diff options
Diffstat (limited to 'source/n/wpa_supplicant/patches')
3 files changed, 0 insertions, 304 deletions
diff --git a/source/n/wpa_supplicant/patches/Fix-openssl-1-1-private-key-callback.patch b/source/n/wpa_supplicant/patches/Fix-openssl-1-1-private-key-callback.patch deleted file mode 100644 index bee574a5c..000000000 --- a/source/n/wpa_supplicant/patches/Fix-openssl-1-1-private-key-callback.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 25b37c54a47e49d591f5752bbf0f510480402cae Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani <bgalvani@redhat.com> -Date: Sun, 9 Jul 2017 11:14:10 +0200 -Subject: [PATCH 1/2] OpenSSL: Fix private key password handling with OpenSSL - >= 1.1.0f - -Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the -callback from the SSL object instead of the one from the CTX, so let's -set the callback on both SSL and CTX. Note that -SSL_set_default_passwd_cb*() is available only in 1.1.0. - -Signed-off-by: Beniamino Galvani <bgalvani@redhat.com> -(cherry picked from commit f665c93e1d28fbab3d9127a8c3985cc32940824f) ---- - src/crypto/tls_openssl.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index c4170b6..bceb8c3 100644 ---- a/src/crypto/tls_openssl.c -+++ b/src/crypto/tls_openssl.c -@@ -2779,6 +2779,15 @@ static int tls_connection_private_key(struct tls_data *data, - } else - passwd = NULL; - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+ /* -+ * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback -+ * from the SSL object. See OpenSSL commit d61461a75253. -+ */ -+ SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb); -+ SSL_set_default_passwd_cb_userdata(conn->ssl, passwd); -+#endif /* >= 1.1.0f && !LibreSSL */ -+ /* Keep these for OpenSSL < 1.1.0f */ - SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); - SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); - -@@ -2869,6 +2878,9 @@ static int tls_connection_private_key(struct tls_data *data, - return -1; - } - ERR_clear_error(); -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+ SSL_set_default_passwd_cb(conn->ssl, NULL); -+#endif /* >= 1.1.0f && !LibreSSL */ - SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); - os_free(passwd); - --- -2.9.3 - -From b2887d6964a406eb5f88f4ad4e9764c468954382 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Mon, 17 Jul 2017 12:06:17 +0300 -Subject: [PATCH 2/2] OpenSSL: Clear default_passwd_cb more thoroughly - -Previously, the pointer to strdup passwd was left in OpenSSL library -default_passwd_cb_userdata and even the default_passwd_cb was left set -on an error path. To avoid unexpected behavior if something were to -manage to use there pointers, clear them explicitly once done with -loading of the private key. - -Signed-off-by: Jouni Malinen <j@w1.fi> -(cherry picked from commit 89971d8b1e328a2f79699c953625d1671fd40384) ---- - src/crypto/tls_openssl.c | 22 +++++++++++++++++----- - 1 file changed, 17 insertions(+), 5 deletions(-) - -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index bceb8c3..770af9e 100644 ---- a/src/crypto/tls_openssl.c -+++ b/src/crypto/tls_openssl.c -@@ -2758,6 +2758,19 @@ static int tls_connection_engine_private_key(struct tls_connection *conn) - } - - -+static void tls_clear_default_passwd_cb(SSL_CTX *ssl_ctx, SSL *ssl) -+{ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+ if (ssl) { -+ SSL_set_default_passwd_cb(ssl, NULL); -+ SSL_set_default_passwd_cb_userdata(ssl, NULL); -+ } -+#endif /* >= 1.1.0f && !LibreSSL */ -+ SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); -+ SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, NULL); -+} -+ -+ - static int tls_connection_private_key(struct tls_data *data, - struct tls_connection *conn, - const char *private_key, -@@ -2874,14 +2887,12 @@ static int tls_connection_private_key(struct tls_data *data, - if (!ok) { - tls_show_errors(MSG_INFO, __func__, - "Failed to load private key"); -+ tls_clear_default_passwd_cb(ssl_ctx, conn->ssl); - os_free(passwd); - return -1; - } - ERR_clear_error(); --#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -- SSL_set_default_passwd_cb(conn->ssl, NULL); --#endif /* >= 1.1.0f && !LibreSSL */ -- SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); -+ tls_clear_default_passwd_cb(ssl_ctx, conn->ssl); - os_free(passwd); - - if (!SSL_check_private_key(conn->ssl)) { -@@ -2924,13 +2935,14 @@ static int tls_global_private_key(struct tls_data *data, - tls_read_pkcs12(data, NULL, private_key, passwd)) { - tls_show_errors(MSG_INFO, __func__, - "Failed to load private key"); -+ tls_clear_default_passwd_cb(ssl_ctx, NULL); - os_free(passwd); - ERR_clear_error(); - return -1; - } -+ tls_clear_default_passwd_cb(ssl_ctx, NULL); - os_free(passwd); - ERR_clear_error(); -- SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); - - if (!SSL_CTX_check_private_key(ssl_ctx)) { - tls_show_errors(MSG_INFO, __func__, --- -2.9.3 - diff --git a/source/n/wpa_supplicant/patches/rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch b/source/n/wpa_supplicant/patches/rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch deleted file mode 100644 index 0c03e1dc4..000000000 --- a/source/n/wpa_supplicant/patches/rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 290834df69556b903b49f2a45671cc62b44f13bb Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani <bgalvani@redhat.com> -Date: Fri, 28 Apr 2017 17:59:30 +0200 -Subject: [PATCH] nl80211: Fix race condition in detecting MAC change - -Commit 3e0272ca00ce1df35b45e7d739dd7e935f13fd84 ('nl80211: Re-read MAC -address on RTM_NEWLINK') added the detection of external changes to MAC -address when the interface is brought up. - -If the interface state is changed quickly enough, wpa_supplicant may -receive the netlink message for the !IFF_UP event when the interface -has already been brought up and would ignore the next netlink IFF_UP -message, missing the MAC change. - -Fix this by also reloading the MAC address when a !IFF_UP event is -received with the interface up, because this implies that the -interface went down and up again, possibly changing the address. - -Signed-off-by: Beniamino Galvani <bgalvani@redhat.com> ---- - src/drivers/driver_nl80211.c | 47 +++++++++++++++++++++++++------------------- - 1 file changed, 27 insertions(+), 20 deletions(-) - -diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c -index af1cb84..24fad29 100644 ---- a/src/drivers/driver_nl80211.c -+++ b/src/drivers/driver_nl80211.c -@@ -933,6 +933,30 @@ nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len) - } - - -+static void nl80211_refresh_mac(struct wpa_driver_nl80211_data *drv, -+ int ifindex) -+{ -+ struct i802_bss *bss; -+ u8 addr[ETH_ALEN]; -+ -+ bss = get_bss_ifindex(drv, ifindex); -+ if (bss && -+ linux_get_ifhwaddr(drv->global->ioctl_sock, -+ bss->ifname, addr) < 0) { -+ wpa_printf(MSG_DEBUG, -+ "nl80211: %s: failed to re-read MAC address", -+ bss->ifname); -+ } else if (bss && os_memcmp(addr, bss->addr, ETH_ALEN) != 0) { -+ wpa_printf(MSG_DEBUG, -+ "nl80211: Own MAC address on ifindex %d (%s) changed from " -+ MACSTR " to " MACSTR, -+ ifindex, bss->ifname, -+ MAC2STR(bss->addr), MAC2STR(addr)); -+ os_memcpy(bss->addr, addr, ETH_ALEN); -+ } -+} -+ -+ - static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, - struct ifinfomsg *ifi, - u8 *buf, size_t len) -@@ -997,6 +1021,8 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, - namebuf[0] = '\0'; - if (if_indextoname(ifi->ifi_index, namebuf) && - linux_iface_up(drv->global->ioctl_sock, namebuf) > 0) { -+ /* Re-read MAC address as it may have changed */ -+ nl80211_refresh_mac(drv, ifi->ifi_index); - wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " - "event since interface %s is up", namebuf); - drv->ignore_if_down_event = 0; -@@ -1044,27 +1070,8 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, - "event since interface %s is marked " - "removed", drv->first_bss->ifname); - } else { -- struct i802_bss *bss; -- u8 addr[ETH_ALEN]; -- - /* Re-read MAC address as it may have changed */ -- bss = get_bss_ifindex(drv, ifi->ifi_index); -- if (bss && -- linux_get_ifhwaddr(drv->global->ioctl_sock, -- bss->ifname, addr) < 0) { -- wpa_printf(MSG_DEBUG, -- "nl80211: %s: failed to re-read MAC address", -- bss->ifname); -- } else if (bss && -- os_memcmp(addr, bss->addr, ETH_ALEN) != 0) { -- wpa_printf(MSG_DEBUG, -- "nl80211: Own MAC address on ifindex %d (%s) changed from " -- MACSTR " to " MACSTR, -- ifi->ifi_index, bss->ifname, -- MAC2STR(bss->addr), -- MAC2STR(addr)); -- os_memcpy(bss->addr, addr, ETH_ALEN); -- } -+ nl80211_refresh_mac(drv, ifi->ifi_index); - - wpa_printf(MSG_DEBUG, "nl80211: Interface up"); - drv->if_disabled = 0; --- -2.9.3 - diff --git a/source/n/wpa_supplicant/patches/rh1497640-pae-validate-input-before-pointer.patch b/source/n/wpa_supplicant/patches/rh1497640-pae-validate-input-before-pointer.patch deleted file mode 100644 index d99be04c3..000000000 --- a/source/n/wpa_supplicant/patches/rh1497640-pae-validate-input-before-pointer.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 0ad5893a2f1f521d44712cd395e067ccf0a397c3 Mon Sep 17 00:00:00 2001 -From: Michael Braun <michael-dev@fami-braun.de> -Date: Fri, 18 Aug 2017 01:14:28 +0200 -Subject: PAE: Validate input before pointer - -ieee802_1x_kay_decode_mkpdu() calls ieee802_1x_mka_i_in_peerlist() -before body_len has been checked on all segments. - -ieee802_1x_kay_decode_mkpdu() and ieee802_1x_mka_i_in_peerlist() might -continue and thus underflow left_len even if it finds left_len to small -(or before checking). - -Additionally, ieee802_1x_mka_dump_peer_body() might perform out of bound -reads in this case. - -Fix this by checking left_len and aborting if too small early. - -Signed-off-by: Michael Braun <michael-dev@fami-braun.de> ---- - src/pae/ieee802_1x_kay.c | 23 ++++++++++++----------- - 1 file changed, 12 insertions(+), 11 deletions(-) - -diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c -index c4bfcbc..cad0292 100644 ---- a/src/pae/ieee802_1x_kay.c -+++ b/src/pae/ieee802_1x_kay.c -@@ -964,21 +964,19 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant, - body_len = get_mka_param_body_len(hdr); - body_type = get_mka_param_body_type(hdr); - -- if (body_type != MKA_LIVE_PEER_LIST && -- body_type != MKA_POTENTIAL_PEER_LIST) -- continue; -- -- ieee802_1x_mka_dump_peer_body( -- (struct ieee802_1x_mka_peer_body *)pos); -- -- if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) { -+ if (left_len < (MKA_HDR_LEN + MKA_ALIGN_LENGTH(body_len) + DEFAULT_ICV_LEN)) { - wpa_printf(MSG_ERROR, - "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV", - left_len, MKA_HDR_LEN, -- body_len, DEFAULT_ICV_LEN); -- continue; -+ MKA_ALIGN_LENGTH(body_len), -+ DEFAULT_ICV_LEN); -+ return FALSE; - } - -+ if (body_type != MKA_LIVE_PEER_LIST && -+ body_type != MKA_POTENTIAL_PEER_LIST) -+ continue; -+ - if ((body_len % 16) != 0) { - wpa_printf(MSG_ERROR, - "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets", -@@ -986,6 +984,9 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant, - continue; - } - -+ ieee802_1x_mka_dump_peer_body( -+ (struct ieee802_1x_mka_peer_body *)pos); -+ - for (i = 0; i < body_len; - i += sizeof(struct ieee802_1x_mka_peer_id)) { - const struct ieee802_1x_mka_peer_id *peer_mi; -@@ -3018,7 +3019,7 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay, - "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV", - left_len, MKA_HDR_LEN, - body_len, DEFAULT_ICV_LEN); -- continue; -+ return -1; - } - - if (handled[body_type]) --- -cgit v0.12 - |