Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp779149ybb; Wed, 1 Apr 2020 09:27:48 -0700 (PDT) X-Google-Smtp-Source: APiQypJIvND0sGjhu/QOMniG1itpBwnZooNEUCDwqcK2bZhq38E3ctfuMW6ZlI7gPbhn3yBjwvd8 X-Received: by 2002:aca:c506:: with SMTP id v6mr3564248oif.26.1585758466076; Wed, 01 Apr 2020 09:27:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585758466; cv=none; d=google.com; s=arc-20160816; b=r4p2r4t0A1n3xWFyHGuLREaNDub+Qo08ZH+YfvVuZZpSWGFcI7Lc0xr0F6YNHrn+ye wQZEryeftA+FhNF64uK8KTldwTSHGOg7I9IR4pFC6j5ZSd6UVy9aVRn6EExmGEhl0p8t aHYrw/LApUZI2EvZ9s6wxee3yxTRv0XcZCxowF+1IQHQmjoqeweQlfFqftam/94vjHLS 5Wp87GStePzjH5r3QHJyE4YZoDpXZDPE2IvlVJnqSFCNzo+LIU/nTDuSF5Ysw/StBSch BDyqVAXA+4cc4h0GYszix7XgBUTAKGKXA97nQ5gqPQ58OOstOcD6D5TRU3MWqedLGVzv zAJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=M0hK0DiWbMbZjhREhyTJ/Dq5JWrICvBtmGuglQGcbP4=; b=dOyarsiy+7s5BOoSFgYKiOp8Vn7BUeLpSvtiO22Xc6kXZkjMkoGOCpQ0ZQlK/RQh6W HXk9SHCb0tocUsLKdRjRkk2wzURWGFAhJ3qkppJvCD6Aw5oDZbkaDn5DBNswmUGjjx3t GxUNNu/BPQODO9mzmDj9DSdVt3rikmnNRDi7o0F7Rwjmklo65AYijR0LNIrzjlFfUQYB xNLZVq7H1yMYlRlh0l9zs+OvF4sbNQKDf9A+pJmcQ0jHLJWnQTN+QwCLYoK9IGI5Bo2a hTu3AuEFF3UoT0z4cYD666VSYOkIUjFypeu1LOw05oYD+qps+4MKRKVKMUZ0ujq2Necf BVPA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=VxO+6SKP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k7si1043984otp.258.2020.04.01.09.27.33; Wed, 01 Apr 2020 09:27:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=VxO+6SKP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387849AbgDAQZl (ORCPT + 99 others); Wed, 1 Apr 2020 12:25:41 -0400 Received: from mail.kernel.org ([198.145.29.99]:49964 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732376AbgDAQZi (ORCPT ); Wed, 1 Apr 2020 12:25:38 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3F7F021582; Wed, 1 Apr 2020 16:25:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1585758337; bh=py3PbJO+718EbgHi2IRhSbWGNdFxCBeIfNnFi27bS/w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VxO+6SKPS/cyE6bg5of1EQs4K2MYIJJ8JTUaE0MfEMW7wzxFosqj8M8DCFmn1I24u fZ1AFIU7cSX//tO+7vSkFHUmayE1m8v8nkuGtk/5+rZF6v4tSQP3as2+0fX03QkKzO x7Zca2GEwoimR6YhjdBnmcw3xfOxINJV2mVDOfqQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Johannes Berg Subject: [PATCH 4.19 059/116] mac80211: mark station unauthorized before key removal Date: Wed, 1 Apr 2020 18:17:15 +0200 Message-Id: <20200401161550.178503185@linuxfoundation.org> X-Mailer: git-send-email 2.26.0 In-Reply-To: <20200401161542.669484650@linuxfoundation.org> References: <20200401161542.669484650@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Johannes Berg commit b16798f5b907733966fd1a558fca823b3c67e4a1 upstream. If a station is still marked as authorized, mark it as no longer so before removing its keys. This allows frames transmitted to it to be rejected, providing additional protection against leaking plain text data during the disconnection flow. Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200326155133.ccb4fb0bb356.If48f0f0504efdcf16b8921f48c6d3bb2cb763c99@changeid Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- net/mac80211/sta_info.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -3,7 +3,7 @@ * Copyright 2006-2007 Jiri Benc * Copyright 2013-2014 Intel Mobile Communications GmbH * Copyright (C) 2015 - 2017 Intel Deutschland GmbH - * Copyright (C) 2018 Intel Corporation + * Copyright (C) 2018-2020 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -979,6 +979,11 @@ static void __sta_info_destroy_part2(str might_sleep(); lockdep_assert_held(&local->sta_mtx); + while (sta->sta_state == IEEE80211_STA_AUTHORIZED) { + ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC); + WARN_ON_ONCE(ret); + } + /* now keys can no longer be reached */ ieee80211_free_sta_keys(local, sta);