Re: pull-request: mac80211 2017-10-16
On Tue, Oct 17, 2017 at 7:46 AM, Johannes Berg wrote: > If it's not equal, you execute so much code > beneath, going to the driver etc., that I'd think this particular time > is in the noise. Usually presumptions like this get you in trouble when some crafty academic has a smart idea about that noise. I'll send a patch.
Re: pull-request: mac80211 2017-10-16
On Tue, 2017-10-17 at 01:30 +0200, Jason A. Donenfeld wrote: > Mobile phone right now, so not able to write patch, but you probably > should be using crypto_memneq for comparing those two keys, not > memcmp. I know that's a gut instinct, but I really don't see the point. If you actually get this to evaluate to "equal", you're already being attacked, and the attacker already knows they're trying to get the same key to be installed again. If it's not equal, you execute so much code beneath, going to the driver etc., that I'd think this particular time is in the noise. Also, this isn't something that the attacker can directly observe anyway, and if they can, then surely the fact that we *skip* a large amount of code when returning 0 is also observable. Besides, the only thing that can observe the timing is hostapd or wpa_supplicant, which obviously know the key (and in the fixed versions will already have done the comparison themselves). And lastly, if you wanted to use this as an oracle to get the key back from the kernel, then you already have admin permissions (in your network namespace), and can just sniff netlink traffic anyway. johannes
Re: pull-request: mac80211 2017-10-16
Mobile phone right now, so not able to write patch, but you probably should be using crypto_memneq for comparing those two keys, not memcmp. Jason
Re: pull-request: mac80211 2017-10-16
From: Johannes Berg Date: Mon, 16 Oct 2017 15:46:17 +0200 > Here's a fix, for a small part of the "KRACK" announced today > (krackattacks.com). > > Please pull and let me know if there's any problem. Pulled.
pull-request: mac80211 2017-10-16
Hi Dave, Here's a fix, for a small part of the "KRACK" announced today (krackattacks.com). Please pull and let me know if there's any problem. Thanks, johannes The following changes since commit c0576e3975084d4699b7bfef578613fb8e1144f6: net: call cgroup_sk_alloc() earlier in sk_clone_lock() (2017-10-10 20:24:29 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git tags/mac80211-for-davem-2017-10-16 for you to fetch changes up to fdf7cb4185b60c68e1a75e61691c4afdc15dea0e: mac80211: accept key reinstall without changing anything (2017-10-16 13:02:03 +0200) Just a single fix, for a WoWLAN-related part of CVE-2017-13080. Johannes Berg (1): mac80211: accept key reinstall without changing anything net/mac80211/key.c | 21 + 1 file changed, 17 insertions(+), 4 deletions(-)