lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEg-Je_=R_SXXsu6PGT=fBpAO33Usw4YDLEW4EyyyFtsFzdszQ@mail.gmail.com>
Date: Wed, 7 Aug 2024 04:09:41 -0400
From: Neal Gompa <neal@...pa.dev>
To: Janne Grunau <j@...nau.net>
Cc: Arend van Spriel <arend.vanspriel@...adcom.com>, Kalle Valo <kvalo@...nel.org>, 
	Hector Martin <marcan@...can.st>, Linus Walleij <linus.walleij@...aro.org>, 
	linux-wireless@...r.kernel.org, brcm80211@...ts.linux.dev, 
	brcm80211-dev-list.pdl@...adcom.com, linux-kernel@...r.kernel.org, 
	asahi@...ts.linux.dev, stable@...r.kernel.org
Subject: Re: [PATCH] wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion

On Sat, Aug 3, 2024 at 3:53 PM Janne Grunau via B4 Relay
<devnull+j.jannau.net@...nel.org> wrote:
>
> From: Janne Grunau <j@...nau.net>
>
> wpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the
> driver for SAE/OWE offload cases") SSID based PMKSA del commands.
> brcmfmac is not prepared and tries to dereference the NULL bssid and
> pmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based
> updates so copy the SSID.
>
> Fixes: a96202acaea4 ("wifi: brcmfmac: cfg80211: Add support for PMKID_V3 operations")
> Cc: stable@...r.kernel.org
> Signed-off-by: Janne Grunau <j@...nau.net>
> ---
>  drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 13 ++++++++++---
>  1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> index 5fe0e671ecb3..826b768196e2 100644
> --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> @@ -4320,9 +4320,16 @@ brcmf_pmksa_v3_op(struct brcmf_if *ifp, struct cfg80211_pmksa *pmksa,
>                 /* Single PMK operation */
>                 pmk_op->count = cpu_to_le16(1);
>                 length += sizeof(struct brcmf_pmksa_v3);
> -               memcpy(pmk_op->pmk[0].bssid, pmksa->bssid, ETH_ALEN);
> -               memcpy(pmk_op->pmk[0].pmkid, pmksa->pmkid, WLAN_PMKID_LEN);
> -               pmk_op->pmk[0].pmkid_len = WLAN_PMKID_LEN;
> +               if (pmksa->bssid)
> +                       memcpy(pmk_op->pmk[0].bssid, pmksa->bssid, ETH_ALEN);
> +               if (pmksa->pmkid) {
> +                       memcpy(pmk_op->pmk[0].pmkid, pmksa->pmkid, WLAN_PMKID_LEN);
> +                       pmk_op->pmk[0].pmkid_len = WLAN_PMKID_LEN;
> +               }
> +               if (pmksa->ssid && pmksa->ssid_len) {
> +                       memcpy(pmk_op->pmk[0].ssid.SSID, pmksa->ssid, pmksa->ssid_len);
> +                       pmk_op->pmk[0].ssid.SSID_len = pmksa->ssid_len;
> +               }
>                 pmk_op->pmk[0].time_left = cpu_to_le32(alive ? BRCMF_PMKSA_NO_EXPIRY : 0);
>         }
>
>
> ---
> base-commit: 0c3836482481200ead7b416ca80c68a29cfdaabd
> change-id: 20240803-brcmfmac_pmksa_del_ssid-3c35efe35330
>

This looks reasonable to me and works on my Macs.

Reviewed-by: Neal Gompa <neal@...pa.dev>



--
真実はいつも一つ!/ Always, there's only one truth!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ