2 files changed, 4 insertions, 90 deletions
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
deleted file mode 100644
index 2fc78968a7..0000000000
--- a/meta-oe/recipes-connectivity/hostapd/hostapd/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From ecbb0b3dc122b0d290987cf9c84010bbe53e1022 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Fri, 4 Mar 2016 17:20:18 +0200
-Subject: [PATCH 1/1] WPS: Reject a Credential with invalid passphrase
-WPA/WPA2-Personal passphrase is not allowed to include control
-characters. Reject a Credential received from a WPS Registrar both as
-STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
-WPA2PSK authentication type and includes an invalid passphrase.
-This fixes an issue where hostapd or wpa_supplicant could have updated
-the configuration file PSK/passphrase parameter with arbitrary data from
-an external device (Registrar) that may not be fully trusted. Should
-such data include a newline character, the resulting configuration file
-could become invalid and fail to be parsed.
-Upstream-Status: Backport
-CVE: CVE-2016-4476
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
---
- src/utils/common.c         | 12 ++++++++++++
- src/utils/common.h         |  1 +
- src/wps/wps_attr_process.c | 10 ++++++++++
- 3 files changed, 23 insertions(+)
-diff --git a/src/utils/common.c b/src/utils/common.c
-index 450e2c6..27b7c02 100644
--- a/src/utils/common.c
-+++ b/src/utils/common.c
-@@ -697,6 +697,18 @@ int is_hex(const u8 *data, size_t len)
- }
- 
- 
-+int has_ctrl_char(const u8 *data, size_t len)
-+{
-+       size_t i;
-+
-+       for (i = 0; i < len; i++) {
-+               if (data[i] < 32 || data[i] == 127)
-+                       return 1;
-+       }
-+       return 0;
-+}
-+
-+
- size_t merge_byte_arrays(u8 *res, size_t res_len,
-                         const u8 *src1, size_t src1_len,
-                         const u8 *src2, size_t src2_len)
-diff --git a/src/utils/common.h b/src/utils/common.h
-index 701dbb2..a972240 100644
--- a/src/utils/common.h
-+++ b/src/utils/common.h
-@@ -488,6 +488,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
- 
- char * wpa_config_parse_string(const char *value, size_t *len);
- int is_hex(const u8 *data, size_t len);
-+int has_ctrl_char(const u8 *data, size_t len);
- size_t merge_byte_arrays(u8 *res, size_t res_len,
-                         const u8 *src1, size_t src1_len,
-                         const u8 *src2, size_t src2_len);
-diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
-index eadb22f..e8c4579 100644
--- a/src/wps/wps_attr_process.c
-+++ b/src/wps/wps_attr_process.c
-@@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struct wps_credential *cred)
-                cred->key_len--;
- #endif /* CONFIG_WPS_STRICT */
-        }
-+
-+
-+       if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
-+           (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) {
-+               wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase");
-+               wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
-+                                     cred->key, cred->key_len);
-+               return -1;
-+       }
-+
-        return 0;
- }
- 
--
-1.9.1
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd_2.5.bb b/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb
index ab01235ec9..3b74f482a3 100644
--- a/meta-oe/recipes-connectivity/hostapd/hostapd_2.5.bb
+++ b/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb
@@ -1,7 +1,7 @@
 HOMEPAGE = "http://w1.fi/hostapd/"
 SECTION = "kernel/userland"
 LICENSE = "GPLv2 | BSD"
-LIC_FILES_CHKSUM = "file://${B}/README;md5=4d53178f44d4b38418a4fa8de365e11c"
+LIC_FILES_CHKSUM = "file://${B}/README;md5=8aa4e8c78b59b12016c4cb2d0a8db350"
 DEPENDS = "libnl openssl"
 SUMMARY = "User space daemon for extended IEEE 802.11 management"
@@ -16,7 +16,6 @@ SRC_URI = " \
    file://defconfig \
    file://init \
    file://hostapd.service \
-    file://0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch \
 "
 S = "${WORKDIR}/hostapd-${PV}"
@@ -43,5 +42,6 @@ do_install() {
 CONFFILES_${PN} += "${sysconfdir}/hostapd.conf"
-SRC_URI[md5sum] = "69f9cec3f76d74f402864a43e4f8624f"
+SRC_URI[md5sum] = "eaa56dce9bd8f1d195eb62596eab34c7"
-SRC_URI[sha256sum] = "8e272d954dc0d7026c264b79b15389ec2b2c555b32970de39f506b9f463ec74a"
+SRC_URI[sha256sum] = "01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d"

diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch deleted file mode 100644 index 2fc78968a7..0000000000 --- a/meta-oe/recipes-connectivity/hostapd/hostapd/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch +++ /dev/null
@@ -1,86 +0,0 @@
1	From ecbb0b3dc122b0d290987cf9c84010bbe53e1022 Mon Sep 17 00:00:00 2001
2	From: Jouni Malinen <jouni@qca.qualcomm.com>
3	Date: Fri, 4 Mar 2016 17:20:18 +0200
4	Subject: [PATCH 1/1] WPS: Reject a Credential with invalid passphrase
5
6	WPA/WPA2-Personal passphrase is not allowed to include control
7	characters. Reject a Credential received from a WPS Registrar both as
8	STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
9	WPA2PSK authentication type and includes an invalid passphrase.
10
11	This fixes an issue where hostapd or wpa_supplicant could have updated
12	the configuration file PSK/passphrase parameter with arbitrary data from
13	an external device (Registrar) that may not be fully trusted. Should
14	such data include a newline character, the resulting configuration file
15	could become invalid and fail to be parsed.
16
17	Upstream-Status: Backport
18
19	CVE: CVE-2016-4476
20
21	Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
22	Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
23	---
24	src/utils/common.c \| 12 ++++++++++++
25	src/utils/common.h \| 1 +
26	src/wps/wps_attr_process.c \| 10 ++++++++++
27	3 files changed, 23 insertions(+)
28
29	diff --git a/src/utils/common.c b/src/utils/common.c
30	index 450e2c6..27b7c02 100644
31	--- a/src/utils/common.c
32	+++ b/src/utils/common.c
33	@@ -697,6 +697,18 @@ int is_hex(const u8 *data, size_t len)
34	}
35
36
37	+int has_ctrl_char(const u8 *data, size_t len)
38	+{
39	+ size_t i;
40	+
41	+ for (i = 0; i < len; i++) {
42	+ if (data[i] < 32 \|\| data[i] == 127)
43	+ return 1;
44	+ }
45	+ return 0;
46	+}
47	+
48	+
49	size_t merge_byte_arrays(u8 *res, size_t res_len,
50	const u8 *src1, size_t src1_len,
51	const u8 *src2, size_t src2_len)
52	diff --git a/src/utils/common.h b/src/utils/common.h
53	index 701dbb2..a972240 100644
54	--- a/src/utils/common.h
55	+++ b/src/utils/common.h
56	@@ -488,6 +488,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
57
58	char * wpa_config_parse_string(const char value, size_t len);
59	int is_hex(const u8 *data, size_t len);
60	+int has_ctrl_char(const u8 *data, size_t len);
61	size_t merge_byte_arrays(u8 *res, size_t res_len,
62	const u8 *src1, size_t src1_len,
63	const u8 *src2, size_t src2_len);
64	diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
65	index eadb22f..e8c4579 100644
66	--- a/src/wps/wps_attr_process.c
67	+++ b/src/wps/wps_attr_process.c
68	@@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struct wps_credential *cred)
69	cred->key_len--;
70	#endif /* CONFIG_WPS_STRICT */
71	}
72	+
73	+
74	+ if (cred->auth_type & (WPS_AUTH_WPAPSK \| WPS_AUTH_WPA2PSK) &&
75	+ (cred->key_len < 8 \|\| has_ctrl_char(cred->key, cred->key_len))) {
76	+ wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase");
77	+ wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
78	+ cred->key, cred->key_len);
79	+ return -1;
80	+ }
81	+
82	return 0;
83	}
84
85	--
86	1.9.1


diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd_2.5.bb b/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb index ab01235ec9..3b74f482a3 100644 --- a/meta-oe/recipes-connectivity/hostapd/hostapd_2.5.bb +++ b/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb
@@ -1,7 +1,7 @@
1	HOMEPAGE = "http://w1.fi/hostapd/"	1	HOMEPAGE = "http://w1.fi/hostapd/"
2	SECTION = "kernel/userland"	2	SECTION = "kernel/userland"
3	LICENSE = "GPLv2 \| BSD"	3	LICENSE = "GPLv2 \| BSD"
4	LIC_FILES_CHKSUM = "file://${B}/README;md5=4d53178f44d4b38418a4fa8de365e11c"	4	LIC_FILES_CHKSUM = "file://${B}/README;md5=8aa4e8c78b59b12016c4cb2d0a8db350"
5	DEPENDS = "libnl openssl"	5	DEPENDS = "libnl openssl"
6	SUMMARY = "User space daemon for extended IEEE 802.11 management"	6	SUMMARY = "User space daemon for extended IEEE 802.11 management"
7		7
@@ -16,7 +16,6 @@ SRC_URI = " \
16	file://defconfig \	16	file://defconfig \
17	file://init \	17	file://init \
18	file://hostapd.service \	18	file://hostapd.service \
19	file://0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch \
20	"	19	"
21		20
22	S = "${WORKDIR}/hostapd-${PV}"	21	S = "${WORKDIR}/hostapd-${PV}"
@@ -43,5 +42,6 @@ do_install() {
43		42
44	CONFFILES_${PN} += "${sysconfdir}/hostapd.conf"	43	CONFFILES_${PN} += "${sysconfdir}/hostapd.conf"
45		44
46	SRC_URI[md5sum] = "69f9cec3f76d74f402864a43e4f8624f"	45	SRC_URI[md5sum] = "eaa56dce9bd8f1d195eb62596eab34c7"
47	SRC_URI[sha256sum] = "8e272d954dc0d7026c264b79b15389ec2b2c555b32970de39f506b9f463ec74a"	46	SRC_URI[sha256sum] = "01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d"
		47