diff options
| author | Sören Tempel <soeren+git@soeren-tempel.net> | 2017-10-16 19:47:37 +0200 |
|---|---|---|
| committer | Sören Tempel <soeren+git@soeren-tempel.net> | 2017-10-16 19:59:27 +0200 |
| commit | 82ee231e142773c618401559810f0d615d44507d (patch) | |
| tree | 3b7b8f4ec864141dc93a98415ed0307d54312f8c /main/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch | |
| parent | db3c9f1e96150c7c4066d00175c6f6148a97901e (diff) | |
| download | aports-82ee231e142773c618401559810f0d615d44507d.tar.bz2 aports-82ee231e142773c618401559810f0d615d44507d.tar.xz | |
main/wpa_supplicant: security upgrade
CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13086
CVE-2017-13087
CVE-2017-13088
See also: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Diffstat (limited to 'main/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch')
| -rw-r--r-- | main/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/main/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch b/main/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch new file mode 100644 index 0000000000..85ea1d62bc --- /dev/null +++ b/main/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch @@ -0,0 +1,43 @@ +From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Fri, 22 Sep 2017 11:25:02 +0300 +Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending + request + +Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep +Mode Response if WNM-Sleep Mode has not been used') started ignoring the +response when no WNM-Sleep Mode Request had been used during the +association. This can be made tighter by clearing the used flag when +successfully processing a response. This adds an additional layer of +protection against unexpected retransmissions of the response frame. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + wpa_supplicant/wnm_sta.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c +index 1b3409c..67a07ff 100644 +--- a/wpa_supplicant/wnm_sta.c ++++ b/wpa_supplicant/wnm_sta.c +@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, + + if (!wpa_s->wnmsleep_used) { + wpa_printf(MSG_DEBUG, +- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association"); ++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); + return; + } + +@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, + return; + } + ++ wpa_s->wnmsleep_used = 0; ++ + if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || + wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { + wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " +-- +2.7.4 + |