packages/wpa_supplicant
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2019-9499

Browse Source
This commit is contained in:
sherlock2010 2020-02-03 21:17:56 +08:00
parent e8482db264
commit d72fe5adeb
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
CVE-2019-9499.patch Normal file
View File

@ -0,0 +1,30 @@
diff -Nur orig-wpa_supplicant-2.6/src/eap_peer/eap_pwd.c wpa_supplicant-2.6/src/eap_peer/eap_pwd.c
--- orig-wpa_supplicant-2.6/src/eap_peer/eap_pwd.c 2020-02-03 19:32:18.847432926 +0800
+++ wpa_supplicant-2.6/src/eap_peer/eap_pwd.c 2020-02-03 19:33:32.688400551 +0800
@@ -451,6 +451,26 @@
goto fin;
}
+ /* verify received scalar */
+ if (crypto_bignum_is_zero(data->server_scalar) ||
+ crypto_bignum_is_one(data->server_scalar) ||
+ crypto_bignum_cmp(data->server_scalar,
+ crypto_ec_get_order(data->grp->group)) >= 0) {
+ wpa_printf(MSG_INFO,
+ "EAP-PWD (peer): received scalar is invalid");
+ goto fin;
+ }
+
+ /* verify received element */
+ if (!crypto_ec_point_is_on_curve(data->grp->group,
+ data->server_element) ||
+ crypto_ec_point_is_at_infinity(data->grp->group,
+ data->server_element)) {
+ wpa_printf(MSG_INFO,
+ "EAP-PWD (peer): received element is invalid");
+ goto fin;
+ }
+
/* compute the shared key, k */
if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe,
data->server_scalar, data->bnctx)) ||

9
wpa_supplicant.spec
View File

@ -1,7 +1,7 @@
Name: wpa_supplicant
Epoch: 1
Version: 2.6
Release: 24
Release: 25
Summary: A WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN)
License: BSD
Url: https://w1.fi/wpa_supplicant/
@ -82,6 +82,7 @@ Patch6065: CVE-2019-9498-and-CVE-2019-9499.patch
Patch6066: CVE-2019-11555-1.patch
Patch6067: CVE-2019-11555-2.patch
Patch6068: https://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
Patch6069: CVE-2019-9499.patch
Patch9000: add-options-of-wpa_supplicant-service.patch
Patch9001: allow-to-override-names-of-qt4-tools.patch
@ -178,6 +179,12 @@ install -m644 %{name}/doc/docbook/*.5 %{buildroot}%{_mandir}/man5
%{_mandir}/man5/*
%changelog
* Mon Feb 03 2020 zhouyihang <zhouyihang1@huawei.com> - 1:2.6-25
- Type:cves
- ID: CVE-2019-9499
- SUG:restart
- DESC: fix CVE-2019-9499
* Mon Feb 03 2020 lihao <lihao129@huawei.com> - 1:2.6-24
- Type:cves
- ID: CVE-2018-14526