Fix validation of EAPOL-Key length with AES key wrap

(upstream git commit b7c61c9d4e968e7254112631a9f6a1a1f8ef6f7f)

pkg/README: avoid confusion, we were talking about so many interfaces...

security/wpa_supplicant/Makefile

@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.19 2014/09/02 13:04:34 dcoppa Exp $
+# $OpenBSD: Makefile,v 1.20 2014/09/05 13:18:41 dcoppa Exp $
 
 COMMENT=	IEEE 802.1X supplicant
 
 DISTNAME=	wpa_supplicant-2.2
+REVISION=	0
 CATEGORIES=	security net
 
 HOMEPAGE=	http://hostap.epitest.fi/wpa_supplicant/

security/wpa_supplicant/patches/patch-src_rsn_supp_wpa_c

@@ -0,0 +1,29 @@
+$OpenBSD: patch-src_rsn_supp_wpa_c,v 1.1 2014/09/05 13:18:41 dcoppa Exp $
+
+commit b7c61c9d4e968e7254112631a9f6a1a1f8ef6f7f
+Author: Jouni Malinen <j@w1.fi>
+Date:   Sat Jun 14 00:20:04 2014 +0300
+
+Fix validation of EAPOL-Key length with AES key wrap
+
+The additional eight octet field was removed from keydatalen without
+proper validation of the Key Data Length field. It would have been
+possible for an invalid EAPOL-Key frame to be processed in a way that
+ends up reading beyond the buffer. In theory, this could have also
+resulted in writing beyond the EAPOL-Key frame buffer, but that is
+unlikely to be feasible due to the AES key wrap validation step on
+arbitrary memory contents.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+--- src/rsn_supp/wpa.c.orig	Wed Jun  4 15:26:14 2014
++++ src/rsn_supp/wpa.c	Fri Sep  5 14:33:27 2014
+@@ -1501,7 +1501,7 @@ static int wpa_supplicant_decrypt_key_data(struct wpa_
+ 		   ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
+ 		   sm->key_mgmt == WPA_KEY_MGMT_OSEN) {
+ 		u8 *buf;
+-		if (keydatalen % 8) {
++		if (keydatalen < 8 || keydatalen % 8) {
+ 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ 				"WPA: Unsupported AES-WRAP len %d",
+ 				keydatalen);

security/wpa_supplicant/pkg/README

@@ -1,4 +1,4 @@
-$OpenBSD: README,v 1.3 2014/07/22 10:55:41 ajacoutot Exp $
+$OpenBSD: README,v 1.4 2014/09/05 13:18:41 dcoppa Exp $
 
 +-----------------------------------------------------------------------
 | Running ${FULLPKGNAME} on OpenBSD
@@ -10,7 +10,7 @@ Configure your interface in the normal way using ifconfig(8) commands
 or via /etc/hostname.<iface>. You must explicitly set 802.1x mode; it is
 also recommended that the BSSID is configured explicitly, e.g.:
 
-# ifconfig rsu0 nwid humppa bssid 11:22:33:44:55:66 wpa wpaakms 802.1x up
+# ifconfig athn0 nwid humppa bssid 11:22:33:44:55:66 wpa wpaakms 802.1x up
 
 Access-point scanning is not currently supported by the OpenBSD code in
 wpa_supplicant, so ap_scan=0 should be set in ${SYSCONFDIR}/wpa_supplicant.conf.