poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch | 96 |
1 files changed, 0 insertions, 96 deletions
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch deleted file mode 100644 index 6c1948696..000000000 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch +++ /dev/null @@ -1,96 +0,0 @@ -The WPA2 four-way handshake protocol is vulnerable to replay attacks which can -result in unauthenticated clients gaining access to the network. - -Backport a number of patches from upstream to fix this. - -CVE: CVE-2017-13077 -CVE: CVE-2017-13078 -CVE: CVE-2017-13079 -CVE: CVE-2017-13080 -CVE: CVE-2017-13081 -CVE: CVE-2017-13082 -CVE: CVE-2017-13086 -CVE: CVE-2017-13087 -CVE: CVE-2017-13088 - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Fri, 29 Sep 2017 04:22:51 +0200 -Subject: [PATCH 4/8] Prevent installation of an all-zero TK - -Properly track whether a PTK has already been installed to the driver -and the TK part cleared from memory. This prevents an attacker from -trying to trick the client into installing an all-zero TK. - -This fixes the earlier fix in commit -ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the -driver in EAPOL-Key 3/4 retry case') which did not take into account -possibility of an extra message 1/4 showing up between retries of -message 3/4. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - src/common/wpa_common.h | 1 + - src/rsn_supp/wpa.c | 5 ++--- - src/rsn_supp/wpa_i.h | 1 - - 3 files changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h -index d200285..1021ccb 100644 ---- a/src/common/wpa_common.h -+++ b/src/common/wpa_common.h -@@ -215,6 +215,7 @@ struct wpa_ptk { - size_t kck_len; - size_t kek_len; - size_t tk_len; -+ int installed; /* 1 if key has already been installed to driver */ - }; - - struct wpa_gtk { -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 7a2c68d..0550a41 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, - os_memset(buf, 0, sizeof(buf)); - } - sm->tptk_set = 1; -- sm->tk_to_set = 1; - - kde = sm->assoc_wpa_ie; - kde_len = sm->assoc_wpa_ie_len; -@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, - enum wpa_alg alg; - const u8 *key_rsc; - -- if (!sm->tk_to_set) { -+ if (sm->ptk.installed) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Do not re-install same PTK to the driver"); - return 0; -@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, - - /* TK is not needed anymore in supplicant */ - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); -- sm->tk_to_set = 0; -+ sm->ptk.installed = 1; - - if (sm->wpa_ptk_rekey) { - eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index 9a54631..41f371f 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -24,7 +24,6 @@ struct wpa_sm { - struct wpa_ptk ptk, tptk; - int ptk_set, tptk_set; - unsigned int msg_3_of_4_ok:1; -- unsigned int tk_to_set:1; - u8 snonce[WPA_NONCE_LEN]; - u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ - int renew_snonce; --- -2.7.4
\ No newline at end of file |