Update to version 2.6 from upstream

- Remove patch for CVE-2016-4476, now included in base tarball
This commit is contained in:
John W. Linville 2016-10-03 10:03:17 -04:00
parent 651886bf2d
commit 7ba6f03377
4 changed files with 8 additions and 92 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
/hostapd-2.5.tar.gz /hostapd-2.6.tar.gz

View File

@ -1,82 +0,0 @@
From ecbb0b3dc122b0d290987cf9c84010bbe53e1022 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri, 4 Mar 2016 17:20:18 +0200
Subject: [PATCH] WPS: Reject a Credential with invalid passphrase
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a Credential received from a WPS Registrar both as
STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
WPA2PSK authentication type and includes an invalid passphrase.
This fixes an issue where hostapd or wpa_supplicant could have updated
the configuration file PSK/passphrase parameter with arbitrary data from
an external device (Registrar) that may not be fully trusted. Should
such data include a newline character, the resulting configuration file
could become invalid and fail to be parsed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
src/utils/common.c | 12 ++++++++++++
src/utils/common.h | 1 +
src/wps/wps_attr_process.c | 10 ++++++++++
3 files changed, 23 insertions(+)
diff --git a/src/utils/common.c b/src/utils/common.c
index 450e2c6..27b7c02 100644
--- a/src/utils/common.c
+++ b/src/utils/common.c
@@ -697,6 +697,18 @@ int is_hex(const u8 *data, size_t len)
}
+int has_ctrl_char(const u8 *data, size_t len)
+{
+ size_t i;
+
+ for (i = 0; i < len; i++) {
+ if (data[i] < 32 || data[i] == 127)
+ return 1;
+ }
+ return 0;
+}
+
+
size_t merge_byte_arrays(u8 *res, size_t res_len,
const u8 *src1, size_t src1_len,
const u8 *src2, size_t src2_len)
diff --git a/src/utils/common.h b/src/utils/common.h
index 701dbb2..a972240 100644
--- a/src/utils/common.h
+++ b/src/utils/common.h
@@ -488,6 +488,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
char * wpa_config_parse_string(const char *value, size_t *len);
int is_hex(const u8 *data, size_t len);
+int has_ctrl_char(const u8 *data, size_t len);
size_t merge_byte_arrays(u8 *res, size_t res_len,
const u8 *src1, size_t src1_len,
const u8 *src2, size_t src2_len);
diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
index eadb22f..e8c4579 100644
--- a/src/wps/wps_attr_process.c
+++ b/src/wps/wps_attr_process.c
@@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struct wps_credential *cred)
cred->key_len--;
#endif /* CONFIG_WPS_STRICT */
}
+
+
+ if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
+ (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) {
+ wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase");
+ wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
+ cred->key, cred->key_len);
+ return -1;
+ }
+
return 0;
}
--
1.9.1

View File

@ -1,8 +1,8 @@
%global _hardened_build 1 %global _hardened_build 1
Name: hostapd Name: hostapd
Version: 2.5 Version: 2.6
Release: 5%{?dist} Release: 1%{?dist}
Summary: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Summary: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
License: BSD License: BSD
URL: http://w1.fi/hostapd URL: http://w1.fi/hostapd
@ -13,9 +13,6 @@ Source2: %{name}.conf
Source3: %{name}.sysconfig Source3: %{name}.sysconfig
Source4: %{name}.init Source4: %{name}.init
# CVE-2016-4476 (not actually necessary, since WPS not enabled)
Patch0: WPS-Reject-a-Credential-with-invalid-passphrase.patch
BuildRequires: libnl3-devel BuildRequires: libnl3-devel
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: perl-generators BuildRequires: perl-generators
@ -54,9 +51,6 @@ Logwatch scripts for hostapd.
%prep %prep
%setup -q %setup -q
# CVE-2016-4476
%patch0 -p1
%build %build
cd hostapd cd hostapd
cat defconfig | sed \ cat defconfig | sed \
@ -175,6 +169,10 @@ fi
%{_sysconfdir}/logwatch/scripts/services/%{name} %{_sysconfdir}/logwatch/scripts/services/%{name}
%changelog %changelog
* Mon Oct 03 2016 John W. Linville <linville@redhat.com> - 2.6-1
- Update to version 2.6 from upstream
- Remove patch for CVE-2016-4476, now included in base tarball
* Fri Jul 15 2016 John W. Linville <linville@redhat.com> - 2.5-5 * Fri Jul 15 2016 John W. Linville <linville@redhat.com> - 2.5-5
- Bump NVR and rebuild to resolve GLIBC_2.24 symbol issue - Bump NVR and rebuild to resolve GLIBC_2.24 symbol issue

View File

@ -1 +1 @@
69f9cec3f76d74f402864a43e4f8624f hostapd-2.5.tar.gz eaa56dce9bd8f1d195eb62596eab34c7 hostapd-2.6.tar.gz