Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hostapd: apply patches for CVE-2020-12695 #89919

Merged
merged 2 commits into from Jun 12, 2020
Merged

hostapd: apply patches for CVE-2020-12695 #89919

merged 2 commits into from Jun 12, 2020

Conversation

mweinelt
Copy link
Member

@mweinelt mweinelt commented Jun 9, 2020

Motivation for this change

https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt

Fixes: CVE-2020-12695

Vulnerable versions/configurations

All hostapd versions with WPS AP support with UPnP enabled in the build
parameters (CONFIG_WPS_UPNP=y) and in the runtime configuration
(upnp_iface).

We don't enable CONFIG_WPS_UPNP and it's not enabled in hostapds defconfig, so an enduser would need to overwrite extraConfig to enable it for exposure first.

Possible mitigation steps

  • Disable WPS UPnP support in the hostapd runtime configuration by
    removing the upnp_iface parameter.

  • Merge the following commits to hostapd and rebuild:

    For CVE-2020-12695:
    WPS UPnP: Do not allow event subscriptions with URLs to other networks
    For the other issues:
    WPS UPnP: Fix event message generation using a long URL path
    WPS UPnP: Handle HTTP initiation failures for events more properly

    These patches are available from https://w1.fi/security/2020-1/

  • Update to hostapd v2.10 or newer, once available

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@Phreedom @ninjatrappeur

@mweinelt mweinelt mentioned this pull request Jun 9, 2020
Merged
10 tasks
@mweinelt mweinelt requested review from Phreedom and picnoir June 9, 2020 13:04
picnoir
picnoir approved these changes Jun 10, 2020
View reviewed changes
Copy link
Member

@picnoir picnoir left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@mweinelt
Copy link
Member Author

Added myself as maintainer as recommended by @NinjaTrappeur.

@ofborg ofborg bot requested a review from picnoir June 10, 2020 19:23
@flokli flokli merged commit 1901446 into NixOS:master Jun 12, 2020
@mweinelt mweinelt deleted the hostapd branch June 12, 2020 17:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Phreedom Phreedom Awaiting requested review from Phreedom

@picnoir picnoir Awaiting requested review from picnoir

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 0 10.rebuild-linux: 1-10 10.rebuild-linux: 1 11.by: package-maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mweinelt @picnoir @flokli