Am 16.10.17 um 12:38 schrieb blubee blubeeme:
> well, that's a cluster if I ever seen one.
>
> On Mon, Oct 16, 2017 at 6:35 PM, Poul-Henning Kamp <[email protected]>
> wrote:
>
>> --------
>> In message <CALM2mEmawo7q7GNYLQZPovPVP3dQun5S4Aa4J8Cw2nK8g6Ux4Q@mail.
>> gmail.com>
>> , blubee blubeeme writes:
>>
>>> Does anyone on FreeBSD know if it's affected by this?
>>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13077
>>
>> It is, same as Linux, we use the same wpa_supplicant software
The attached patch includes the official patch applied by the WPA
developers in https://w1.fi/cgit/hostap/commit/?id=a00e946 but
for our version of wpa_supplicant in /usr/src/contrib.
Regards, STefan
Index: contrib/wpa/src/rsn_supp/wpa.c
===================================================================
--- contrib/wpa/src/rsn_supp/wpa.c (Revision 324638)
+++ contrib/wpa/src/rsn_supp/wpa.c (Arbeitskopie)
@@ -1534,6 +1534,14 @@
sm->ptk_set = 1;
os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ /*
+ * This assures the same TPTK in sm->tptk can never be
+ * copied twice to sm->pkt as the new PTK. In
+ * combination with the installed flag in the wpa_ptk
+ * struct, this assures the same PTK is only installed
+ * once.
+ */
+ sm->renew_snonce = 1;
}
}
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[email protected]"
