1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-25 00:51:21 +00:00

MFH: r568629

security/wpa_supplicant: fix for P2P provision vulnerability

Latest version available from: https://w1.fi/security/2021-1/

Vulnerability

A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.

Vulnerable versions/configurations

wpa_supplicant v1.0-v2.9 with CONFIG_P2P build option enabled

An attacker (or a system controlled by the attacker) needs to be within
radio range of the vulnerable system to send a set of suitably
constructed management frames that trigger the corner case to be reached
in the management of the P2P peer table.

Note: The P2P option is not default.

Security:	https://w1.fi/security/2021-1/\
	wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
This commit is contained in:
Cy Schubert 2021-03-17 19:33:46 +00:00
parent 84bc1563e2
commit 9eefc17f08
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/branches/2021Q1/; revision=568685
2 changed files with 8 additions and 4 deletions

View File

@ -2,14 +2,16 @@
PORTNAME= wpa_supplicant PORTNAME= wpa_supplicant
PORTVERSION= 2.9 PORTVERSION= 2.9
PORTREVISION= 7 PORTREVISION= 10
CATEGORIES= security net CATEGORIES= security net
MASTER_SITES= https://w1.fi/releases/ MASTER_SITES= https://w1.fi/releases/
PATCH_SITES= https://w1.fi/security/2020-1/ PATCH_SITES= https://w1.fi/security/2020-1/ \
https://w1.fi/security/2021-1/
PATCHFILES= 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch:-p1 \ PATCHFILES= 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch:-p1 \
0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch:-p1 \ 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch:-p1 \
0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch:-p1 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch:-p1 \
0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch:-p1
MAINTAINER= cy@FreeBSD.org MAINTAINER= cy@FreeBSD.org
COMMENT= Supplicant (client) for WPA/802.1x protocols COMMENT= Supplicant (client) for WPA/802.1x protocols

View File

@ -1,4 +1,4 @@
TIMESTAMP = 1591652317 TIMESTAMP = 1615939959
SHA256 (wpa_supplicant-2.9.tar.gz) = fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17 SHA256 (wpa_supplicant-2.9.tar.gz) = fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17
SIZE (wpa_supplicant-2.9.tar.gz) = 3231785 SIZE (wpa_supplicant-2.9.tar.gz) = 3231785
SHA256 (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7 SHA256 (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7
@ -7,3 +7,5 @@ SHA256 (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 49feb
SIZE (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 2284 SIZE (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 2284
SHA256 (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a SHA256 (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a
SIZE (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = 1553 SIZE (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = 1553
SHA256 (0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch) = 7f40cfec5faf5e927ea9028ab9392cd118685bde7229ad24210caf0a8f6e9611
SIZE (0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch) = 1751