--- /dev/null
+From 327b6d780f2667e99e9b74d4c064531c0208b22b Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 29 Sep 2017 04:22:51 +0200
+Subject: [PATCH 4/8] Prevent installation of an all-zero TK
+
+Properly track whether a PTK has already been installed to the driver
+and the TK part cleared from memory. This prevents an attacker from
+trying to trick the client into installing an all-zero TK.
+
+This fixes the earlier fix in commit
+ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
+driver in EAPOL-Key 3/4 retry case') which did not take into account
+possibility of an extra message 1/4 showing up between retries of
+message 3/4.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 1 +
+ src/rsn_supp/wpa.c | 6 +++---
+ src/rsn_supp/wpa_i.h | 1 -
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index 0872b12..8411686 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -219,6 +219,7 @@ struct wpa_ptk {
+ size_t kck_len;
+ size_t kek_len;
+ size_t tk_len;
++ int installed; /* 1 if key has already been installed to driver */
+ };
+
+ struct wpa_gtk {
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 3c8871d..cf9bf1c 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -594,7 +594,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+ os_memset(buf, 0, sizeof(buf));
+ }
+ sm->tptk_set = 1;
+- sm->tk_to_set = 1;
+
+ kde = sm->assoc_wpa_ie;
+ kde_len = sm->assoc_wpa_ie_len;
+@@ -701,7 +700,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+ enum wpa_alg alg;
+ const u8 *key_rsc;
+
+- if (!sm->tk_to_set) {
++ if (sm->ptk.installed) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Do not re-install same PTK to the driver");
+ return 0;
+@@ -745,7 +744,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+
+ /* TK is not needed anymore in supplicant */
+ os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+- sm->tk_to_set = 0;
++ sm->ptk.installed = 1;
+
+ if (sm->wpa_ptk_rekey) {
+ eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
+@@ -4183,6 +4182,7 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
+ * takes care of association frame encryption/decryption. */
+ /* TK is not needed anymore in supplicant */
+ os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
++ sm->ptk.installed = 1;
+
+ /* FILS HLP Container */
+ fils_process_hlp_container(sm, ie_start, end - ie_start);
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 156e6cb..3b42245 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -24,7 +24,6 @@ struct wpa_sm {
+ struct wpa_ptk ptk, tptk;
+ int ptk_set, tptk_set;
+ unsigned int msg_3_of_4_ok:1;
+- unsigned int tk_to_set:1;
+ u8 snonce[WPA_NONCE_LEN];
+ u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
+ int renew_snonce;
+--
+2.7.4
+
projects / people / pmueller / ipfire-2.x.git / blobdiff