From 6415420f1c92012f64063c131480ffcef58e60ca Mon Sep 17 00:00:00 2001 From: Mathy Vanhoef Date: Mon, 29 Jan 2024 17:11:49 +0100 Subject: [PATCH] ap: only accept ptk 4/4 after receiving ptk 2/4 When operating as an AP, drop message 4 of the 4-way handshake if the AP has not yet received message 2. Otherwise an attacker can skip message 2 and immediately send message 4 to bypass authentication (the AP would be using an all-zero ptk to verify the authenticity of message 4). --- src/eapol.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/eapol.c b/src/eapol.c index bad4bbb7..3ce14d5c 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -2092,6 +2092,10 @@ static void eapol_handle_ptk_4_of_4(struct eapol_sm *sm, if (L_BE64_TO_CPU(ek->key_replay_counter) != sm->replay_counter) return; + /* Ensure we received Message 2 and thus have a PTK to verify MIC */ + if (!sm->handshake->have_snonce) + return; + kck = handshake_state_get_kck(sm->handshake); if (!eapol_verify_mic(sm->handshake->akm_suite, kck, ek,