thor/esphome-dev
1
0
Fork 0
mirror of https://github.com/Threnklyn/esphome-dev.git synced 2026-06-01 10:38:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Mitigate CVE-2020-12638 WiFi WPA Downgrade (#1207)

Browse Source 
Co-authored-by: Lukas Bachschwell <lukas@lbsfilm.at>
This commit is contained in:
Otto Winter
2020-07-27 18:22:38 +02:00
committed by GitHub
parent 8aa73bba10
commit 389889ad70
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
esphome/components/wifi/wifi_component_esp32.cpp
+12
View File
@@ -391,6 +391,18 @@ void WiFiComponent::wifi_event_callback_(system_event_id_t event, system_event_i
auto it = info.auth_change;
ESP_LOGV(TAG, "Event: Authmode Change old=%s new=%s", get_auth_mode_str(it.old_mode),
get_auth_mode_str(it.new_mode));
// Mitigate CVE-2020-12638
// https://lbsfilm.at/blog/wpa2-authenticationmode-downgrade-in-espressif-microprocessors
if (it.old_mode != WIFI_AUTH_OPEN && it.new_mode == WIFI_AUTH_OPEN) {
ESP_LOGW(TAG, "Potential Authmode downgrade detected, disconnecting...");
// we can't call retry_connect() from this context, so disconnect immediately
// and notify main thread with error_from_callback_
err_t err = esp_wifi_disconnect();
if (err != ESP_OK) {
ESP_LOGW(TAG, "Disconnect failed: %s", esp_err_to_name(err));
}
this->error_from_callback_ = true;
}
break;
}
case SYSTEM_EVENT_STA_GOT_IP: {