svn commit: r337829 - in releng/10.4: . contrib/wpa/src/rsn_supp share/man/man4 sys/conf
Xin LI
delphij at FreeBSD.org
Wed Aug 15 02:31:12 UTC 2018
Author: delphij
Date: Wed Aug 15 02:31:10 2018
New Revision: 337829
URL: https://svnweb.freebsd.org/changeset/base/337829
Log:
Revis manual pages. [SA-18:08.tcp]
Fix unauthenticated EAPOL-Key decryption vulnerability.
[SA-18:11.hostapd]
Approved by: so
Modified:
releng/10.4/UPDATING
releng/10.4/contrib/wpa/src/rsn_supp/wpa.c
releng/10.4/share/man/man4/tcp.4
releng/10.4/sys/conf/newvers.sh
Modified: releng/10.4/UPDATING
==============================================================================
--- releng/10.4/UPDATING Wed Aug 15 02:30:11 2018 (r337828)
+++ releng/10.4/UPDATING Wed Aug 15 02:31:10 2018 (r337829)
@@ -16,6 +16,15 @@ from older versions of FreeBSD, try WITHOUT_CLANG to b
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+
+20180814 p11 FreeBSD-SA-18:08.tcp [revised]
+ FreeBSD-SA-18:11.hostapd
+
+ Revise manual pages. [SA-18:08.tcp]
+
+ Fixeunauthenticated EAPOL-Key decryption vulnerability.
+ [SA-18:11.hostapd]
+
20180806 p10 FreeBSD-SA-18:08.tcp
Fix resource exhaustion in TCP reassembly.
Modified: releng/10.4/contrib/wpa/src/rsn_supp/wpa.c
==============================================================================
--- releng/10.4/contrib/wpa/src/rsn_supp/wpa.c Wed Aug 15 02:30:11 2018 (r337828)
+++ releng/10.4/contrib/wpa/src/rsn_supp/wpa.c Wed Aug 15 02:31:10 2018 (r337829)
@@ -1829,6 +1829,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_a
if (sm->proto == WPA_PROTO_RSN &&
(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+ /*
+ * Only decrypt the Key Data field if the frame's authenticity
+ * was verified. When using AES-SIV (FILS), the MIC flag is not
+ * set, so this check should only be performed if mic_len != 0
+ * which is the case in this code branch.
+ */
+ if (!(key_info & WPA_KEY_INFO_MIC)) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
+ goto out;
+ }
if (wpa_supplicant_decrypt_key_data(sm, key, ver))
goto out;
extra_len = WPA_GET_BE16(key->key_data_length);
Modified: releng/10.4/share/man/man4/tcp.4
==============================================================================
--- releng/10.4/share/man/man4/tcp.4 Wed Aug 15 02:30:11 2018 (r337828)
+++ releng/10.4/share/man/man4/tcp.4 Wed Aug 15 02:31:10 2018 (r337829)
@@ -38,7 +38,7 @@
.\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93
.\" $FreeBSD$
.\"
-.Dd October 13, 2014
+.Dd August 6, 2018
.Dt TCP 4
.Os
.Sh NAME
Modified: releng/10.4/sys/conf/newvers.sh
==============================================================================
--- releng/10.4/sys/conf/newvers.sh Wed Aug 15 02:30:11 2018 (r337828)
+++ releng/10.4/sys/conf/newvers.sh Wed Aug 15 02:31:10 2018 (r337829)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.4"
-BRANCH="RELEASE-p10"
+BRANCH="RELEASE-p11"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
More information about the svn-src-all
mailing list