2010-03-30 06:36:23

by Jouni Malinen

[permalink] [raw]
Subject: [PATCH] mac80211: Fix dropping of unprotected robust multicast frames

When selecting the RX key for group-addressed robust management
frames, we do not actually select any BIP key if the frame is
unprotected (since we cannot find the key index from MMIE). This
results in the drop_unencrypted check in failing to drop the frame. It
is enough to verify that we have a STA entry for the transmitter and
that MFP is enabled for that STA; we do not need to check rx->key
here. This fixes BIP processing for unprotected, group-addressed,
robust management frames.

Signed-off-by: Jouni Malinen <[email protected]>

---
net/mac80211/rx.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

--- wireless-testing.orig/net/mac80211/rx.c 2010-03-29 23:32:20.000000000 -0700
+++ wireless-testing/net/mac80211/rx.c 2010-03-29 23:35:35.000000000 -0700
@@ -1413,8 +1413,7 @@ ieee80211_drop_unencrypted_mgmt(struct i
return -EACCES;
/* BIP does not use Protected field, so need to check MMIE */
if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) &&
- ieee80211_get_mmie_keyidx(rx->skb) < 0 &&
- rx->key))
+ ieee80211_get_mmie_keyidx(rx->skb) < 0))
return -EACCES;
/*
* When using MFP, Action frames are not allowed prior to

--
Jouni Malinen PGP id EFC895FA