diff options
| author | Mathy Vanhoef <vanhoefm@gmail.com> | 2024-01-29 17:11:49 +0100 |
|---|---|---|
| committer | Denis Kenzior <denkenz@gmail.com> | 2024-01-29 21:00:00 -0600 |
| commit | 6415420f1c92012f64063c131480ffcef58e60ca (patch) | |
| tree | 002c738107c15564f6d241c1cb0f346909a07327 | |
| parent | 1a79092383f4bbe05eaab80b5f0f148e38ace2cf (diff) | |
ap: only accept ptk 4/4 after receiving ptk 2/4
When operating as an AP, drop message 4 of the 4-way handshake if the AP
has not yet received message 2. Otherwise an attacker can skip message 2
and immediately send message 4 to bypass authentication (the AP would be
using an all-zero ptk to verify the authenticity of message 4).
| -rw-r--r-- | src/eapol.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/eapol.c b/src/eapol.c index bad4bbb7e..3ce14d5c0 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -2092,6 +2092,10 @@ static void eapol_handle_ptk_4_of_4(struct eapol_sm *sm, if (L_BE64_TO_CPU(ek->key_replay_counter) != sm->replay_counter) return; + /* Ensure we received Message 2 and thus have a PTK to verify MIC */ + if (!sm->handshake->have_snonce) + return; + kck = handshake_state_get_kck(sm->handshake); if (!eapol_verify_mic(sm->handshake->akm_suite, kck, ek, |