From b1172c19e1900d478f98437fdf8114a5d5a81b0c Mon Sep 17 00:00:00 2001 From: Domien Schepers Date: Thu, 5 May 2022 21:53:26 +0200 Subject: [PATCH] WPA: Discard EAPOL-Key msg 1/4 with corrupted information elements Currently a corrupted handshake message 1/4 causes the client to disconnect from the network. This can lead to a denial-of-service vulnerability allowing an adversary to forcibly disconnect a client from protected networks even when Wi-Fi Management Frame Protection (MFP) is enforced if the driver allows unencrypted EAPOL-Key frames to be received after key configuration.. Fix this by discarding the corrupted handshake message 1/4. This issue was discovered by Domien Schepers (Northeastern University) and Mathy Vanhoef (imec-DistriNet, KU Leuven). Signed-off-by: Domien Schepers --- src/rsn_supp/wpa.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index dd18236ee..7758c2393 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -694,7 +694,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, return; } - wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way " "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); @@ -704,8 +703,11 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, /* RSN: msg 1/4 should contain PMKID for the selected PMK */ wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", key_data, key_data_len); - if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) - goto failed; + if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) { + wpa_printf(MSG_DEBUG, + "RSN: Discard EAPOL-Key msg 1/4 with invalid IEs/KDEs"); + return; + } if (ie.pmkid) { wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " "Authenticator", ie.pmkid, PMKID_LEN); @@ -721,6 +723,8 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, if (res) goto failed; + wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); + if (sm->renew_snonce) { if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,