2127425434
While these changes are not included in the advisory, upstream encourages users to merge them. See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
From a00e946c1c9a1f9cc65c72900d2a444ceb1f872e Mon Sep 17 00:00:00 2001
|
|
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
|
|
Date: Thu, 5 Oct 2017 23:53:01 +0200
|
|
Subject: [PATCH] WPA: Extra defense against PTK reinstalls in 4-way handshake
|
|
|
|
Currently, reinstallations of the PTK are prevented by (1) assuring the
|
|
same TPTK is only set once as the PTK, and (2) that one particular PTK
|
|
is only installed once. This patch makes it more explicit that point (1)
|
|
is required to prevent key reinstallations. At the same time, this patch
|
|
hardens wpa_supplicant such that future changes do not accidentally
|
|
break this property.
|
|
|
|
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
|
|
---
|
|
src/rsn_supp/wpa.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
--- a/src/rsn_supp/wpa.c
|
|
+++ b/src/rsn_supp/wpa.c
|
|
@@ -1728,6 +1728,14 @@ static int wpa_supplicant_verify_eapol_k
|
|
sm->ptk_set = 1;
|
|
os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
|
|
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
|
|
+ /*
|
|
+ * This assures the same TPTK in sm->tptk can never be
|
|
+ * copied twice to sm->pkt as the new PTK. In
|
|
+ * combination with the installed flag in the wpa_ptk
|
|
+ * struct, this assures the same PTK is only installed
|
|
+ * once.
|
|
+ */
|
|
+ sm->renew_snonce = 1;
|
|
}
|
|
}
|
|
|