Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3298464ybb; Tue, 31 Mar 2020 02:22:30 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvsQqyQz+RpW3Ui1HW693FULrVxke7ktDw05H4nXIsL5q8UwcoWv1MYsDtiqRCoIbb6nybM X-Received: by 2002:a9d:3a1:: with SMTP id f30mr11882057otf.215.1585646550708; Tue, 31 Mar 2020 02:22:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585646550; cv=none; d=google.com; s=arc-20160816; b=y0QUBAnzt8EH/mDrW4tlxw7fOzKtNiEmIeyhzRJciRs53uDty7AZxi7ZGEt/GQ5gmr F57O2xKP3w1fbQeVKnyjwTcYJeMX+gvuy1ZBuhSbk2Q/8ILDfTX1ofv1PXrfd5obT7Sn hFTAlr++rLVI5jJVg/aW/Inn+yJfd64wFj6goW3bw3+MC4btiYhqZ5LfEqtc9xSX2tNX 0eUDSPfchu2GIur0K9QC6jEbmUPMIuPxHUSgkhFHmd9JXi56emsWPnmyZDOJCLy55kUk 61lBZA53geYtpfqXZkc+vVzJzJFe940Q1pNe8Ee6ohAaEb5PHTaiDZLcqbYCe3x6r22O pWVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=TTp5vzT+4iCewqNHyxgIdqda7HTEEou5ZDWLm6/ZLKE=; b=ibrXZTiiNm1MB+7VGpqIyi/NnCYXzwAKvlykBZFeyuIGo7i1t93Fg9z5v8ttcdp1M7 oKfU1nRumuVpj6E8+hYfynKaKTUtE2gs3mX7VDyVM9Nrdmpc0TXwKM9aOzypq6SBulvu Lk0IOxzyNzz797xbSA9+LXbWeYcNXbsBs3/fH1EkPZ+TzQtEU7oE9HIUR+Ou+6eFCzWC mj/EP7qtAt43LenIp8GDKbzmecHhzxsNShoB2T3i5WMRuPHeLUjs91cWRms8iAH0nuDg Fg4km1anPjnxiEtwAwXBKEsjW5bIhSUiuASO9g5lwq6HpXd6LQEPr49wC/JVm8KT5fc3 IF0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=c3FjYtHt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b8si7386481oob.73.2020.03.31.02.22.18; Tue, 31 Mar 2020 02:22:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=c3FjYtHt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731485AbgCaJJh (ORCPT + 99 others); Tue, 31 Mar 2020 05:09:37 -0400 Received: from mail.kernel.org ([198.145.29.99]:52776 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731479AbgCaJJg (ORCPT ); Tue, 31 Mar 2020 05:09:36 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C87CF2072E; Tue, 31 Mar 2020 09:09:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1585645775; bh=mZN6uiwiuaobsbLUSA3uRQG07YXcU8jDnZ0rgAkJwlE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=c3FjYtHtBLPQ3HWZyiJQjILqT6ynE0BkNYk7V2YYBk2Tb3mcyCz2jFiPjNgAFazgW 2xvVJ9U/Gl2PXz+3ef+v2rtLS5+fWQG88ArObKcC/ElWQDgozdsaTxxYohIlnqNtdS O/U9nOBVQxZ6PEVKIHMvVcsqgvZOXfRvlvUL8jLw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Johannes Berg Subject: [PATCH 5.5 110/170] mac80211: mark station unauthorized before key removal Date: Tue, 31 Mar 2020 10:58:44 +0200 Message-Id: <20200331085435.872068772@linuxfoundation.org> X-Mailer: git-send-email 2.26.0 In-Reply-To: <20200331085423.990189598@linuxfoundation.org> References: <20200331085423.990189598@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Johannes Berg commit b16798f5b907733966fd1a558fca823b3c67e4a1 upstream. If a station is still marked as authorized, mark it as no longer so before removing its keys. This allows frames transmitted to it to be rejected, providing additional protection against leaking plain text data during the disconnection flow. Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200326155133.ccb4fb0bb356.If48f0f0504efdcf16b8921f48c6d3bb2cb763c99@changeid Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- net/mac80211/sta_info.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -4,7 +4,7 @@ * Copyright 2006-2007 Jiri Benc * Copyright 2013-2014 Intel Mobile Communications GmbH * Copyright (C) 2015 - 2017 Intel Deutschland GmbH - * Copyright (C) 2018-2019 Intel Corporation + * Copyright (C) 2018-2020 Intel Corporation */ #include @@ -1049,6 +1049,11 @@ static void __sta_info_destroy_part2(str might_sleep(); lockdep_assert_held(&local->sta_mtx); + while (sta->sta_state == IEEE80211_STA_AUTHORIZED) { + ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC); + WARN_ON_ONCE(ret); + } + /* now keys can no longer be reached */ ieee80211_free_sta_keys(local, sta);