CVS commit: src/external/bsd/wpa/dist/src/eap_server
Module Name:src Committed By: christos Date: Wed Apr 10 17:49:26 UTC 2019 Modified Files: src/external/bsd/wpa/dist/src/eap_server: eap_server_pwd.c Log Message: When processing an EAP-pwd Commit frame, verify that the peer's scalar and elliptic curve element differ from the one sent by the server. This prevents reflection attacks where the adversary reflects the scalar and element sent by the server. (CVE-2019-9497) The vulnerability allows an adversary to complete the EAP-pwd handshake as any user. However, the adversary does not learn the negotiated session key, meaning the subsequent 4-way handshake would fail. As a result, this cannot be abused to bypass authentication unless EAP-pwd is used in non-WLAN cases without any following key exchange that would require the attacker to learn the MSK. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 \ src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.6 src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.7 --- src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.6 Wed Apr 10 13:48:07 2019 +++ src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c Wed Apr 10 13:49:26 2019 @@ -753,6 +753,15 @@ eap_pwd_process_commit_resp(struct eap_s } } + /* detect reflection attacks */ + if (crypto_bignum_cmp(data->my_scalar, data->peer_scalar) == 0 || + crypto_ec_point_cmp(data->grp->group, data->my_element, +data->peer_element) == 0) { + wpa_printf(MSG_INFO, + "EAP-PWD (server): detected reflection attack!"); + goto fin; + } + /* compute the shared key, k */ if ((crypto_ec_point_mul(data->grp->group, data->grp->pwe, data->peer_scalar, K) < 0) ||
CVS commit: src/external/bsd/wpa/dist/src/eap_server
Module Name:src Committed By: christos Date: Sat May 9 19:50:41 UTC 2015 Modified Files: src/external/bsd/wpa/dist/src/eap_server: eap_server_pwd.c Log Message: The remaining number of bytes in the message could be smaller than the Total-Length field size, so the length needs to be explicitly checked prior to reading the field and decrementing the len variable. This could have resulted in the remaining length becoming negative and interpreted as a huge positive integer. In addition, check that there is no already started fragment in progress before allocating a new buffer for reassembling fragments. This avoid a potential memory leak when processing invalid message. XXX: pullup-7 To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 \ src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.2 src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.3 --- src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.2 Sat May 9 15:47:35 2015 +++ src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c Sat May 9 15:50:41 2015 @@ -913,11 +913,21 @@ static void eap_pwd_process(struct eap_s * the first fragment has a total length */ if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) { + if (len < 2) { + wpa_printf(MSG_DEBUG, + "EAP-pwd: Frame too short to contain Total-Length field"); + return; + } tot_len = WPA_GET_BE16(pos); wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments, total " "length = %d", tot_len); if (tot_len > 15000) return; + if (data->inbuf) { + wpa_printf(MSG_DEBUG, + "EAP-pwd: Unexpected new fragment start when previous fragment is still in use"); + return; + } data->inbuf = wpabuf_alloc(tot_len); if (data->inbuf == NULL) { wpa_printf(MSG_INFO, "EAP-pwd: Out of memory to "
CVS commit: src/external/bsd/wpa/dist/src/eap_server
Module Name:src Committed By: christos Date: Sat May 9 19:47:35 UTC 2015 Modified Files: src/external/bsd/wpa/dist/src/eap_server: eap_server_pwd.c Log Message: The length of the received Commit and Confirm message payloads was not checked before reading them. This could result in a buffer read overflow when processing an invalid message. Fix this by verifying that the payload is of expected length before processing it. In addition, enforce correct state transition sequence to make sure there is no unexpected behavior if receiving a Commit/Confirm message before the previous exchanges have been completed. Thanks to Kostya Kortchinsky of Google security team for discovering and reporting this issue. XXX: pullup-7 To generate a diff of this commit: cvs rdiff -u -r1.1.1.4 -r1.2 \ src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.1.1.4 src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.2 --- src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.1.1.4 Wed Apr 1 15:24:46 2015 +++ src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c Sat May 9 15:47:35 2015 @@ -634,9 +634,21 @@ eap_pwd_process_commit_resp(struct eap_s BIGNUM *x = NULL, *y = NULL, *cofactor = NULL; EC_POINT *K = NULL, *point = NULL; int res = 0; + size_t prime_len, order_len; wpa_printf(MSG_DEBUG, "EAP-pwd: Received commit response"); + prime_len = BN_num_bytes(data->grp->prime); + order_len = BN_num_bytes(data->grp->order); + + if (payload_len != 2 * prime_len + order_len) { + wpa_printf(MSG_INFO, + "EAP-pwd: Unexpected Commit payload length %u (expected %u)", + (unsigned int) payload_len, + (unsigned int) (2 * prime_len + order_len)); + goto fin; + } + if (((data->peer_scalar = BN_new()) == NULL) || ((data->k = BN_new()) == NULL) || ((cofactor = BN_new()) == NULL) ||
CVS commit: src/external/bsd/wpa/dist/src/eap_server
Module Name:src Committed By: joerg Date: Sat Apr 11 21:14:13 UTC 2015 Modified Files: src/external/bsd/wpa/dist/src/eap_server: eap_server.c Log Message: Cast enum. To generate a diff of this commit: cvs rdiff -u -r1.1.1.5 -r1.2 \ src/external/bsd/wpa/dist/src/eap_server/eap_server.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/src/eap_server/eap_server.c diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server.c:1.1.1.5 src/external/bsd/wpa/dist/src/eap_server/eap_server.c:1.2 --- src/external/bsd/wpa/dist/src/eap_server/eap_server.c:1.1.1.5 Wed Apr 1 19:24:46 2015 +++ src/external/bsd/wpa/dist/src/eap_server/eap_server.c Sat Apr 11 21:14:13 2015 @@ -96,7 +96,7 @@ static struct wpabuf * eap_sm_buildIniti plen += 2 + domain_len; } - msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_ERP_TYPE_REAUTH_START, plen, + msg = eap_msg_alloc(EAP_VENDOR_IETF, (EapType)EAP_ERP_TYPE_REAUTH_START, plen, EAP_CODE_INITIATE, id); if (msg == NULL) return NULL;
CVS commit: src/external/bsd/wpa/dist/src/eap_server
Module Name:src Committed By: christos Date: Mon Oct 8 14:03:09 UTC 2012 Modified Files: src/external/bsd/wpa/dist/src/eap_server: eap_server_tls_common.c Log Message: EXP-TLS server: Fix TLS Message Length validation: http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;\ h=586c446e0ff42ae00315b014924ec669023bd8de http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.2 \ src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.1.1.2 src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.2 --- src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.1.1.2 Sun Oct 7 19:47:03 2012 +++ src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c Mon Oct 8 10:03:09 2012 @@ -223,6 +223,12 @@ static int eap_server_tls_process_fragme " over 64 kB)"); return -1; } + if (len > message_length) { + wpa_printf(MSG_INFO, "SSL: Too much data (%zu bytes) " + "in first fragment of frame (TLS Message " + "Length %u bytes)", len, message_length); + return -1; + } data->tls_in = wpabuf_alloc(message_length); if (data->tls_in == NULL) {