mirror of
https://git.freebsd.org/ports.git
synced 2025-06-05 04:46:28 -04:00
1eb3369d7f
These patches address the following: CVE-2015-5310 CVE-2015-5314 CVE-2015-5315 CVE-2015-5316 These patches were developed upstream and published as a response to the security advisories. PR: 208482 Requested by: Jason Unovitch
30 lines
1.1 KiB
Text
30 lines
1.1 KiB
Text
From 6b12d93d2c7428a34bfd4b3813ba339ed57b698a Mon Sep 17 00:00:00 2001
|
|
From: Jouni Malinen <j@w1.fi>
|
|
Date: Sun, 25 Oct 2015 15:45:50 +0200
|
|
Subject: [PATCH] WNM: Ignore Key Data in WNM Sleep Mode Response frame if no
|
|
PMF in use
|
|
|
|
WNM Sleep Mode Response frame is used to update GTK/IGTK only if PMF is
|
|
enabled. Verify that PMF is in use before using this field on station
|
|
side to avoid accepting unauthenticated key updates. (CVE-2015-5310)
|
|
|
|
Signed-off-by: Jouni Malinen <j@w1.fi>
|
|
---
|
|
wpa_supplicant/wnm_sta.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
--- wpa_supplicant/wnm_sta.c
|
|
+++ wpa_supplicant/wnm_sta.c
|
|
@@ -187,6 +187,12 @@ static void wnm_sleep_mode_exit_success(struct wpa_supplicant *wpa_s,
|
|
end = ptr + key_len_total;
|
|
wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total);
|
|
|
|
+ if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) {
|
|
+ wpa_msg(wpa_s, MSG_INFO,
|
|
+ "WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled");
|
|
+ return;
|
|
+ }
|
|
+
|
|
while (ptr + 1 < end) {
|
|
if (ptr + 2 + ptr[1] > end) {
|
|
wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element "
|