Commit 7339e0f2 authored by Alon Giladi's avatar Alon Giladi Committed by Johannes Berg
Browse files

wifi: mac80211: drop unprotected robust mgmt before 4-way-HS 



When MFP is used, drop unprotected robust management frames also
before the 4-way handshake has been completed, i.e. no key has
been installed yet.

Signed-off-by: default avatarAlon Giladi <alon.giladi@intel.com>
Signed-off-by: default avatarGregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230619183718.cfbefddccd0c.Ife369dbb61c87e311ce15739d5b2b4763bfdfbae@changeid


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 8d0c7e19

net/mac80211/rx.c

+10 −3
Original line number Diff line number Diff line
@@ -2418,13 +2418,20 @@ static int ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx) 


	if (rx->sta && test_sta_flag(rx->sta, WLAN_STA_MFP)) {

		if (unlikely(!ieee80211_has_protected(fc) &&

			     ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&

			     rx->key)) {

			     ieee80211_is_unicast_robust_mgmt_frame(rx->skb))) {

			if (ieee80211_is_deauth(fc) ||

			    ieee80211_is_disassoc(fc))

			    ieee80211_is_disassoc(fc)) {

				/*

				 * Permit unprotected deauth/disassoc frames

				 * during 4-way-HS (key is installed after HS).

				 */

				if (!rx->key)

					return 0;



				cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,

							     rx->skb->data,

							     rx->skb->len);

			}

			return -EACCES;

		}

		/* BIP does not use Protected field, so need to check MMIE */