forked from pool/hostapd
Accepting request 798136 from Base:System
OBS-URL: https://build.opensuse.org/request/show/798136 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hostapd?expand=0&rev=38
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
9adee0a9d3
73
CVE-2019-16275.patch
Normal file
73
CVE-2019-16275.patch
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jouni Malinen <j@w1.fi>
|
||||||
|
Date: Thu, 29 Aug 2019 11:52:04 +0300
|
||||||
|
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
|
||||||
|
address
|
||||||
|
|
||||||
|
Do not process any received Management frames with unexpected/invalid SA
|
||||||
|
so that we do not add any state for unexpected STA addresses or end up
|
||||||
|
sending out frames to unexpected destination. This prevents unexpected
|
||||||
|
sequences where an unprotected frame might end up causing the AP to send
|
||||||
|
out a response to another device and that other device processing the
|
||||||
|
unexpected response.
|
||||||
|
|
||||||
|
In particular, this prevents some potential denial of service cases
|
||||||
|
where the unexpected response frame from the AP might result in a
|
||||||
|
connected station dropping its association.
|
||||||
|
|
||||||
|
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||||
|
---
|
||||||
|
src/ap/drv_callbacks.c | 13 +++++++++++++
|
||||||
|
src/ap/ieee802_11.c | 12 ++++++++++++
|
||||||
|
2 files changed, 25 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
|
||||||
|
index 31587685fe3b..34ca379edc3d 100644
|
||||||
|
--- a/src/ap/drv_callbacks.c
|
||||||
|
+++ b/src/ap/drv_callbacks.c
|
||||||
|
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
|
||||||
|
"hostapd_notif_assoc: Skip event with no address");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ if (is_multicast_ether_addr(addr) ||
|
||||||
|
+ is_zero_ether_addr(addr) ||
|
||||||
|
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
|
||||||
|
+ /* Do not process any frames with unexpected/invalid SA so that
|
||||||
|
+ * we do not add any state for unexpected STA addresses or end
|
||||||
|
+ * up sending out frames to unexpected destination. */
|
||||||
|
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
|
||||||
|
+ " in received indication - ignore this indication silently",
|
||||||
|
+ __func__, MAC2STR(addr));
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
random_add_randomness(addr, ETH_ALEN);
|
||||||
|
|
||||||
|
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
|
||||||
|
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
|
||||||
|
index c85a28db44b7..e7065372e158 100644
|
||||||
|
--- a/src/ap/ieee802_11.c
|
||||||
|
+++ b/src/ap/ieee802_11.c
|
||||||
|
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
|
||||||
|
fc = le_to_host16(mgmt->frame_control);
|
||||||
|
stype = WLAN_FC_GET_STYPE(fc);
|
||||||
|
|
||||||
|
+ if (is_multicast_ether_addr(mgmt->sa) ||
|
||||||
|
+ is_zero_ether_addr(mgmt->sa) ||
|
||||||
|
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
|
||||||
|
+ /* Do not process any frames with unexpected/invalid SA so that
|
||||||
|
+ * we do not add any state for unexpected STA addresses or end
|
||||||
|
+ * up sending out frames to unexpected destination. */
|
||||||
|
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
|
||||||
|
+ " in received frame - ignore this frame silently",
|
||||||
|
+ MAC2STR(mgmt->sa));
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (stype == WLAN_FC_STYPE_BEACON) {
|
||||||
|
handle_beacon(hapd, mgmt, len, fi);
|
||||||
|
return 1;
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
||||||
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 23 22:14:35 UTC 2020 - Clemens Famulla-Conrad <cfamullaconrad@suse.com>
|
||||||
|
|
||||||
|
- Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass
|
||||||
|
(bsc#1150934)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Sep 5 17:58:05 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
Thu Sep 5 17:58:05 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package hostapd
|
# spec file for package hostapd
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2020 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -29,6 +29,7 @@ Source1: https://w1.fi/releases/hostapd-%{version}.tar.gz.asc
|
|||||||
Source2: %{name}.keyring
|
Source2: %{name}.keyring
|
||||||
Source3: config
|
Source3: config
|
||||||
Source4: hostapd.service
|
Source4: hostapd.service
|
||||||
|
Patch1: CVE-2019-16275.patch
|
||||||
BuildRequires: libnl3-devel
|
BuildRequires: libnl3-devel
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
@ -48,6 +49,7 @@ authentication via any ethernet driver.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
cp %{SOURCE3} hostapd/.config
|
cp %{SOURCE3} hostapd/.config
|
||||||
|
%autopatch -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
cd hostapd
|
cd hostapd
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user