Sometimes when reporting a MIC failure rx->key may be unset. This
code path is hit when receiving a packet meant for a multicast
address, and decryption is performed in HW.
Fortunately, the failing key_idx is not used for anything up to
(and including) usermode, so we allow ourselves to set a bogus one
when a key cannot be retrieved.
Signed-off-by: Arik Nemtsov <[email protected]>
---
net/mac80211/wpa.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index 9dc3b5f..c6dafc1 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -154,7 +154,8 @@ update_iv:
return RX_CONTINUE;
mic_fail:
- mac80211_ev_michael_mic_failure(rx->sdata, rx->key->conf.keyidx,
+ mac80211_ev_michael_mic_failure(rx->sdata,
+ rx->key ? rx->key->conf.keyidx : -1,
(void *) skb->data, NULL, GFP_ATOMIC);
return RX_DROP_UNUSABLE;
}
--
1.7.4.1
Arik Nemtsov <[email protected]> writes:
> Sometimes when reporting a MIC failure rx->key may be unset. This
> code path is hit when receiving a packet meant for a multicast
> address, and decryption is performed in HW.
>
> Fortunately, the failing key_idx is not used for anything up to
> (and including) usermode, so we allow ourselves to set a bogus one
> when a key cannot be retrieved.
[...]
> - mac80211_ev_michael_mic_failure(rx->sdata, rx->key->conf.keyidx,
> + mac80211_ev_michael_mic_failure(rx->sdata,
> + rx->key ? rx->key->conf.keyidx : -1,
> (void *) skb->data, NULL, GFP_ATOMIC);
In special cases like this a comment in the code would be nice.
--
Kalle Valo
On Sun, Jun 19, 2011 at 11:04:12PM +0300, Kalle Valo wrote:
> Arik Nemtsov <[email protected]> writes:
>
> > Sometimes when reporting a MIC failure rx->key may be unset. This
> > code path is hit when receiving a packet meant for a multicast
> > address, and decryption is performed in HW.
> >
> > Fortunately, the failing key_idx is not used for anything up to
> > (and including) usermode, so we allow ourselves to set a bogus one
> > when a key cannot be retrieved.
>
> [...]
>
> > - mac80211_ev_michael_mic_failure(rx->sdata, rx->key->conf.keyidx,
> > + mac80211_ev_michael_mic_failure(rx->sdata,
> > + rx->key ? rx->key->conf.keyidx : -1,
> > (void *) skb->data, NULL, GFP_ATOMIC);
>
> In special cases like this a comment in the code would be nice.
Repost with a comment, as Kalle requested?
--
John W. Linville Someday the world will need a hero, and you
[email protected] might be all we have. Be ready.
> >
> > > - ? mac80211_ev_michael_mic_failure(rx->sdata, rx->key->conf.keyidx,
> > > + ? mac80211_ev_michael_mic_failure(rx->sdata,
> > > + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? rx->key ? rx->key->conf.keyidx : -1,
> > > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? (void *) skb->data, NULL, GFP_ATOMIC);
> >
> > In special cases like this a comment in the code would be nice.
>
> Repost with a comment, as Kalle requested?
>
Sure thing.
Arik