GNU bug report logs -
#32402
[PATCH] gnu: wpa_supplicant: Fix CVE-2018-14526.
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Wed, 8 Aug 2018 15:38:01 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 32402 in the body.
You can then email your comments to 32402 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#32402; Package
guix-patches.
(Wed, 08 Aug 2018 15:38:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Wed, 08 Aug 2018 15:38:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
I've built all the wpa_supplicant packages but don't have a way to test
this change.
* gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/admin.scm | 1 +
.../wpa-supplicant-CVE-2018-14526.patch | 53 +++++++++++++++++++
3 files changed, 55 insertions(+)
create mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index ef28cf032..6fd0d40fb 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1213,6 +1213,7 @@ dist_patch_DATA = \
%D%/packages/patches/wordnet-CVE-2008-3908-pt1.patch \
%D%/packages/patches/wordnet-CVE-2008-3908-pt2.patch \
%D%/packages/patches/wpa-supplicant-CVE-2017-13082.patch \
+ %D%/packages/patches/wpa-supplicant-CVE-2018-14526.patch \
%D%/packages/patches/wpa-supplicant-fix-key-reuse.patch \
%D%/packages/patches/wpa-supplicant-fix-zeroed-keys.patch \
%D%/packages/patches/wpa-supplicant-fix-nonce-reuse.patch \
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 73772166a..edc1349c4 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1048,6 +1048,7 @@ commands and their arguments.")
version
".tar.gz"))
(patches (search-patches "wpa-supplicant-CVE-2017-13082.patch"
+ "wpa-supplicant-CVE-2018-14526.patch"
"wpa-supplicant-fix-key-reuse.patch"
"wpa-supplicant-fix-zeroed-keys.patch"
"wpa-supplicant-fix-nonce-reuse.patch"
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch b/gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch
new file mode 100644
index 000000000..d3d5cbc46
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch
@@ -0,0 +1,53 @@
+Fix CVE-2018-14526:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526
+https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
+
+Patch downloaded from upstream:
+
+https://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
+
+From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef <at> cs.kuleuven.be>
+Date: Sun, 15 Jul 2018 01:25:53 +0200
+Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data
+
+Ignore unauthenticated encrypted EAPOL-Key data in supplicant
+processing. When using WPA2, these are frames that have the Encrypted
+flag set, but not the MIC flag.
+
+When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
+not the MIC flag, had their data field decrypted without first verifying
+the MIC. In case the data field was encrypted using RC4 (i.e., when
+negotiating TKIP as the pairwise cipher), this meant that
+unauthenticated but decrypted data would then be processed. An adversary
+could abuse this as a decryption oracle to recover sensitive information
+in the data field of EAPOL-Key messages (e.g., the group key).
+(CVE-2018-14526)
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef <at> cs.kuleuven.be>
+---
+ src/rsn_supp/wpa.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c wpa_supplicant-2.6/src/rsn_supp/wpa.c
+--- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c 2016-10-02 21:51:11.000000000 +0300
++++ wpa_supplicant-2.6/src/rsn_supp/wpa.c 2018-08-08 16:55:11.506831029 +0300
+@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c
+
+ if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
+ (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
++ /*
++ * Only decrypt the Key Data field if the frame's authenticity
++ * was verified. When using AES-SIV (FILS), the MIC flag is not
++ * set, so this check should only be performed if mic_len != 0
++ * which is the case in this code branch.
++ */
++ if (!(key_info & WPA_KEY_INFO_MIC)) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
++ goto out;
++ }
+ if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
+ &key_data_len))
+ goto out;
--
2.18.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#32402; Package
guix-patches.
(Thu, 09 Aug 2018 20:33:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 32402 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:
> I've built all the wpa_supplicant packages but don't have a way to test
> this change.
>
> * gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Use it.
I haven't tested this yet, but looks good to me! You'll be the first to
know if my wifi breaks ;-)
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Leo Famulari <leo <at> famulari.name>:
You have taken responsibility.
(Thu, 09 Aug 2018 22:23:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer.
(Thu, 09 Aug 2018 22:23:03 GMT)
Full text and
rfc822 format available.
Message #13 received at 32402-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Thu, Aug 09, 2018 at 10:32:15PM +0200, Marius Bakke wrote:
> Leo Famulari <leo <at> famulari.name> writes:
>
> > I've built all the wpa_supplicant packages but don't have a way to test
> > this change.
> >
> > * gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Use it.
>
> I haven't tested this yet, but looks good to me! You'll be the first to
> know if my wifi breaks ;-)
I was finally able to test it. Works for me, pushed as
4e23e8d80913fc2a69e97b29b5640e745b0d550b
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 07 Sep 2018 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 6 years and 288 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.