diff options
| author | anthraxx | 2020-11-05 23:41:23 +0100 |
|---|---|---|
| committer | anthraxx | 2020-11-05 23:41:23 +0100 |
| commit | c9822e6ff00e7933f9be037fb5a0b31ef9ee7c0a (patch) | |
| tree | 6b7c67ee3066b24a8a17b56e146e4a0f25b0b58c /mac80211-fix-regression-where-EAPOL-frames-were-sent-in-plaintext.patch | |
| parent | 4e39b4df483933157618bd051071f7bc9f858aef (diff) | |
| download | aur-c9822e6ff00e7933f9be037fb5a0b31ef9ee7c0a.tar.gz | |
mac80211: fix regression where EAPOL frames were sent in plaintext
Diffstat (limited to 'mac80211-fix-regression-where-EAPOL-frames-were-sent-in-plaintext.patch')
| -rw-r--r-- | mac80211-fix-regression-where-EAPOL-frames-were-sent-in-plaintext.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/mac80211-fix-regression-where-EAPOL-frames-were-sent-in-plaintext.patch b/mac80211-fix-regression-where-EAPOL-frames-were-sent-in-plaintext.patch new file mode 100644 index 000000000000..199ee80dc0f9 --- /dev/null +++ b/mac80211-fix-regression-where-EAPOL-frames-were-sent-in-plaintext.patch @@ -0,0 +1,48 @@ +From d30a6f983b360a08f962f5b3199b733df2e02418 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be> +Date: Sat, 17 Oct 2020 23:08:18 +0400 +Subject: mac80211: fix regression where EAPOL frames were sent in plaintext + +When sending EAPOL frames via NL80211 they are treated as injected +frames in mac80211. Due to commit 1df2bdba528b ("mac80211: never drop +injected frames even if normally not allowed") these injected frames +were not assigned a sta context in the function ieee80211_tx_dequeue, +causing certain wireless network cards to always send EAPOL frames in +plaintext. This may cause compatibility issues with some clients or +APs, which for instance can cause the group key handshake to fail and +in turn would cause the station to get disconnected. + +This commit fixes this regression by assigning a sta context in +ieee80211_tx_dequeue to injected frames as well. + +Note that sending EAPOL frames in plaintext is not a security issue +since they contain their own encryption and authentication protection. + +Fixes: 1df2bdba528b ("mac80211: never drop injected frames even if normally not allowed") +--- + net/mac80211/tx.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c +index 282b0bc201ee..aa486e202a57 100644 +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -3613,13 +3613,14 @@ begin: + tx.skb = skb; + tx.sdata = vif_to_sdata(info->control.vif); + +- if (txq->sta && !(info->flags & IEEE80211_TX_CTL_INJECTED)) { ++ if (txq->sta) { + tx.sta = container_of(txq->sta, struct sta_info, sta); + /* + * Drop unicast frames to unauthorised stations unless they are +- * EAPOL frames from the local station. ++ * injected frames or EAPOL frames from the local station. + */ +- if (unlikely(ieee80211_is_data(hdr->frame_control) && ++ if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) && ++ ieee80211_is_data(hdr->frame_control) && + !ieee80211_vif_is_mesh(&tx.sdata->vif) && + tx.sdata->vif.type != NL80211_IFTYPE_OCB && + !is_multicast_ether_addr(hdr->addr1) && +-- |