LinuxLists.cc - [PATCH 1/9] wifi: mac80211: drop unprotected robust mgmt before 4-way-HS

2023-06-19 13:41:02

Subject: [PATCH 1/9] wifi: mac80211: drop unprotected robust mgmt before 4-way-HS

From: Alon Giladi <[email protected]>

When MFP is used, drop unprotected robust management frames also
before the 4-way handshake has been completed, i.e. no key has
been installed yet.

Signed-off-by: Alon Giladi <[email protected]>
Signed-off-by: Gregory Greenman <[email protected]>
---
net/mac80211/rx.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 6ebec32b4ebc..a2109d61487f 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2418,8 +2418,7 @@ static int ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)

if (rx->sta && test_sta_flag(rx->sta, WLAN_STA_MFP)) {
if (unlikely(!ieee80211_has_protected(fc) &&
- ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
- rx->key)) {
+ ieee80211_is_unicast_robust_mgmt_frame(rx->skb))) {
if (ieee80211_is_deauth(fc) ||
ieee80211_is_disassoc(fc))
cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
--
2.38.1

2023-06-19 15:42:03

by Greenman, Gregory

[permalink] [raw]

Subject: [PATCH v2 1/9] wifi: mac80211: drop unprotected robust mgmt before 4-way-HS

From: Alon Giladi <[email protected]>

When MFP is used, drop unprotected robust management frames also
before the 4-way handshake has been completed, i.e. no key has
been installed yet.

Signed-off-by: Alon Giladi <[email protected]>
Signed-off-by: Gregory Greenman <[email protected]>
---
net/mac80211/rx.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 6ebec32b4ebc..1d2e7a6dd2a1 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2418,13 +2418,20 @@ static int ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)

if (rx->sta && test_sta_flag(rx->sta, WLAN_STA_MFP)) {
if (unlikely(!ieee80211_has_protected(fc) &&
- ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
- rx->key)) {
+ ieee80211_is_unicast_robust_mgmt_frame(rx->skb))) {
if (ieee80211_is_deauth(fc) ||
- ieee80211_is_disassoc(fc))
+ ieee80211_is_disassoc(fc)) {
+ /*
+ * Permit unprotected deauth/disassoc frames
+ * during 4-way-HS (key is installed after HS).
+ */
+ if (!rx->key)
+ return 0;
+
cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
rx->skb->data,
rx->skb->len);
+ }
return -EACCES;
}
/* BIP does not use Protected field, so need to check MMIE */
--
2.38.1