FS#69174 - kernel NULL pointer dereference while verifying WPA-EAP certificate in iwd
Attached to Project:
Arch Linux
Opened by Marcel Krüger (zauguin) - Friday, 01 January 2021, 17:28 GMT
Last edited by Jan Alexander Steffens (heftig) - Saturday, 23 January 2021, 23:50 GMT
Opened by Marcel Krüger (zauguin) - Friday, 01 January 2021, 17:28 GMT
Last edited by Jan Alexander Steffens (heftig) - Saturday, 23 January 2021, 23:50 GMT
|
Details
Description:
Since the update to kernel 5.10.3-arch1-1 today, I can no longer connect to my EAP-TTLS based wifi. After algorithm negotiation, I get a kernel NULL pointer dereference in public_key_verify_signature. The certificate on the RADIUS server (https://crt.sh/?id=3713872784) uses a RSA 2048 bit public key. This leads to iwd being killed. Additional info: * package version(s) - linux 5.10.3.arch1-1 <- The issue appeared after this updating the kernel from previous version 5.9.14.arch1-1 - iwd 1.10- * config and/or log files etc. - iwd config: ``` [Security] EAP-Method=TTLS EAP-Identity=anonymous EAP-TTLS-Phase2-Method=Tunneled-PAP EAP-TTLS-CACert=/etc/ssl/certs/DST_Root_CA_X3.pem EAP-TTLS-ServerDomainMask=math.hamburg EAP-TTLS-Phase2-Identity=..... EAP-TTLS-Phase2-Password=..... ``` - `journalctl -u iwd` and `dmesg` attached * link to upstream bug report, if any not created yet. Steps to reproduce: Try to connect with a WPA Enterprise network with iwd. |
This task depends upon
Closed by Jan Alexander Steffens (heftig)
Saturday, 23 January 2021, 23:50 GMT
Reason for closing: Fixed
Additional comments about closing: linux 5.10.10
Saturday, 23 January 2021, 23:50 GMT
Reason for closing: Fixed
Additional comments about closing: linux 5.10.10
[1] https://lore.kernel.org/linux-crypto/67250277-7903-2005-b94b-193bce0a3388%40markus-regensburg.de/
Edit:
If you apply test.patch that adds WARN_ON(!sig->pkey_algo); does the WARN_ON trigger?
FS#69184Looking at the above linked thread on the linux-crypto mailing list, it seems that the remains unsolved as of yesterday.
config:
EAP-Method=PEAP
EAP-Identity=anonymous
EAP-CACert=/etc/ssl/certs/ca-certificates.crt
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=user@ua.pt
EAP-Phase2-Password=*****
[Settings]
AutoConnect=true
[1] https://lore.kernel.org/linux-crypto/20210107092855.76093-1-tianjia.zhang%40linux.alibaba.com
Edit: I am compiling it but I probably won't be able to test this patch before monday
The dmesg you include shows the warning is triggered on line 3.
[1] https://lore.kernel.org/linux-crypto/20210107092855.76093-1-tianjia.zhang%40linux.alibaba.com/raw
I have already seen the 5.10.8-arch1 branch appearing when I was making the package . I hope the patch is included...
[1] https://git.archlinux.org/linux.git/log/crypto/asymmetric_keys/public_key.c?h=v5.10.8-arch1
Ps: how do you add links correctly to these bug reports?
Edit: [1] actually it was solved in version 5.10.10 of the linux kernel
[]1 https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/queue-5.10/x.509-fix-crash-caused-by-null-pointer.patch?id=ca5a79ca64634f36e2fc77d589767a1fc9a75f6f
I will request closure.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/?h=v5.10.10