Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-21 22:09:23 +01:00
Code Releases Activity

ap: only accept ptk 4/4 after receiving ptk 2/4

Browse Source 
When operating as an AP, drop message 4 of the 4-way handshake if the AP
has not yet received message 2. Otherwise an attacker can skip message 2
and immediately send message 4 to bypass authentication (the AP would be
using an all-zero ptk to verify the authenticity of message 4).
This commit is contained in:
Mathy Vanhoef 2024-01-29 17:11:49 +01:00 committed by Denis Kenzior
parent 1a79092383
commit 6415420f1c
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/eapol.c
View File

@ -2092,6 +2092,10 @@ static void eapol_handle_ptk_4_of_4(struct eapol_sm *sm,
if (L_BE64_TO_CPU(ek->key_replay_counter) != sm->replay_counter)
return;
/* Ensure we received Message 2 and thus have a PTK to verify MIC */
if (!sm->handshake->have_snonce)
return;
kck = handshake_state_get_kck(sm->handshake);
if (!eapol_verify_mic(sm->handshake->akm_suite, kck, ek,