From 58bc16142045b83684c6e9f40b0a794b17810444 Mon Sep 17 00:00:00 2001 From: delphij Date: Wed, 15 Aug 2018 05:05:02 +0000 Subject: [PATCH] Fix unauthenticated EAPOL-Key decryption vulnerability. [SA-18:11.hostapd] Approved by: so git-svn-id: svn://svn.freebsd.org/base/stable/10@337832 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- contrib/wpa/src/rsn_supp/wpa.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/contrib/wpa/src/rsn_supp/wpa.c b/contrib/wpa/src/rsn_supp/wpa.c index 65f28f345..7d043259b 100644 --- a/contrib/wpa/src/rsn_supp/wpa.c +++ b/contrib/wpa/src/rsn_supp/wpa.c @@ -1829,6 +1829,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, if (sm->proto == WPA_PROTO_RSN && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { + /* + * Only decrypt the Key Data field if the frame's authenticity + * was verified. When using AES-SIV (FILS), the MIC flag is not + * set, so this check should only be performed if mic_len != 0 + * which is the case in this code branch. + */ + if (!(key_info & WPA_KEY_INFO_MIC)) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data"); + goto out; + } if (wpa_supplicant_decrypt_key_data(sm, key, ver)) goto out; extra_len = WPA_GET_BE16(key->key_data_length); -- 2.45.0