diff options
author | Cy Schubert <cy@FreeBSD.org> | 2018-07-19 19:22:26 +0000 |
---|---|---|
committer | Cy Schubert <cy@FreeBSD.org> | 2018-07-19 19:22:26 +0000 |
commit | e2b89ca9cb5f126f082d29ea5b50890250a0e5fd (patch) | |
tree | 9790977457fa828bb8fc807ab5c1b5e8643daa09 /contrib/wpa | |
parent | c422fbac00e326e93700d3f33f16738c3e785407 (diff) | |
parent | 259b356d9792e7304ef04897eb9cc3b8df8c2771 (diff) | |
download | src-test-e2b89ca9cb5f126f082d29ea5b50890250a0e5fd.tar.gz src-test-e2b89ca9cb5f126f082d29ea5b50890250a0e5fd.zip |
MFV: r336486
Prevent reinstallation of an already in-use group key.
Upline git commit cb5132bb35698cc0c743e34fe0e845dfc4c3e410.
Obtained from: https://w1.fi/security/2017-1/\
rebased-v2.6-0002-Prevent-reinstallation-\
of-an-already-in-use-group-ke.patch
X-MFC-with: r336203
Notes
Notes:
svn path=/head/; revision=336501
Diffstat (limited to 'contrib/wpa')
-rw-r--r-- | contrib/wpa/src/rsn_supp/wpa.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/contrib/wpa/src/rsn_supp/wpa.c b/contrib/wpa/src/rsn_supp/wpa.c index 58203783a2189..f046270a73d9f 100644 --- a/contrib/wpa/src/rsn_supp/wpa.c +++ b/contrib/wpa/src/rsn_supp/wpa.c @@ -943,6 +943,15 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, return -1; igtk = (const struct wpa_igtk_kde *) ie->igtk; + keyidx = WPA_GET_LE16(igtk->keyid); + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " + "pn %02x%02x%02x%02x%02x%02x", + keyidx, MAC2STR(igtk->pn)); + wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", + igtk->igtk, len); + if (keyidx > 4095) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Invalid IGTK KeyID %d", keyidx); if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) return -1; } @@ -3023,6 +3032,23 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { const struct wpa_igtk_kde *igtk; + os_memset(&igd, 0, sizeof(igd)); + keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); + os_memcpy(igd.keyid, buf + 2, 2); + os_memcpy(igd.pn, buf + 4, 6); + + keyidx = WPA_GET_LE16(igd.keyid); + os_memcpy(igd.igtk, buf + 10, keylen); + + wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", + igd.igtk, keylen); + if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), + broadcast_ether_addr, + keyidx, 0, igd.pn, sizeof(igd.pn), + igd.igtk, keylen) < 0) { + wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " + "WNM mode"); + os_memset(&igd, 0, sizeof(igd)); igtk = (const struct wpa_igtk_kde *) (buf + 2); if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) return -1; |